demande d'aide suite à contamination

pog · le 20 septembre 2008

demande d'aide

PC portable packard bell easynote, celeron M, windows XP sp2, système internet neuf box

antivirus F-sécure (fourni sur abonnement par neuf)

Bonjour,

J'utilise "opéra" en tant que navigateur courant, cependant, comme certains sites ne sont compatibles

qu'avec explorer, j'ai lancé celui-ci et "je suppose" que j'ai cliqué malencontreusement

sur un truc qui s'est attaqué à mon ordi.

Je "pense", mais pas certain, que c'est un truc du style microantivirus, car après ça,

une sorte de "bouclier" s'est affiché sur mon bureau.

Je crois que le problème date d'environ du 15 septembre.

Les symptomes sont variés, en voici quelques uns :

Alerte de sécurité concernant la mise à jour (automatique ou non) de windows, celle-ci ne peut

plus s'effectuer d'une quelconque manière... après bien des recherches, j'en ai été réduit à faire

tourner un programme qui s'appelle "dial a fix", mais rien de rien

J'ai voulu faire un rescan avec mon antivirus F-sécure.. oh surprise, il était devenu inopérant

j'ai donc dû le réinstaller, à son dernier run il a bien trouvé microantivirus (mavxxx) mais il

n'a pas réussi à le désinstaller.... alors j'ai démarré en mode sans échec et ai supprimé les

trois fichiers présents dans le dossier concerné, ce qui n'est pas suffisant, je m'en doute bien.

Impossibilité de navigation sur internet "parfois" avec par exemple impossibilité d'accéder

à la barre google, refus de recherche, refus d'afficher des sites..

Les sites qui étaient "en ligne" sont pourtant fonctionnels

Bien sûr "écran bleu" avec à la fin "vidage de la mémoire statique".

Pris de panique, j'ai crié "haro" sur les "anti-tout" (spyware...), j'ai passé :

dial a fix, regcleaner, CWShredder, spybot, smitfraudfix et le dernier hijackthis qui s'arrête en cours

lorsque je lui demande de détecter les problèmes.

En prime, j'ai perdu la fonctionalité de réglage du son directement par les touches de

l'ordinateur (mais ça, c'est peut être du à mes manips).

J'ai commandé un disque dur externe pour faire des sauvegardes (bien sûr, jamais faites avant),

mais le pc dont je dispose était pré-installé avec windows, il faudrait donc que je rachète un

win xp si je reformate le disque, que je réserve en dernière extrémité.

Si vous pouviez me donner un petit coup de pouce, ce serait super sympa, car je pense

avoir fait tout ce qu'il m'était possible de faire compte tenu de mes connaissances

(en fait, utiliser des programmes "presse-bouton")

Merci par avance.

Liste hijackthis et smitfraud suivent.

hijackthis :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:56:36, on 20/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe

C:\Program Files\Pack Securite\Common\FSMA32.EXE

C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE

c:\APPS\HIDSERVICE\HIDSERVICE.exe

C:\Program Files\Pack Securite\Common\FSMB32.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Pack Securite\Common\FCH32.EXE

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Pack Securite\Common\FAMEH32.EXE

C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Pack Securite\FSPC\fspc.exe

c:\APPS\Powercinema\Kernel\TV\CLSched.exe

C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe

C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe

C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe

C:\Program Files\Pack Securite\FSAUA\program\fsus.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Pack Securite\Common\FSM32.EXE

C:\Program Files\Neuf\Kit\WiFi\9wifi.exe

C:\Program Files\essai e-CB\ECB.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Pack Securite\FSGUI\fsguidll.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\e-cb nouv\ecbl-lbp.exe

C:\WINDOWS\system32\sistray.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Opera\opera.exe

C:\Documents and Settings\MICHEL\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://format.packardbell.com/cgi-bin/redi...;keyword=google

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"

O4 - HKLM\..\Run: [eCarteBleue-LP-P1] "C:\Program Files\essai e-CB\ECB.exe" /dontopenmycards

O4 - HKLM\..\Run: [289a0975] rundll32.exe "C:\WINDOWS\system32\chnqhhmv.dll",b

O4 - HKLM\..\Run: [bM2ba93ae9] Rundll32.exe "C:\WINDOWS\system32\pwooulpd.dll",s

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [wngwnfv] "c:\documents and settings\michel\local settings\application data\wngwnfv.exe" wngwnfv

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: e-Carte Bleue La Banque Postale.lnk = C:\Program Files\e-cb nouv\ecbl-lbp.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .fpx: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll

O12 - Plugin for .ivr: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7BB9ACB2-8F6C-4D32-BFF6-EB08D0C52E82}: NameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O20 - AppInit_DLLs: jiinae.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE

O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 9213 bytes

smitfraud

=== Verbose logging started: 09/01/2007 00:50:59 Build type: SHIP UNICODE 3.01.4000.2435 Calling process: C:\WINDOWS\system32\msiexec.exe ===

MSI © (14:D4) [00:50:59:937]: Resetting cached policy values

MSI © (14:D4) [00:50:59:937]: Machine policy value 'Debug' is 0

MSI © (14:D4) [00:50:59:937]: ******* RunEngine:

******* Product: c:\5c4d5aba6ff8501ed853afe816\msxml.msi

******* Action:

******* CommandLine: **********

MSI © (14:D4) [00:50:59:937]: Client-side and UI is none or basic: Running entire install on the server.

MSI © (14:D4) [00:50:59:937]: Grabbed execution mutex.

MSI © (14:D4) [00:51:00:000]: Cloaking enabled.

MSI © (14:D4) [00:51:00:000]: Attempting to enable all disabled priveleges before calling Install on Server

MSI © (14:D4) [00:51:00:015]: Incrementing counter to disable shutdown. Counter after increment: 0

MSI (s) (90:A0) [00:51:00:015]: Grabbed execution mutex.

MSI (s) (90:30) [00:51:00:015]: Resetting cached policy values

MSI (s) (90:30) [00:51:00:015]: Machine policy value 'Debug' is 0

MSI (s) (90:30) [00:51:00:015]: ******* RunEngine:

******* Product: c:\5c4d5aba6ff8501ed853afe816\msxml.msi

******* Action:

******* CommandLine: **********

MSI (s) (90:30) [00:51:00:031]: Machine policy value 'DisableUserInstalls' is 0

MSI (s) (90:30) [00:51:00:046]: File will have security applied from OpCode.

MSI (s) (90:30) [00:51:00:109]: SOFTWARE RESTRICTION POLICY: Verifying package --> 'c:\5c4d5aba6ff8501ed853afe816\msxml.msi' against software restriction policy

MSI (s) (90:30) [00:51:00:109]: SOFTWARE RESTRICTION POLICY: c:\5c4d5aba6ff8501ed853afe816\msxml.msi has a digital signature

MSI (s) (90:30) [00:51:00:406]: SOFTWARE RESTRICTION POLICY: c:\5c4d5aba6ff8501ed853afe816\msxml.msi is permitted to run at the 'unrestricted' authorization level.

MSI (s) (90:30) [00:51:00:406]: End dialog not enabled

MSI (s) (90:30) [00:51:00:406]: Original package ==> c:\5c4d5aba6ff8501ed853afe816\msxml.msi

MSI (s) (90:30) [00:51:00:406]: Package we're running from ==> c:\WINDOWS\Installer\13405d2.msi

MSI (s) (90:30) [00:51:00:453]: APPCOMPAT: looking for appcompat database entry with ProductCode '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'.

MSI (s) (90:30) [00:51:00:453]: APPCOMPAT: no matching ProductCode found in database.

MSI (s) (90:30) [00:51:00:453]: MSCOREE not loaded loading copy from system32

MSI (s) (90:30) [00:51:00:515]: Machine policy value 'TransformsSecure' is 0

MSI (s) (90:30) [00:51:00:515]: User policy value 'TransformsAtSource' is 0

MSI (s) (90:30) [00:51:00:515]: Machine policy value 'DisablePatch' is 0

MSI (s) (90:30) [00:51:00:515]: Machine policy value 'AllowLockdownPatch' is 0

MSI (s) (90:30) [00:51:00:515]: Machine policy value 'DisableLUAPatching' is 0

MSI (s) (90:30) [00:51:00:515]: Machine policy value 'DisableFlyWeightPatching' is 0

MSI (s) (90:30) [00:51:00:515]: APPCOMPAT: looking for appcompat database entry with ProductCode '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'.

MSI (s) (90:30) [00:51:00:515]: APPCOMPAT: no matching ProductCode found in database.

MSI (s) (90:30) [00:51:00:515]: Transforms are not secure.

MSI (s) (90:30) [00:51:00:515]: Command Line: REBOOT=ReallySuppress CURRENTDIRECTORY=c:\5c4d5aba6ff8501ed853afe816 CLIENTUILEVEL=3 CLIENTPROCESSID=1300

MSI (s) (90:30) [00:51:00:515]: PROPERTY CHANGE: Adding PackageCode property. Its value is '{2B27DCD9-53FA-4885-B6CD-698623819F4C}'.

MSI (s) (90:30) [00:51:00:515]: Product Code passed to Engine.Initialize: ''

MSI (s) (90:30) [00:51:00:515]: Product Code from property table before transforms: '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'

MSI (s) (90:30) [00:51:00:515]: Product Code from property table after transforms: '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'

MSI (s) (90:30) [00:51:00:515]: Product not registered: beginning first-time install

MSI (s) (90:30) [00:51:00:515]: PROPERTY CHANGE: Adding ProductState property. Its value is '-1'.

MSI (s) (90:30) [00:51:00:515]: Entering CMsiConfigurationManager::SetLastUsedSource.

MSI (s) (90:30) [00:51:00:515]: User policy value 'SearchOrder' is 'nmu'

MSI (s) (90:30) [00:51:00:515]: Adding new sources is allowed.

MSI (s) (90:30) [00:51:00:515]: PROPERTY CHANGE: Adding PackagecodeChanging property. Its value is '1'.

MSI (s) (90:30) [00:51:00:515]: Package name extracted from package path: 'msxml.msi'

MSI (s) (90:30) [00:51:00:515]: Package to be registered: 'msxml.msi'

MSI (s) (90:30) [00:51:00:515]: Note: 1: 2729

MSI (s) (90:30) [00:51:00:578]: Note: 1: 2729

MSI (s) (90:30) [00:51:00:578]: Note: 1: 2262 2: AdminProperties 3: -2147287038

MSI (s) (90:30) [00:51:00:578]: Machine policy value 'DisableMsi' is 0

MSI (s) (90:30) [00:51:00:578]: Machine policy value 'AlwaysInstallElevated' is 0

MSI (s) (90:30) [00:51:00:578]: User policy value 'AlwaysInstallElevated' is 0

MSI (s) (90:30) [00:51:00:578]: Product installation will be elevated because user is admin and product is being installed per-machine.

MSI (s) (90:30) [00:51:00:578]: Running product '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}' with elevated privileges: Product is assigned.

MSI (s) (90:30) [00:51:00:578]: PROPERTY CHANGE: Adding REBOOT property. Its value is 'ReallySuppress'.

MSI (s) (90:30) [00:51:00:578]: PROPERTY CHANGE: Adding CURRENTDIRECTORY property. Its value is 'c:\5c4d5aba6ff8501ed853afe816'.

MSI (s) (90:30) [00:51:00:578]: PROPERTY CHANGE: Adding CLIENTUILEVEL property. Its value is '3'.

MSI (s) (90:30) [00:51:00:578]: PROPERTY CHANGE: Adding CLIENTPROCESSID property. Its value is '1300'.

MSI (s) (90:30) [00:51:00:578]: TRANSFORMS property is now:

MSI (s) (90:30) [00:51:00:578]: PROPERTY CHANGE: Adding VersionDatabase property. Its value is '200'.

MSI (s) (90:30) [00:51:00:578]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Application Data

MSI (s) (90:30) [00:51:00:578]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Favoris

MSI (s) (90:30) [00:51:00:578]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Voisinage réseau

MSI (s) (90:30) [00:51:00:578]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Mes documents

MSI (s) (90:30) [00:51:00:578]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Voisinage d'impression

MSI (s) (90:30) [00:51:00:578]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Recent

MSI (s) (90:30) [00:51:00:593]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\SendTo

MSI (s) (90:30) [00:51:00:593]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Modèles

MSI (s) (90:30) [00:51:00:593]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Application Data

MSI (s) (90:30) [00:51:00:593]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

MSI (s) (90:30) [00:51:00:593]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Mes documents\Mes images

MSI (s) (90:30) [00:51:00:781]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Outils d'administration

MSI (s) (90:30) [00:51:00:781]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

MSI (s) (90:30) [00:51:00:781]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Menu Démarrer\Programmes

MSI (s) (90:30) [00:51:00:781]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Menu Démarrer

MSI (s) (90:30) [00:51:00:781]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Bureau

MSI (s) (90:30) [00:51:00:781]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Outils d'administration

MSI (s) (90:30) [00:51:00:781]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Démarrage

MSI (s) (90:30) [00:51:00:781]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes

MSI (s) (90:30) [00:51:00:781]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Menu Démarrer

MSI (s) (90:30) [00:51:00:796]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Bureau

MSI (s) (90:30) [00:51:00:796]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Modèles

MSI (s) (90:30) [00:51:00:796]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\Fonts

MSI (s) (90:30) [00:51:00:796]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans Serif 4: 0 5: 16

MSI (s) (90:30) [00:51:00:796]: PROPERTY CHANGE: Adding Privileged property. Its value is '1'.

MSI (s) (90:30) [00:51:00:796]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2

MSI (s) (90:30) [00:51:00:796]: PROPERTY CHANGE: Adding USERNAME property. Its value is 'MARIE-ALICE'.

MSI (s) (90:30) [00:51:00:796]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2

MSI (s) (90:30) [00:51:00:796]: PROPERTY CHANGE: Adding DATABASE property. Its value is 'c:\WINDOWS\Installer\13405d2.msi'.

MSI (s) (90:30) [00:51:00:796]: PROPERTY CHANGE: Adding OriginalDatabase property. Its value is 'c:\5c4d5aba6ff8501ed853afe816\msxml.msi'.

MSI (s) (90:30) [00:51:00:796]: Note: 1: 2205 2: 3: PatchPackage

MSI (s) (90:30) [00:51:00:796]: Machine policy value 'DisableRollback' is 0

MSI (s) (90:30) [00:51:00:796]: User policy value 'DisableRollback' is 0

MSI (s) (90:30) [00:51:00:796]: PROPERTY CHANGE: Adding UILevel property. Its value is '2'.

=== Logging started: 09/01/2007 00:51:00 ===

MSI (s) (90:30) [00:51:00:796]: PROPERTY CHANGE: Adding ACTION property. Its value is 'INSTALL'.

MSI (s) (90:30) [00:51:00:796]: Doing action: INSTALL

MSI (s) (90:30) [00:51:00:796]: Running ExecuteSequence

MSI (s) (90:30) [00:51:00:796]: Doing action: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901

Action start 00:51:00: INSTALL.

MSI (s) (90:30) [00:51:00:796]: PROPERTY CHANGE: Adding DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'C:\Documents and Settings\All Users\Bureau\'.

Action start 00:51:00: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901.

MSI (s) (90:30) [00:51:00:796]: Doing action: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901

Action ended 00:51:00: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901. Return value 1.

MSI (s) (90:30) [00:51:00:796]: PROPERTY CHANGE: Adding ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'C:\Documents and Settings\All Users\Menu Démarrer\Programmes\'.

Action start 00:51:00: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901.

MSI (s) (90:30) [00:51:00:796]: Doing action: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537

Action ended 00:51:00: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901. Return value 1.

MSI (s) (90:30) [00:51:00:796]: PROPERTY CHANGE: Adding WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\'.

Action start 00:51:00: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537.

MSI (s) (90:30) [00:51:00:796]: Doing action: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537

Action ended 00:51:00: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537. Return value 1.

MSI (s) (90:30) [00:51:00:812]: PROPERTY CHANGE: Adding SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\system32\'.

Action start 00:51:00: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537.

MSI (s) (90:30) [00:51:00:812]: Doing action: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537

Action ended 00:51:00: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537. Return value 1.

MSI (s) (90:30) [00:51:00:812]: PROPERTY CHANGE: Adding WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\'.

Action start 00:51:00: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537.

MSI (s) (90:30) [00:51:00:812]: Doing action: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537

Action ended 00:51:00: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537. Return value 1.

MSI (s) (90:30) [00:51:00:812]: PROPERTY CHANGE: Adding SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\system32\'.

Action start 00:51:00: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537.

MSI (s) (90:30) [00:51:00:812]: Doing action: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537

Action ended 00:51:00: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537. Return value 1.

MSI (s) (90:30) [00:51:00:812]: PROPERTY CHANGE: Adding WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\'.

Action start 00:51:00: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537.

MSI (s) (90:30) [00:51:00:812]: Doing action: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537

Action ended 00:51:00: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537. Return value 1.

MSI (s) (90:30) [00:51:00:812]: PROPERTY CHANGE: Adding SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\system32\'.

Action start 00:51:00: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537.

MSI (s) (90:30) [00:51:00:812]: Doing action: SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB

Action ended 00:51:00: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537. Return value 1.

MSI (s) (90:30) [00:51:00:812]: PROPERTY CHANGE: Adding SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB property. Its value is 'C:\WINDOWS\system32\'.

Action start 00:51:00: SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB.

MSI (s) (90:30) [00:51:00:812]: Doing action: SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1

Action ended 00:51:00: SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB. Return value 1.

MSI (s) (90:30) [00:51:00:812]: PROPERTY CHANGE: Adding SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1 property. Its value is 'C:\WINDOWS\system32\'.

Action start 00:51:00: SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1.

MSI (s) (90:30) [00:51:00:812]: Doing action: SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7

Action ended 00:51:00: SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1. Return value 1.

MSI (s) (90:30) [00:51:00:828]: PROPERTY CHANGE: Adding SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7 property. Its value is 'C:\WINDOWS\system32\'.

Action start 00:51:00: SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7.

MSI (s) (90:30) [00:51:00:828]: Doing action: LaunchConditions

Action ended 00:51:00: SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7. Return value 1.

Action start 00:51:00: LaunchConditions.

MSI (s) (90:30) [00:51:00:828]: Doing action: FindRelatedProducts

Action ended 00:51:00: LaunchConditions. Return value 1.

Action start 00:51:00: FindRelatedProducts.

MSI (s) (90:30) [00:51:00:828]: Doing action: AppSearch

Action ended 00:51:00: FindRelatedProducts. Return value 1.

Action start 00:51:00: AppSearch.

MSI (s) (90:30) [00:51:00:828]: Note: 1: 2262 2: Signature 3: -2147287038

MSI (s) (90:30) [00:51:00:828]: PROPERTY CHANGE: Adding WINHTTP_51 property. Its value is 'WinHttpRequest Component version 5.1'.

MSI (s) (90:30) [00:51:00:828]: Skipping action: CCPSearch (condition is false)

MSI (s) (90:30) [00:51:00:828]: Skipping action: RMCCPSearch (condition is false)

MSI (s) (90:30) [00:51:00:828]: Doing action: ValidateProductID

Action ended 00:51:00: AppSearch. Return value 1.

Action start 00:51:00: ValidateProductID.

MSI (s) (90:30) [00:51:00:828]: Doing action: CostInitialize

Action ended 00:51:00: ValidateProductID. Return value 1.

MSI (s) (90:30) [00:51:00:828]: Machine policy value 'MaxPatchCacheSize' is 10

Action start 00:51:00: CostInitialize.

MSI (s) (90:30) [00:51:00:828]: PROPERTY CHANGE: Adding ROOTDRIVE property. Its value is 'c:\'.

MSI (s) (90:30) [00:51:00:828]: PROPERTY CHANGE: Adding CostingComplete property. Its value is '0'.

MSI (s) (90:30) [00:51:00:828]: Note: 1: 2205 2: 3: Patch

MSI (s) (90:30) [00:51:00:828]: Note: 1: 2205 2: 3: PatchPackage

MSI (s) (90:30) [00:51:00:828]: Note: 1: 2205 2: 3: MsiPatchHeaders

MSI (s) (90:30) [00:51:00:828]: Note: 1: 2205 2: 3: __MsiPatchFileList

MSI (s) (90:30) [00:51:00:828]: Note: 1: 2205 2: 3: PatchPackage

MSI (s) (90:30) [00:51:00:828]: Note: 1: 2228 2: 3: PatchPackage 4: SELECT `DiskId`, `PatchId`, `LastSequence` FROM `Media`, `PatchPackage` WHERE `Media`.`DiskId`=`PatchPackage`.`Media_` ORDER BY `DiskId`

MSI (s) (90:30) [00:51:00:828]: Doing action: FileCost

Action ended 00:51:00: CostInitialize. Return value 1.

MSI (s) (90:30) [00:51:00:828]: Note: 1: 2262 2: Extension 3: -2147287038

Action start 00:51:00: FileCost.

MSI (s) (90:30) [00:51:00:843]: Doing action: CostFinalize

Action ended 00:51:00: FileCost. Return value 1.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Adding OutOfDiskSpace property. Its value is '0'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Adding OutOfNoRbDiskSpace property. Its value is '0'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceAvailable property. Its value is '0'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRequired property. Its value is '0'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRemaining property. Its value is '0'.

MSI (s) (90:30) [00:51:00:843]: Note: 1: 2205 2: 3: Patch

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Adding TARGETDIR property. Its value is 'c:\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Modifying WindowsFolder property. Its current value is 'C:\WINDOWS\'. Its new value: 'c:\WINDOWS\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Modifying CommonFilesFolder property. Its current value is 'C:\Program Files\Fichiers communs\'. Its new value: 'c:\Program Files\Fichiers communs\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Adding MicrosoftShared.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 property. Its value is 'c:\Program Files\Fichiers communs\Microsoft Shared\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Adding MSDN.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 property. Its value is 'c:\Program Files\Fichiers communs\Microsoft Shared\MSDN\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Modifying WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its current value is 'C:\WINDOWS\'. Its new value: 'c:\WINDOWS\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Modifying SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its current value is 'C:\WINDOWS\system32\'. Its new value: 'c:\WINDOWS\system32\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Adding WinSxsDirectory.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Adding policydir_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_ff05e224\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Adding payload.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_ff05e224\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Adding WinSxsManifests.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Manifests\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Adding WinSxsPolicies.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Policies\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Adding policydir.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Adding payload_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa692

0e9f98fc\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Modifying WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its current value is 'C:\WINDOWS\'. Its new value: 'c:\WINDOWS\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Modifying SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its current value is 'C:\WINDOWS\system32\'. Its new value: 'c:\WINDOWS\system32\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Adding WinSxsDirectory.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Adding policydir_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Adding WinSxsPolicies.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Policies\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Adding policydir.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Policies\x86_Microsoft.MSXML2R_6bd6b9abf345378f_x-ww_f529d679\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Adding WinSxsManifests.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Manifests\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Adding payload.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Adding payload_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Modifying WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its current value is 'C:\WINDOWS\'. Its new value: 'c:\WINDOWS\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Modifying SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its current value is 'C:\WINDOWS\system32\'. Its new value: 'c:\WINDOWS\system32\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Adding WinSxsDirectory.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Adding policydir_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Adding WinSxsPolicies.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Policies\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Adding policydir.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Policies\x86_Microsoft.MSXML2_6bd6b9abf345378f_x-ww_b261cf09\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Adding WinSxsManifests.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Manifests\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Adding payload.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Adding payload_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Modifying SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB property. Its current value is 'C:\WINDOWS\system32\'. Its new value: 'c:\WINDOWS\system32\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Modifying SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1 property. Its current value is 'C:\WINDOWS\system32\'. Its new value: 'c:\WINDOWS\system32\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Modifying SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7 property. Its current value is 'C:\WINDOWS\system32\'. Its new value: 'c:\WINDOWS\system32\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Modifying DesktopFolder property. Its current value is 'C:\Documents and Settings\All Users\Bureau\'. Its new value: 'c:\Documents and Settings\All Users\Bureau\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Modifying ProgramFilesFolder property. Its current value is 'C:\Program Files\'. Its new value: 'c:\Program Files\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Adding MSXML property. Its value is 'c:\Program Files\MSXML 4.0\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Adding INC.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'c:\Program Files\MSXML 4.0\inc\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Adding LIB.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'c:\Program Files\MSXML 4.0\lib\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Adding DOC.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'c:\Program Files\MSXML 4.0\doc\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Modifying ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901 property. Its current value is 'C:\Documents and Settings\All Users\Menu Démarrer\Programmes\'. Its new value: 'c:\Documents and Settings\All Users\Menu Démarrer\Programmes\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Adding MenuMSXML.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'c:\Documents and Settings\All Users\Menu Démarrer\Programmes\MSXML 4.0\'.

MSI (s) (90:30) [00:51:00:843]: PROPERTY CHANGE: Modifying DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901 property. Its current value is 'C:\Documents and Settings\All Users\Bureau\'. Its new value: 'c:\Documents and Settings\All Users\Bureau\'.

MSI (s) (90:30) [00:51:00:843]: Target path resolution complete. Dumping Directory table...

MSI (s) (90:30) [00:51:00:843]: Note: target paths subject to change (via custom actions or browsing)

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: TARGETDIR , Object: c:\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: WindowsFolder , Object: c:\WINDOWS\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: CommonFilesFolder , Object: c:\Program Files\Fichiers communs\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: MicrosoftShared.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 , Object: c:\Program Files\Fichiers communs\Microsoft Shared\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: MSDN.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 , Object: c:\Program Files\Fichiers communs\Microsoft Shared\MSDN\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\system32\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: WinSxsDirectory.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: policydir_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_ff05e224\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: payload.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_ff05e224\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: WinSxsManifests.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Manifests\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: WinSxsPolicies.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Policies\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: policydir.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: payload_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa692

0e9f98fc\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\system32\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: WinSxsDirectory.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: policydir_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: WinSxsPolicies.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Policies\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: policydir.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Policies\x86_Microsoft.MSXML2R_6bd6b9abf345378f_x-ww_f529d679\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: WinSxsManifests.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Manifests\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: payload.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: payload_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\system32\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: WinSxsDirectory.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: policydir_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: WinSxsPolicies.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Policies\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: policydir.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Policies\x86_Microsoft.MSXML2_6bd6b9abf345378f_x-ww_b261cf09\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: WinSxsManifests.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Manifests\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: payload.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: payload_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB , Object: c:\WINDOWS\system32\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1 , Object: c:\WINDOWS\system32\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7 , Object: c:\WINDOWS\system32\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: DesktopFolder , Object: c:\Documents and Settings\All Users\Bureau\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: ProgramFilesFolder , Object: c:\Program Files\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: MSXML , Object: c:\Program Files\MSXML 4.0\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: INC.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\Program Files\MSXML 4.0\inc\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: LIB.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\Program Files\MSXML 4.0\lib\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: DOC.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\Program Files\MSXML 4.0\doc\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\Documents and Settings\All Users\Menu Démarrer\Programmes\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: MenuMSXML.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\Documents and Settings\All Users\Menu Démarrer\Programmes\MSXML 4.0\

MSI (s) (90:30) [00:51:00:843]: Dir (target): Key: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\Documents and Settings\All Users\Bureau\

Action start 00:51:00: CostFinalize.

MSI (s) (90:30) [00:51:00:843]: Doing action: SetODBCFolders

Action ended 00:51:00: CostFinalize. Return value 1.

MSI (s) (90:30) [00:51:00:843]: Note: 1: 2205 2: 3: ODBCDriver

MSI (s) (90:30) [00:51:00:843]: Note: 1: 2228 2: 3: ODBCDriver 4: SELECT `ComponentId`,`Description`,`Directory_`, `ActionRequest`, `Installed`, `Attributes` FROM `ODBCDriver`, `Component` WHERE `ODBCDriver`.`Component_` = `Component` AND (`ActionRequest` = 1 OR `ActionRequest` = 2)

MSI (s) (90:30) [00:51:00:843]: Note: 1: 2205 2: 3: ODBCTranslator

MSI (s) (90:30) [00:51:00:843]: Note: 1: 2228 2: 3: ODBCTranslator 4: SELECT `ComponentId`,`Description`,`Directory_`, `ActionRequest`, `Installed`, `Attributes` FROM `ODBCTranslator`, `Component` WHERE `ODBCTranslator`.`Component_` = `Component` AND (`ActionRequest` = 1 OR `ActionRequest` = 2)

Action start 00:51:00: SetODBCFolders.

MSI (s) (90:30) [00:51:00:859]: Doing action: MigrateFeatureStates

Action ended 00:51:00: SetODBCFolders. Return value 0.

Action start 00:51:00: MigrateFeatureStates.

MSI (s) (90:30) [00:51:00:859]: Doing action: InstallValidate

Action ended 00:51:00: MigrateFeatureStates. Return value 0.

MSI (s) (90:30) [00:51:00:859]: Feature: MSXML; Installed: Absent; Request: Local; Action: Local

MSI (s) (90:30) [00:51:00:859]: Feature: MSXMLSYS; Installed: Absent; Request: Local; Action: Local

MSI (s) (90:30) [00:51:00:859]: Feature: MSXMLSUPP; Installed: Absent; Request: Null; Action: Null

MSI (s) (90:30) [00:51:00:859]: Feature: MSXMLSUPP2; Installed: Absent; Request: Local; Action: Local

MSI (s) (90:30) [00:51:00:859]: Feature: MSXMLSXS; Installed: Absent; Request: Local; Action: Local

MSI (s) (90:30) [00:51:00:859]: Feature: XMLSDK; Installed: Absent; Request: Null; Action: Null

MSI (s) (90:30) [00:51:00:859]: Component: RememberInstallFolder; Installed: Absent; Request: Local; Action: Local

MSI (s) (90:30) [00:51:00:859]: Component: QKBKEY; Installed: Absent; Request: Local; Action: Local

MSI (s) (90:30) [00:51:00:859]: Component: MSXML4_System.246EB7AD_459A_4FA8_83D1_41A46D7634B7; Installed: Absent; Request: Local; Action: Local

MSI (s) (90:30) [00:51:00:859]: Component: MSXML4_SystemRes.246EB7AD_459A_4FA8_83D1_41A46D7634B7; Installed: Absent; Request: Local; Action: Local

MSI (s) (90:30) [00:51:00:859]: Component: MSXML4_ANSI.246EB7AD_459A_4FA8_83D1_41A46D7634B7; Installed: Absent; Request: Local; Action: Null

MSI (s) (90:30) [00:51:00:859]: Component: WINHTTP50_COMPONENT.781A0624_31FF_4712_BFFD_31C829FFDBF1; Installed: Absent; Request: Null; Action: Null

MSI (s) (90:30) [00:51:00:859]: Component: PROXYCFG_COMPONENT.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB; Installed: Absent; Request: Local; Action: Null

MSI (s) (90:30) [00:51:00:859]: Component: uplevel.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Null

MSI (s) (90:30) [00:51:00:859]: Component: downlevel_manifest.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Local

MSI (s) (90:30) [00:51:00:859]: Component: downlevel_payload.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Local

MSI (s) (90:30) [00:51:00:859]: Component: uplevel.DA6654F6_456F_3658_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Null

MSI (s) (90:30) [00:51:00:859]: Component: downlevel_manifest.DA6654F6_456F_3658_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Local

MSI (s) (90:30) [00:51:00:859]: Component: downlevel_payload.DA6654F6_456F_3658_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Local

MSI (s) (90:30) [00:51:00:859]: Component: uplevel.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Null

MSI (s) (90:30) [00:51:00:859]: Component: downlevel_manifest.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Local

MSI (s) (90:30) [00:51:00:859]: Component: XMLSDK_Docs.4576A2F1_959E_4BCA_94A9_596523761901; Installed: Absent; Request: Null; Action: Null

MSI (s) (90:30) [00:51:00:859]: Component: XMLSDK_LIB.4576A2F1_959E_4BCA_94A9_596523761901; Installed: Absent; Request: Null; Action: Null

MSI (s) (90:30) [00:51:00:859]: Component: XMLSDK_INC.4576A2F1_959E_4BCA_94A9_596523761901; Installed: Absent; Request: Null; Action: Null

MSI (s) (90:30) [00:51:00:859]: Component: CookDoc_dll.3FB7DAB3_19E7_40A0_8730_4482CE77AC59; Installed: Absent; Request: Null; Action: Null

MSI (s) (90:30) [00:51:00:859]: Component: __uplevel.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF365; Installed: Null; Request: Local; Action: Null

MSI (s) (90:30) [00:51:00:859]: Component: __uplevel.DA6654F6_456F_3658_FF6B_D6B9ABF365; Installed: Null; Request: Local; Action: Null

MSI (s) (90:30) [00:51:00:859]: Component: __uplevel.0E9F98FC_A692_A6DF_FF6B_D6B9ABF365; Installed: Null; Request: Local; Action: Null

MSI (s) (90:30) [00:51:00:859]: Component: __QKBKEY65; Installed: Null; Request: Local; Action: Local

MSI (s) (90:30) [00:51:00:859]: Component: __MSXML4_System.246EB7AD_459A_4FA8_83D1_4165; Installed: Null; Request: Local; Action: Local

MSI (s) (90:30) [00:51:00:859]: Component: __downlevel_payload.7B2FCEFF_0F22_B7E1_FF665; Installed: Null; Request: Local; Action: Local

MSI (s) (90:30) [00:51:00:859]: Component: __downlevel_manifest.7B2FCEFF_0F22_B7E1_FF65; Installed: Null; Request: Local; Action: Local

MSI (s) (90:30) [00:51:00:859]: Component: __downlevel_payload.DA6654F6_456F_3658_FF665; Installed: Null; Request: Local; Action: Local

MSI (s) (90:30) [00:51:00:859]: Component: __downlevel_manifest.DA6654F6_456F_3658_FF65; Installed: Null; Request: Local; Action: Local

MSI (s) (90:30) [00:51:00:859]: Component: __downlevel_manifest.0E9F98FC_A692_A6DF_FF65; Installed: Null; Request: Local; Action: Local

MSI (s) (90:30) [00:51:00:859]: Component: __CookDoc_dll.3FB7DAB3_19E7_40A0_8730_448265; Installed: Null; Request: Null; Action: Null

MSI (s) (90:30) [00:51:00:859]: Component: __XMLSDK_Docs.4576A2F1_959E_4BCA_94A9_596565; Installed: Null; Request: Null; Action: Null

MSI (s) (90:30) [00:51:00:859]: Note: 1: 2205 2: 3: BindImage

MSI (s) (90:30) [00:51:00:859]: Note: 1: 2262 2: PublishComponent 3: -2147287038

MSI (s) (90:30) [00:51:00:859]: Note: 1: 2262 2: Extension 3: -2147287038

MSI (s) (90:30) [00:51:00:859]: Note: 1: 2205 2: 3: Font

Action start 00:51:00: InstallValidate.

MSI (s) (90:30) [00:51:00:859]: Note: 1: 2205 2: 3: _RemoveFilePath

MSI (s) (90:30) [00:51:01:031]: Note: 1: 2262 2: Extension 3: -2147287038

MSI (s) (90:30) [00:51:01:046]: Note: 1: 2262 2: Extension 3: -2147287038

MSI (s) (90:30) [00:51:01:046]: PROPERTY CHANGE: Modifying CostingComplete property. Its current value is '0'. Its new value: '1'.

MSI (s) (90:30) [00:51:01:046]: Note: 1: 2205 2: 3: BindImage

MSI (s) (90:30) [00:51:01:046]: Note: 1: 2262 2: PublishComponent 3: -2147287038

MSI (s) (90:30) [00:51:01:046]: Note: 1: 2262 2: Extension 3: -2147287038

MSI (s) (90:30) [00:51:01:046]: Note: 1: 2205 2: 3: Font

MSI (s) (90:30) [00:51:01:046]: Note: 1: 2727 2:

MSI (s) (90:30) [00:51:01:046]: Doing action: InstallInitialize

Action ended 00:51:01: InstallValidate. Return value 1.

MSI (s) (90:30) [00:51:01:046]: Machine policy value 'AlwaysInstallElevated' is 0

MSI (s) (90:30) [00:51:01:046]: User policy value 'AlwaysInstallElevated' is 0

MSI (s) (90:30) [00:51:01:046]: BeginTransaction: Locking Server

MSI (s) (90:30) [00:51:01:046]: SRSetRestorePoint skipped for this transaction.

MSI (s) (90:30) [00:51:01:046]: Server not locked: locking for product {37477865-A3F1-4772-AD43-AAFC6BCFF99F}

Action start 00:51:01: InstallInitialize.

MSI (s) (90:30) [00:51:02:687]: Doing action: SxsInstallCA

Action ended 00:51:02: InstallInitialize. Return value 1.

MSI (s) (90:04) [00:51:02:703]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSICE.tmp, Entrypoint: CustomAction_SxsMsmInstall

MSI (s) (90:D8) [00:51:02:703]: Generating random cookie.

MSI (s) (90:D8) [00:51:02:703]: Created Custom Action Server with PID 2500 (0x9C4).

MSI (s) (90:64) [00:51:02:765]: Running as a service.

MSI (s) (90:64) [00:51:02:765]: Hello, I'm your 32bit Elevated custom action server.

Action start 00:51:02: SxsInstallCA.

1: sxsdelca 2: traceop 3: 1256 4: 0

1: sxsdelca 2: traceop 3: 1257 4: 0

1: sxsdelca 2: traceop 3: 1258 4: 0

1: sxsdelca 2: traceop 3: 1284 4: 0

1: sxsdelca 2: traceop 3: 1288 4: 0

1: sxsdelca 2: traceop 3: 1289 4: 0

1: sxsdelca 2: traceop 3: 1290 4: 0

1: sxsdelca 2: traceop 3: 1292 4: 0

1: sxsdelca 2: traceop 3: 1306 4: 0

1: sxsdelca 2: traceop 3: 1307 4: 0

1: sxsdelca 2: traceop 3: 796 4: 0

1: sxsdelca 2: traceop 3: 801 4: 0

1: sxsdelca 2: traceop 3: 802 4: 0

1: sxsdelca 2: traceop 3: 803 4: 0

1: sxsdelca 2: traceop 3: 805 4: 0

1: sxsdelca 2: traceop 3: 812 4: 0

1: sxsdelca 2: traceop 3: 813 4: 0

1: sxsdelca 2: traceop 3: 814 4: 0

1: sxsdelca 2: traceop 3: 819 4: 0

1: sxsdelca 2: traceop 3: 820 4: 0

1: sxsdelca 2: traceop 3: 821 4: 0

1: sxsdelca 2: traceop 3: 827 4: 0

1: sxsdelca 2: traceop 3: 831 4: 0

1: sxsdelca 2: traceop 3: 827 4: 0

1: sxsdelca 2: traceop 3: 831 4: 0

1: sxsdelca 2: traceop 3: 827 4: 259

1: sxsdelca 2: traceop 3: 1311 4: 0

1: sxsdelca 2: traceop 3: 1312 4: 0

1: sxsdelca 2: traceop 3: 1077 4: 0

1: sxsdelca 2: traceop 3: 1081 4: 0

1: sxsdelca 2: traceop 3: 1083 4: 0

1: sxsdelca 2: traceop 3: 1087 4: 0

1: sxsdelca 2: traceop 3: 1093 4: 0

1: sxsdelca 2: traceop 3: 1097 4: 0

1: sxsdelca 2: traceop 3: 1093 4: 0

1: sxsdelca 2: traceop 3: 1101 4: 0

1: sxsdelca 2: traceop 3: 1093 4: 0

1: sxsdelca 2: traceop 3: 1105 4: 0

1: sxsdelca 2: traceop 3: 1093 4: 0

1: sxsdelca 2: traceop 3: 1109 4: 0

1: sxsdelca 2: traceop 3: 1093 4: 0

1: sxsdelca 2: traceop 3: 1113 4: 0

1: sxsdelca 2: traceop 3: 1093 4: 0

1: sxsdelca 2: traceop 3: 1117 4: 0

1: sxsdelca 2: traceop 3: 1121 4: 0

1: sxsdelca 2: traceop 3: 1313 4: 0

1: sxsdelca 2: traceop 3: 1314 4: 0

1: sxsdelca: Added reg value for 2: downlevel_manifest.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537

1: sxsdelca 2: traceop 3: 1284 4: 0

1: sxsdelca 2: traceop 3: 1288 4: 0

1: sxsdelca 2: traceop 3: 1289 4: 0

1: sxsdelca 2: traceop 3: 1290 4: 0

1: sxsdelca 2: traceop 3: 1292 4: 0

1: sxsdelca 2: traceop 3: 796 4: 0

1: sxsdelca 2: traceop 3: 801 4: 0

1: sxsdelca 2: traceop 3: 802 4: 0

1: sxsdelca 2: traceop 3: 803 4: 0

1: sxsdelca 2: traceop 3: 805 4: 0

1: sxsdelca 2: traceop 3: 812 4: 0

1: sxsdelca 2: traceop 3: 813 4: 0

1: sxsdelca 2: traceop 3: 814 4: 0

1: sxsdelca 2: traceop 3: 819 4: 0

1: sxsdelca 2: traceop 3: 820 4: 0

1: sxsdelca 2: traceop 3: 821 4: 0

1: sxsdelca 2: traceop 3: 827 4: 0

1: sxsdelca 2: traceop 3: 831 4: 0

1: sxsdelca 2: traceop 3: 827 4: 259

1: sxsdelca 2: traceop 3: 1311 4: 0

1: sxsdelca 2: traceop 3: 1312 4: 0

1: sxsdelca 2: traceop 3: 1077 4: 0

1: sxsdelca 2: traceop 3: 1081 4: 0

1: sxsdelca 2: traceop 3: 1083 4: 0

1: sxsdelca 2: traceop 3: 1087 4: 0

1: sxsdelca 2: traceop 3: 1093 4: 0

1: sxsdelca 2: traceop 3: 1097 4: 0

1: sxsdelca 2: traceop 3: 1093 4: 0

1: sxsdelca 2: traceop 3: 1101 4: 0

1: sxsdelca 2: traceop 3: 1093 4: 0

1: sxsdelca 2: traceop 3: 1105 4: 0

1: sxsdelca 2: traceop 3: 1093 4: 0

1: sxsdelca 2: traceop 3: 1109 4: 0

1: sxsdelca 2: traceop 3: 1093 4: 0

1: sxsdelca 2: traceop 3: 1113 4: 0

1: sxsdelca 2: traceop 3: 1093 4: 0

1: sxsdelca 2: traceop 3: 1117 4: 0

1: sxsdelca 2: traceop 3: 1121 4: 0

1: sxsdelca 2: traceop 3: 1313 4: 0

1: sxsdelca 2: traceop 3: 1314 4: 0

1: sxsdelca: Added reg value for 2: downlevel_payload.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537

1: sxsdelca 2: traceop 3: 1284 4: 0

1: sxsdelca 2: traceop 3: 1288 4: 0

1: sxsdelca 2: traceop 3: 1289 4: 0

1: sxsdelca 2: traceop 3: 1290 4: 0

1: sxsdelca 2: traceop 3: 1292 4: 0

1: sxsdelca 2: traceop 3: 796 4: 0

1: sxsdelca 2: traceop 3: 801 4: 0

1: sxsdelca 2: traceop 3: 802 4: 0

1: sxsdelca 2: traceop 3: 803 4: 0

1: sxsdelca 2: traceop 3: 805 4: 0

1: sxsdelca 2: traceop 3: 812 4: 0

1: sxsdelca 2: traceop 3: 813 4: 0

1: sxsdelca 2: traceop 3: 814 4: 0

1: sxsdelca 2: traceop 3: 819 4: 0

1: sxsdelca 2: traceop 3: 820 4: 0

1: sxsdelca 2: traceop 3: 821 4: 0

1: sxsdelca 2: traceop 3: 827 4: 0

1: sxsdelca 2: traceop 3: 831 4: 0

1: sxsdelca 2: traceop 3: 827 4: 0

1: sxsdelca 2: traceop 3: 831 4: 0

1: sxsdelca 2: traceop 3: 827 4: 259

1: sxsdelca 2: traceop 3: 1311 4: 0

1: sxsdelca 2: traceop 3: 1312 4: 0

1: sxsdelca 2: traceop 3: 1077 4: 0

1: sxsdelca 2: traceop 3: 1081 4: 0

1: sxsdelca 2: traceop 3: 1083 4: 0

1: sxsdelca 2: traceop 3: 1087 4: 0

1: sxsdelca 2: traceop 3: 1093 4: 0

1: sxsdelca 2: traceop 3: 1097 4: 0

1: sxsdelca 2: traceop 3: 1093 4: 0

1: sxsdelca 2: traceop 3: 1101 4: 0

1: sxsdelca 2: traceop 3: 1093 4: 0

1: sxsdelca 2: traceop 3: 1105 4: 0

1: sxsdelca 2: traceop 3: 1093 4: 0

1: sxsdelca 2: traceop 3: 1109 4: 0

1: sxsdelca 2: traceop 3: 1093 4: 0

1: sxsdelca 2: traceop 3: 1113 4: 0

1: sxsdelca 2: traceop 3: 1093 4: 0

1: sxsdelca 2: traceop 3: 1117 4: 0

1: sxsdelca 2: traceop 3: 1121 4: 0

1: sxsdelca 2: traceop 3: 1313 4: 0

1: sxsdelca 2: traceop 3: 1314 4: 0

1: sxsdelca: Added reg value for 2: downlevel_manifest.DA6654F6_456F_3658_FF6B_D6B9ABF34537

1: sxsdelca 2: traceop 3: 1284 4: 0

1: sxsdelca 2: traceop 3: 1288 4: 0

1: sxsdelca 2: traceop 3: 1289 4: 0

1: sxsdelca 2: traceop 3: 1290 4: 0

1: sxsdelca 2: traceop 3: 1292 4: 0

1: sxsdelca 2: traceop 3: 796 4: 0

1: sxsdelca 2: traceop 3: 801 4: 0

1: sxsdelca 2: traceop 3: 802 4: 0

1: sxsdelca 2: traceop 3: 803 4: 0

1: sxsdelca 2: traceop 3: 805 4: 0

1: sxsdelca 2: traceop 3: 812 4: 0

1: sxsdelca 2: traceop 3: 813 4: 0

1: sxsdelca 2: traceop 3: 814 4: 0

1: sxsdelca 2: traceop 3: 819 4: 0

1: sxsdelca 2: traceop 3: 820 4: 0

1: sxsdelca 2: traceop 3: 821 4: 0

1: sxsdelca 2: traceop 3: 827 4: 0

1: sxsdelca 2: traceop 3: 831 4: 0

1: sxsdelca 2: traceop 3: 827 4: 259

1: sxsdelca 2: traceop 3: 1311 4: 0

1: sxsdelca 2: traceop 3: 1312 4: 0

1: sxsdelca 2: traceop 3: 1077 4: 0

1: sxsdelca 2: traceop 3: 1081 4: 0

1: sxsdelca 2: traceop 3: 1083 4: 0

1: sxsdelca 2: traceop 3: 1087 4: 0

1: sxsdelca 2: traceop 3: 1093 4: 0

1: sxsdelca 2: traceop 3: 1097 4: 0

1: sxsdelca 2: traceop 3: 1093 4: 0

1: sxsdelca 2: traceop 3: 1101 4: 0

1: sxsdelca 2: traceop 3: 1093 4: 0

1: sxsdelca 2: traceop 3: 1105 4: 0

1: sxsdelca 2: traceop 3: 1093 4: 0

1: sxsdelca 2: traceop 3: 1109 4: 0

1: sxsdelca 2: traceop 3: 1093 4: 0

1: sxsdelca 2: traceop 3: 1113 4: 0

1: sxsdelca 2: traceop 3: 1093 4: 0

1: sxsdelca 2: traceop 3: 1117 4: 0

1: sxsdelca 2: traceop 3: 1121 4: 0

1: sxsdelca 2: traceop 3: 1313 4: 0

1: sxsdelca 2: traceop 3: 1314 4: 0

1: sxsdelca: Added reg value for 2: downlevel_payload.DA6654F6_456F_3658_FF6B_D6B9ABF34537

1: sxsdelca 2: traceop 3: 1284 4: 0

1: sxsdelca 2: traceop 3: 1288 4: 0

1: sxsdelca 2: traceop 3: 1289 4: 0

1: sxsdelca 2: traceop 3: 1290 4: 0

1: sxsdelca 2: traceop 3: 1292 4: 0

1: sxsdelca 2: traceop 3: 796 4: 0

1: sxsdelca 2: traceop 3: 801 4: 0

1: sxsdelca 2: traceop 3: 802 4: 0

1: sxsdelca 2: traceop 3: 803 4: 0

1: sxsdelca 2: traceop 3: 805 4: 0

1: sxsdelca 2: traceop 3: 812 4: 0

1: sxsdelca 2: traceop 3: 813 4: 0

1: sxsdelca 2: traceop 3: 814 4: 0

1: sxsdelca 2: traceop 3: 819 4: 0

1: sxsdelca 2: traceop 3: 820 4: 0

1: sxsdelca 2: traceop 3: 821 4: 0

1: sxsdelca 2: traceop 3: 827 4: 0

1: sxsdelca 2: traceop 3: 831 4: 0

1: sxsdelca 2: traceop 3: 827 4: 0

1: sxsdelca 2: traceop 3: 831 4: 0

1: sxsdelca 2: traceop 3: 827 4: 259

1: sxsdelca 2: traceop 3: 1311 4: 0

1: sxsdelca 2: traceop 3: 1312 4: 0

1: sxsdelca 2: traceop 3: 1077 4: 0

1: sxsdelca 2: traceop 3: 1081 4: 0

1: sxsdelca 2: traceop 3: 1083 4: 0

1: sxsdelca 2: traceop 3: 1087 4: 0

1: sxsdelca 2: traceop 3: 1093 4: 0

1: sxsdelca 2: traceop 3: 1097 4: 0

1: sxsdelca 2: traceop 3: 1093 4: 0

1: sxsdelca 2: traceop 3: 1101 4: 0

1: sxsdelca 2: traceop 3: 1093 4: 0

1: sxsdelca 2: traceop 3: 1105 4: 0

1: sxsdelca 2: traceop 3: 1093 4: 0

1: sxsdelca 2: traceop 3: 1109 4: 0

1: sxsdelca 2: traceop 3: 1093 4: 0

1: sxsdelca 2: traceop 3: 1113 4: 0

1: sxsdelca 2: traceop 3: 1093 4: 0

1: sxsdelca 2: traceop 3: 1117 4: 0

1: sxsdelca 2: traceop 3: 1121 4: 0

1: sxsdelca 2: traceop 3: 1313 4: 0

1: sxsdelca 2: traceop 3: 1314 4: 0

1: sxsdelca: Added reg value for 2: downlevel_manifest.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537

1: sxsdelca 2: traceop 3: 1284 4: 259

1: sxsdelca 2: SxsMsmInstall completed 3: 0 4: 0

MSI (s) (90:30) [00:51:02:921]: Doing action: AllocateRegistrySpace

Action ended 00:51:02: SxsInstallCA. Return value 1.

Action start 00:51:02: AllocateRegistrySpace.

MSI (s) (90:30) [00:51:02:921]: Doing action: ProcessComponents

Action ended 00:51:02: AllocateRegistrySpace. Return value 1.

MSI (s) (90:30) [00:51:02:921]: Note: 1: 2205 2: 3: MsiPatchCertificate

MSI (s) (90:30) [00:51:02:921]: LUA patching is disabled: missing MsiPatchCertificate table

MSI (s) (90:30) [00:51:02:921]: Resolving source.

MSI (s) (90:30) [00:51:02:921]: Resolving source to launched-from source.

MSI (s) (90:30) [00:51:02:921]: Setting launched-from source as last-used.

MSI (s) (90:30) [00:51:02:921]: PROPERTY CHANGE: Adding SourceDir property. Its value is 'c:\5c4d5aba6ff8501ed853afe816\'.

MSI (s) (90:30) [00:51:02:921]: PROPERTY CHANGE: Adding SOURCEDIR property. Its value is 'c:\5c4d5aba6ff8501ed853afe816\'.

MSI (s) (90:30) [00:51:02:921]: PROPERTY CHANGE: Adding SourcedirProduct property. Its value is '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'.

MSI (s) (90:30) [00:51:02:921]: SOURCEDIR ==> c:\5c4d5aba6ff8501ed853afe816\

MSI (s) (90:30) [00:51:02:921]: SOURCEDIR product ==> {37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSI (s) (90:30) [00:51:02:921]: Determining source type

MSI (s) (90:30) [00:51:02:921]: Source type from package 'msxml.msi': 2

Action start 00:51:02: ProcessComponents.

MSI (s) (90:30) [00:51:02:921]: Source path resolution complete. Dumping Directory table...

MSI (s) (90:30) [00:51:02:921]: Dir (source): Key: TARGETDIR , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: , ShortSubPath:

MSI (s) (90:30) [00:51:02:921]: Dir (source): Key: WindowsFolder , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: , ShortSubPath:

MSI (s) (90:30) [00:51:02:921]: Dir (source): Key: CommonFilesFolder , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: , ShortSubPath:

MSI (s) (90:30) [00:51:02:921]: Dir (source): Key: MicrosoftShared.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: Microsoft Shared\ , ShortSubPath: MICROS~1\

MSI (s) (90:30) [00:51:02:921]: Dir (source): Key: MSDN.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: Microsoft Shared\MSDN\ , ShortSubPath: MICROS~1\MSDN\

MSI (s) (90:30) [00:51:02:921]: Dir (source): Key: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: Windows\ , ShortSubPath:

MSI (s) (90:30) [00:51:02:921]: Dir (source): Key: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: Windows\system32\ , ShortSubPath:

MSI (s) (90:30) [00:51:02:921]: Dir (source): Key: WinSxsDirectory.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: Windows\winsxs\ , ShortSubPath:

MSI (s) (90:30) [00:51:02:921]: Dir (source): Key: policydir_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: Windows\winsxs\k0r1wg7y.dqe\ , ShortSubPath:

MSI (s) (90:30) [00:51:02:921]: Dir (source): Key: payload.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: Windows\winsxs\h0r1wg7y.dqe\ , ShortSubPath:

MSI (s) (90:30) [00:51:02:921]: Dir (source): Key: WinSxsManifests.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: Windows\winsxs\Manifests\ , ShortSubPath: Windows\winsxs\manifest\

MSI (s) (90:30) [00:51:02:937]: Dir (source): Key: WinSxsPolicies.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: Windows\winsxs\Policies\ , ShortSubPath:

MSI (s) (90:30) [00:51:02:937]: Dir (source): Key: policydir.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: Windows\winsxs\Policies\i0r1wg7y.dqe\ , ShortSubPath:

MSI (s) (90:30) [00:51:02:937]: Dir (source): Key: payload_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: Windows\winsxs\j0r1wg7y.dqe\ , ShortSubPath:

MSI (s) (90:30) [00:51:02:937]: Dir (source): Key: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: Windows\ , ShortSubPath:

MSI (s) (90:30) [00:51:02:937]: Dir (source): Key: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: Windows\system32\ , ShortSubPath:

MSI (s) (90:30) [00:51:02:937]: Dir (source): Key: WinSxsDirectory.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: Windows\winsxs\ , ShortSubPath:

MSI (s) (90:30) [00:51:02:937]: Dir (source): Key: policydir_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: Windows\winsxs\8n0mtfut.k85\ , ShortSubPath:

MSI (s) (90:30) [00:51:02:937]: Dir (source): Key: WinSxsPolicies.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: Windows\winsxs\Policies\ , ShortSubPath:

MSI (s) (90:30) [00:51:02:937]: Dir (source): Key: policydir.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: Windows\winsxs\Policies\6n0mtfut.k85\ , ShortSubPath:

MSI (s) (90:30) [00:51:02:937]: Dir (source): Key: WinSxsManifests.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: Windows\winsxs\Manifests\ , ShortSubPath: Windows\winsxs\manifest\

MSI (s) (90:30) [00:51:02:937]: Dir (source): Key: payload.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: Windows\winsxs\5n0mtfut.k85\ , ShortSubPath:

MSI (s) (90:30) [00:51:02:937]: Dir (source): Key: payload_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: Windows\winsxs\7n0mtfut.k85\ , ShortSubPath:

MSI (s) (90:30) [00:51:02:937]: Dir (source): Key: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: Windows\ , ShortSubPath:

MSI (s) (90:30) [00:51:02:937]: Dir (source): Key: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: Windows\system32\ , ShortSubPath:

MSI (s) (90:30) [00:51:02:937]: Dir (source): Key: WinSxsDirectory.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: Windows\winsxs\ , ShortSubPath:

MSI (s) (90:30) [00:51:02:937]: Dir (source): Key: policydir_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: Windows\winsxs\wl34x2va.rt8\ , ShortSubPath:

MSI (s) (90:30) [00:51:02:937]: Dir (source): Key: WinSxsPolicies.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: Windows\winsxs\Policies\ , ShortSubPath:

MSI (s) (90:30) [00:51:02:937]: Dir (source): Key: policydir.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: Windows\winsxs\Policies\ul34x2va.rt8\ , ShortSubPath:

MSI (s) (90:30) [00:51:02:937]: Dir (source): Key: WinSxsManifests.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: Windows\winsxs\Manifests\ , ShortSubPath: Windows\winsxs\manifest\

MSI (s) (90:30) [00:51:02:937]: Dir (source): Key: payload.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: Windows\winsxs\tl34x2va.rt8\ , ShortSubPath:

MSI (s) (90:30) [00:51:02:937]: Dir (source): Key: payload_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: Windows\winsxs\vl34x2va.rt8\ , ShortSubPath:

MSI (s) (90:30) [00:51:02:937]: Dir (source): Key: SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: , ShortSubPath:

MSI (s) (90:30) [00:51:02:937]: Dir (source): Key: SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1 , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: , ShortSubPath:

MSI (s) (90:30) [00:51:02:937]: Dir (source): Key: SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7 , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: System\ , ShortSubPath:

MSI (s) (90:30) [00:51:02:937]: Dir (source): Key: DesktopFolder , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: , ShortSubPath:

MSI (s) (90:30) [00:51:02:937]: Dir (source): Key: ProgramFilesFolder , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: , ShortSubPath:

MSI (s) (90:30) [00:51:02:937]: Dir (source): Key: MSXML , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: redist\ , ShortSubPath:

MSI (s) (90:30) [00:51:02:937]: Dir (source): Key: INC.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: redist\inc\ , ShortSubPath:

MSI (s) (90:30) [00:51:02:937]: Dir (source): Key: LIB.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: redist\lib\ , ShortSubPath:

MSI (s) (90:30) [00:51:02:937]: Dir (source): Key: DOC.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: redist\doc\ , ShortSubPath:

MSI (s) (90:30) [00:51:02:937]: Dir (source): Key: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: redist\ , ShortSubPath:

MSI (s) (90:30) [00:51:02:937]: Dir (source): Key: MenuMSXML.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: redist\MSXML 4.0\ , ShortSubPath: redist\MSXML4\

MSI (s) (90:30) [00:51:02:937]: Dir (source): Key: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\5c4d5aba6ff8501ed853afe816\ , LongSubPath: redist\ , ShortSubPath:

MSI (s) (90:30) [00:51:02:937]: Doing action: UnpublishComponents

Action ended 00:51:02: ProcessComponents. Return value 1.

MSI (s) (90:30) [00:51:02:937]: Note: 1: 2262 2: PublishComponent 3: -2147287038

Action start 00:51:02: UnpublishComponents.

MSI (s) (90:30) [00:51:02:937]: Doing action: MsiUnpublishAssemblies

Action ended 00:51:02: UnpublishComponents. Return value 1.

Action start 00:51:02: MsiUnpublishAssemblies.

MSI (s) (90:30) [00:51:02:937]: Doing action: UnpublishFeatures

Action ended 00:51:02: MsiUnpublishAssemblies. Return value 1.

Action start 00:51:02: UnpublishFeatures.

MSI (s) (90:30) [00:51:02:953]: Doing action: StopServices

Action ended 00:51:02: UnpublishFeatures. Return value 1.

MSI (s) (90:30) [00:51:02:953]: Note: 1: 2205 2: 3: ServiceControl

MSI (s) (90:30) [00:51:02:953]: Note: 1: 2228 2: 3: ServiceControl 4: SELECT `Name`,`Wait`,`Arguments`,`Event`, `Action` FROM `ServiceControl`, `Component` WHERE `Component_` = `Component` AND (`Action` = 0 OR `Action` = 1 OR `Action` = 2)

Action start 00:51:02: StopServices.

MSI (s) (90:30) [00:51:02:953]: Doing action: DeleteServices

Action ended 00:51:02: StopServices. Return value 1.

MSI (s) (90:30) [00:51:02:953]: Note: 1: 2205 2: 3: ServiceControl

MSI (s) (90:30) [00:51:02:953]: Note: 1: 2228 2: 3: ServiceControl 4: SELECT `Name`,`Wait`,`Arguments`,`Event`, `Action` FROM `ServiceControl`, `Component` WHERE `Component_` = `Component` AND (`Action` = 0 OR `Action` = 1 OR `Action` = 2)

Action start 00:51:02: DeleteServices.

MSI (s) (90:30) [00:51:02:953]: Doing action: UnregisterComPlus

Action ended 00:51:02: DeleteServices. Return value 1.

MSI (s) (90:30) [00:51:02:953]: Note: 1: 2205 2: 3: Complus

MSI (s) (90:30) [00:51:02:953]: Note: 1: 2228 2: 3: Complus 4: SELECT `ComponentId`, `FileName`, `Component`.`Directory_`, `ExpType`, `Component`.`Action`, `Component`.`Installed` FROM `Complus`, `Component`, `File` WHERE `Complus`.`Component_` = `Component` AND `Component`.`KeyPath` = `File`.`File` AND `Action` = 0

Action start 00:51:02: UnregisterComPlus.

MSI (s) (90:30) [00:51:02:953]: Doing action: SelfUnregModules

Action ended 00:51:02: UnregisterComPlus. Return value 0.

Action start 00:51:02: SelfUnregModules.

MSI (s) (90:30) [00:51:02:953]: Doing action: UnregisterTypeLibraries

Action ended 00:51:02: SelfUnregModules. Return value 1.

Action start 00:51:02: UnregisterTypeLibraries.

MSI (s) (90:30) [00:51:02:953]: Doing action: RemoveODBC

Action ended 00:51:02: UnregisterTypeLibraries. Return value 1.

MSI (s) (90:30) [00:51:02:953]: Note: 1: 2205 2: 3: ODBCDataSource

MSI (s) (90:30) [00:51:02:953]: Note: 1: 2228 2: 3: ODBCDataSource 4: SELECT `DataSource`,`ComponentId`,`DriverDescription`,`Description`,`Registration` FROM `ODBCDataSource`, `Component` WHERE `Component_` = `Component` AND `Component`.`Action` = 0 AND `BinaryType` = ?

MSI (s) (90:30) [00:51:02:953]: Note: 1: 2205 2: 3: ODBCDataSource

MSI (s) (90:30) [00:51:02:953]: Note: 1: 2228 2: 3: ODBCDataSource 4: SELECT `DataSource`,`ComponentId`,`DriverDescription`,`Description`,`Registration` FROM `ODBCDataSource`, `Component` WHERE `Component_` = `Component` AND `Component`.`Action` = 0 AND `BinaryType` = ?

MSI (s) (90:30) [00:51:02:953]: Note: 1: 2205 2: 3: ODBCTranslator

MSI (s) (90:30) [00:51:02:953]: Note: 1: 2228 2: 3: ODBCTranslator 4: SELECT `Translator`,`ComponentId`,`Description`, `RuntimeFlags`, `Component`.`Attributes` FROM `ODBCTranslator`, `Component` WHERE `Component_` = `Component` AND `Component`.`ActionRequest` = 0 AND `BinaryType` = ?

MSI (s) (90:30) [00:51:02:953]: Note: 1: 2205 2: 3: ODBCTranslator

MSI (s) (90:30) [00:51:02:953]: Note: 1: 2228 2: 3: ODBCTranslator 4: SELECT `Translator`,`ComponentId`,`Description`, `RuntimeFlags`, `Component`.`Attributes` FROM `ODBCTranslator`, `Component` WHERE `Component_` = `Component` AND `Component`.`ActionRequest` = 0 AND `BinaryType` = ?

MSI (s) (90:30) [00:51:02:953]: Note: 1: 2205 2: 3: ODBCDriver

MSI (s) (90:30) [00:51:02:953]: Note: 1: 2228 2: 3: ODBCDriver 4: SELECT `Driver`,`ComponentId`,`Description`, `RuntimeFlags`, `Component`.`Attributes` FROM `ODBCDriver`, `Component` WHERE `Component_` = `Component` AND `Component`.`ActionRequest` = 0 AND `BinaryType` = ?

MSI (s) (90:30) [00:51:02:953]: Note: 1: 2205 2: 3: ODBCDriver

MSI (s) (90:30) [00:51:02:953]: Note: 1: 2228 2: 3: ODBCDriver 4: SELECT `Driver`,`ComponentId`,`Description`, `RuntimeFlags`, `Component`.`Attributes` FROM `ODBCDriver`, `Component` WHERE `Component_` = `Component` AND `Component`.`ActionRequest` = 0 AND `BinaryType` = ?

MSI (s) (90:30) [00:51:02:953]: Note: 1: 2711 2: ODBCDriverManager

Action start 00:51:02: RemoveODBC.

MSI (s) (90:30) [00:51:02:953]: Note: 1: 2711 2: ODBCDriverManager64

MSI (s) (90:30) [00:51:02:953]: Doing action: UnregisterFonts

Action ended 00:51:02: RemoveODBC. Return value 1.

MSI (s) (90:30) [00:51:02:953]: Note: 1: 2205 2: 3: Font

MSI (s) (90:30) [00:51:02:953]: Note: 1: 2228 2: 3: Font 4: SELECT `FontTitle`, `FileName`, `Directory_`, `Installed`From `Font`, `FileAction` Where `Font`.`File_` = `FileAction`.`File` And `FileAction`.`Action` = 0 ORDER BY `FileAction`.`Directory_`

Action start 00:51:02: UnregisterFonts.

MSI (s) (90:30) [00:51:02:953]: Doing action: RemoveRegistryValues

Action ended 00:51:02: UnregisterFonts. Return value 1.

Action start 00:51:02: RemoveRegistryValues.

MSI (s) (90:30) [00:51:02:953]: Doing action: UnregisterClassInfo

Action ended 00:51:02: RemoveRegistryValues. Return value 1.

Action start 00:51:02: UnregisterClassInfo.

MSI (s) (90:30) [00:51:02:953]: Doing action: UnregisterExtensionInfo

Action ended 00:51:02: UnregisterClassInfo. Return value 1.

MSI (s) (90:30) [00:51:02:953]: Note: 1: 2262 2: Extension 3: -2147287038

Action start 00:51:02: UnregisterExtensionInfo.

MSI (s) (90:30) [00:51:02:953]: Doing action: UnregisterProgIdInfo

Action ended 00:51:02: UnregisterExtensionInfo. Return value 1.

MSI (s) (90:30) [00:51:02:953]: Note: 1: 2262 2: Extension 3: -2147287038

Action start 00:51:02: UnregisterProgIdInfo.

MSI (s) (90:30) [00:51:02:953]: Doing action: UnregisterMIMEInfo

Action ended 00:51:02: UnregisterProgIdInfo. Return value 1.

MSI (s) (90:30) [00:51:02:968]: Note: 1: 2262 2: MIME 3: -2147287038

MSI (s) (90:30) [00:51:02:968]: Note: 1: 2262 2: Extension 3: -2147287038

Action start 00:51:02: UnregisterMIMEInfo.

MSI (s) (90:30) [00:51:02:968]: Doing action: RemoveIniValues

Action ended 00:51:02: UnregisterMIMEInfo. Return value 1.

MSI (s) (90:30) [00:51:02:968]: Note: 1: 2205 2: 3: IniFile

MSI (s) (90:30) [00:51:02:968]: Note: 1: 2228 2: 3: IniFile 4: SELECT `FileName`,`IniFile`.`DirProperty`,`Section`,`IniFile`.`Key`,`IniFile`.`Value`,`IniFile`.`Action` FROM `IniFile`, `Component` WHERE `Component`=`Component_` AND `Component`.`Action`=0 ORDER BY `FileName`,`Section`

Action start 00:51:02: RemoveIniValues.

MSI (s) (90:30) [00:51:02:968]: Doing action: RemoveShortcuts

Action ended 00:51:02: RemoveIniValues. Return value 1.

Action start 00:51:02: RemoveShortcuts.

MSI (s) (90:30) [00:51:02:968]: Doing action: RemoveEnvironmentStrings

Action ended 00:51:02: RemoveShortcuts. Return value 1.

MSI (s) (90:30) [00:51:02:968]: Note: 1: 2205 2: 3: Environment

MSI (s) (90:30) [00:51:02:968]: Note: 1: 2228 2: 3: Environment 4: SELECT `Name`,`Value` FROM `Environment`,`Component` WHERE `Component_`=`Component` AND (`Component`.`Action` = 0)

Action start 00:51:02: RemoveEnvironmentStrings.

MSI (s) (90:30) [00:51:02:968]: Doing action: RemoveDuplicateFiles

Action ended 00:51:02: RemoveEnvironmentStrings. Return value 1.

Action start 00:51:02: RemoveDuplicateFiles.

MSI (s) (90:30) [00:51:02:968]: Doing action: RemoveFiles

Action ended 00:51:02: RemoveDuplicateFiles. Return value 1.

MSI (s) (90:30) [00:51:02:968]: Note: 1: 2205 2: 3: RemoveFile

Action start 00:51:02: RemoveFiles.

MSI (s) (90:30) [00:51:02:968]: Doing action: RemoveFolders

Action ended 00:51:02: RemoveFiles. Return value 0.

Action start 00:51:02: RemoveFolders.

MSI (s) (90:30) [00:51:02:968]: Doing action: CreateFolders

Action ended 00:51:02: RemoveFolders. Return value 1.

Action start 00:51:02: CreateFolders.

MSI (s) (90:30) [00:51:02:968]: Doing action: MoveFiles

Action ended 00:51:02: CreateFolders. Return value 1.

Action start 00:51:02: MoveFiles.

MSI (s) (90:30) [00:51:02:968]: Doing action: InstallFiles

Action ended 00:51:02: MoveFiles. Return value 1.

Action start 00:51:02: InstallFiles.

MSI (s) (90:30) [00:51:02:968]: Note: 1: 2205 2: 3: Patch

MSI (s) (90:30) [00:51:02:968]: Note: 1: 2228 2: 3: Patch 4: SELECT `Patch`.`File_`, `Patch`.`Header`, `Patch`.`Attributes`, `Patch`.`Sequence`, `Patch`.`StreamRef_` FROM `Patch` WHERE `Patch`.`File_` = ? AND `Patch`.`#_MsiActive`=? ORDER BY `Patch`.`Sequence`

MSI (s) (90:30) [00:51:02:968]: Note: 1: 2205 2: 3: MsiPatchHeaders

MSI (s) (90:30) [00:51:02:968]: Note: 1: 2228 2: 3: MsiPatchHeaders 4: SELECT `Header` FROM `MsiPatchHeaders` WHERE `StreamRef` = ?

MSI (s) (90:30) [00:51:02:968]: Note: 1: 2205 2: 3: PatchPackage

MSI (s) (90:30) [00:51:02:968]: Doing action: PatchFiles

Action ended 00:51:02: InstallFiles. Return value 1.

MSI (s) (90:30) [00:51:02:968]: Note: 1: 2205 2: 3: Patch

MSI (s) (90:30) [00:51:02:968]: Note: 1: 2228 2: 3: Patch 4: SELECT `File`,`FileName`,`FileSize`,`Directory_`,`PatchSize`,`File`.`Attributes`,`Patch`.`Attributes`,`Patch`.`Sequence`,`Component`.`Component`,`Component`.`ComponentId` FROM `File`,`Component`,`Patch` WHERE `Patch`.`#_MsiActive`=? AND `File`=`File_` AND `Component`=`Component_` ORDER BY `Patch`.`Sequence`

Action start 00:51:02: PatchFiles.

MSI (s) (90:30) [00:51:02:984]: Doing action: DuplicateFiles

Action ended 00:51:02: PatchFiles. Return value 0.

Action start 00:51:02: DuplicateFiles.

MSI (s) (90:30) [00:51:02:984]: Doing action: BindImage

Action ended 00:51:02: DuplicateFiles. Return value 1.

Action start 00:51:02: BindImage.

MSI (s) (90:30) [00:51:02:984]: Doing action: CreateShortcuts

Action ended 00:51:02: BindImage. Return value 1.

Action start 00:51:02: CreateShortcuts.

MSI (s) (90:30) [00:51:02:984]: Doing action: RegisterClassInfo

Action ended 00:51:02: CreateShortcuts. Return value 1.

Action start 00:51:02: RegisterClassInfo.

MSI (s) (90:30) [00:51:02:984]: Doing action: RegisterExtensionInfo

Action ended 00:51:02: RegisterClassInfo. Return value 1.

MSI (s) (90:30) [00:51:02:984]: Note: 1: 2262 2: Extension 3: -2147287038

Action start 00:51:02: RegisterExtensionInfo.

MSI (s) (90:30) [00:51:02:984]: Doing action: RegisterProgIdInfo

Action ended 00:51:02: RegisterExtensionInfo. Return value 1.

MSI (s) (90:30) [00:51:02:984]: Note: 1: 2262 2: Extension 3: -2147287038

Action start 00:51:02: RegisterProgIdInfo.

MSI (s) (90:30) [00:51:02:984]: Doing action: RegisterMIMEInfo

Action ended 00:51:02: RegisterProgIdInfo. Return value 1.

MSI (s) (90:30) [00:51:02:984]: Note: 1: 2262 2: MIME 3: -2147287038

MSI (s) (90:30) [00:51:02:984]: Note: 1: 2262 2: Extension 3: -2147287038

Action start 00:51:02: RegisterMIMEInfo.

MSI (s) (90:30) [00:51:02:984]: Doing action: WriteRegistryValues

Action ended 00:51:02: RegisterMIMEInfo. Return value 1.

Action start 00:51:02: WriteRegistryValues.

MSI (s) (90:30) [00:51:03:015]: Doing action: WriteIniValues

Action ended 00:51:03: WriteRegistryValues. Return value 1.

MSI (s) (90:30) [00:51:03:015]: Note: 1: 2205 2: 3: IniFile

MSI (s) (90:30) [00:51:03:015]: Note: 1: 2228 2: 3: IniFile 4: SELECT `FileName`,`IniFile`.`DirProperty`,`Section`,`IniFile`.`Key`,`IniFile`.`Value`,`IniFile`.`Action` FROM `IniFile`, `Component` WHERE `Component`=`Component_` AND (`Component`.`Action`=1 OR `Component`.`Action`=2) ORDER BY `FileName`,`Section`

Action start 00:51:03: WriteIniValues.

MSI (s) (90:30) [00:51:03:015]: Doing action: WriteEnvironmentStrings

Action ended 00:51:03: WriteIniValues. Return value 1.

MSI (s) (90:30) [00:51:03:015]: Note: 1: 2205 2: 3: Environment

MSI (s) (90:30) [00:51:03:015]: Note: 1: 2228 2: 3: Environment 4: SELECT `Name`,`Value` FROM `Environment`,`Component` WHERE `Component_`=`Component` AND (`Component`.`Action` = 1 OR `Component`.`Action` = 2)

Action start 00:51:03: WriteEnvironmentStrings.

MSI (s) (90:30) [00:51:03:015]: Doing action: RegisterFonts

Action ended 00:51:03: WriteEnvironmentStrings. Return value 1.

MSI (s) (90:30) [00:51:03:015]: Note: 1: 2205 2: 3: Font

MSI (s) (90:30) [00:51:03:015]: Note: 1: 2228 2: 3: Font 4: SELECT `FontTitle`, `FileName`, `Directory_`, `Action` From `Font`, `FileAction` Where `Font`.`File_` = `FileAction`.`File` And (`FileAction`.`Action` = 1 Or `FileAction`.`Action` = 2) ORDER BY `FileAction`.`Directory_`

Action start 00:51:03: RegisterFonts.

MSI (s) (90:30) [00:51:03:015]: Doing action: InstallODBC

Action ended 00:51:03: RegisterFonts. Return value 1.

MSI (s) (90:30) [00:51:03:015]: Note: 1: 2711 2: ODBCDriverManager

MSI (s) (90:30) [00:51:03:015]: Note: 1: 2711 2: ODBCDriverManager64

MSI (s) (90:30) [00:51:03:015]: Note: 1: 2205 2: 3: ODBCDriver

MSI (s) (90:30) [00:51:03:015]: Note: 1: 2228 2: 3: ODBCDriver 4: SELECT `Driver`,`ComponentId`,`Description`,`RuntimeFlags`,`Directory_`,`FileName`,`File_Setup`,`Action` FROM `ODBCDriver`, `File`, `Component` WHERE `File_` = `File` AND `ODBCDriver`.`Component_` = `Component` AND (`Component`.`ActionRequest` = 1 OR `Component`.`ActionRequest` = 2) AND `BinaryType` = ?

MSI (s) (90:30) [00:51:03:015]: Note: 1: 2205 2: 3: ODBCDriver

MSI (s) (90:30) [00:51:03:015]: Note: 1: 2228 2: 3: ODBCDriver 4: SELECT `Driver`,`ComponentId`,`Description`,`RuntimeFlags`,`Directory_`,`FileName`,`File_Setup`,`Action` FROM `ODBCDriver`, `File`, `Component` WHERE `File_` = `File` AND `ODBCDriver`.`Component_` = `Component` AND (`Component`.`ActionRequest` = 1 OR `Component`.`ActionRequest` = 2) AND `BinaryType` = ?

MSI (s) (90:30) [00:51:03:015]: Note: 1: 2205 2: 3: ODBCTranslator

MSI (s) (90:30) [00:51:03:015]: Note: 1: 2228 2: 3: ODBCTranslator 4: SELECT `Translator`,`ComponentId`,`Description`,`RuntimeFlags`,`Directory_`,`FileName`,`File_Setup`,`Action` FROM `ODBCTranslator`, `File`, `Component` WHERE `File_` = `File` AND `ODBCTranslator`.`Component_` = `Component` AND (`Component`.`ActionRequest` = 1 OR `Component`.`ActionRequest` = 2) AND `BinaryType` = ?

MSI (s) (90:30) [00:51:03:015]: Note: 1: 2205 2: 3: ODBCTranslator

MSI (s) (90:30) [00:51:03:015]: Note: 1: 2228 2: 3: ODBCTranslator 4: SELECT `Translator`,`ComponentId`,`Description`,`RuntimeFlags`,`Directory_`,`FileName`,`File_Setup`,`Action` FROM `ODBCTranslator`, `File`, `Component` WHERE `File_` = `File` AND `ODBCTranslator`.`Component_` = `Component` AND (`Component`.`ActionRequest` = 1 OR `Component`.`ActionRequest` = 2) AND `BinaryType` = ?

MSI (s) (90:30) [00:51:03:015]: Note: 1: 2205 2: 3: ODBCDataSource

MSI (s) (90:30) [00:51:03:015]: Note: 1: 2228 2: 3: ODBCDataSource 4: SELECT `DataSource`,`ComponentId`,`DriverDescription`,`Description`,`Registration` FROM `ODBCDataSource`, `Component` WHERE `Component_` = `Component` AND (`Component`.`Action` = 1 OR `Component`.`Action` = 2) AND `BinaryType` = ?

MSI (s) (90:30) [00:51:03:015]: Note: 1: 2205 2: 3: ODBCDataSource

MSI (s) (90:30) [00:51:03:015]: Note: 1: 2228 2: 3: ODBCDataSource 4: SELECT `DataSource`,`ComponentId`,`DriverDescription`,`Description`,`Registration` FROM `ODBCDataSource`, `Component` WHERE `Component_` = `Component` AND (`Component`.`Action` = 1 OR `Component`.`Action` = 2) AND `BinaryType` = ?

Action start 00:51:03: InstallODBC.

MSI (s) (90:30) [00:51:03:015]: Doing action: RegisterTypeLibraries

Action ended 00:51:03: InstallODBC. Return value 0.

Action start 00:51:03: RegisterTypeLibraries.

MSI (s) (90:30) [00:51:03:015]: Doing action: SelfRegModules

Action ended 00:51:03: RegisterTypeLibraries. Return value 1.

Action start 00:51:03: SelfRegModules.

MSI (s) (90:30) [00:51:03:015]: Doing action: RegisterComPlus

Action ended 00:51:03: SelfRegModules. Return value 1.

MSI (s) (90:30) [00:51:03:015]: Note: 1: 2205 2: 3: Complus

MSI (s) (90:30) [00:51:03:015]: Note: 1: 2228 2: 3: Complus 4: SELECT `ComponentId`, `FileName`, `Component`.`Directory_`, `ExpType`, `Component`.`Action`, `Component`.`Installed` FROM `Complus`, `Component`, `File` WHERE `Complus`.`Component_` = `Component` AND `Component`.`KeyPath` = `File`.`File` AND (`Action` = 1 OR `Action` = 2)

Action start 00:51:03: RegisterComPlus.

MSI (s) (90:30) [00:51:03:015]: Doing action: InstallServices

Action ended 00:51:03: RegisterComPlus. Return value 0.

MSI (s) (90:30) [00:51:03:015]: Detected older ServiceInstall table schema

MSI (s) (90:30) [00:51:03:015]: Note: 1: 2205 2: 3: ServiceInstall

MSI (s) (90:30) [00:51:03:015]: Note: 1: 2228 2: 3: ServiceInstall 4: SELECT `Name`,`DisplayName`,`ServiceType`,`StartType`,`ErrorControl`,`LoadOrderGroup`,`Dependencies`,`StartName`,`Password`,`ComponentId`,`Directory_`,`FileName`,`Arguments` FROM `ServiceInstall`, `Component`, `File` WHERE `ServiceInstall`.`Component_` = `Component`.`Component` AND (`Component`.`KeyPath` = `File`.`File`) AND (`Action` = 1 OR `Action` = 2)

Action start 00:51:03: InstallServices.

MSI (s) (90:30) [00:51:03:015]: Doing action: StartServices

Action ended 00:51:03: InstallServices. Return value 1.

MSI (s) (90:30) [00:51:03:015]: Note: 1: 2205 2: 3: ServiceControl

MSI (s) (90:30) [00:51:03:015]: Note: 1: 2228 2: 3: ServiceControl 4: SELECT `Name`,`Wait`,`Arguments`,`Event`, `Action` FROM `ServiceControl`, `Component` WHERE `Component_` = `Component` AND (`Action` = 0 OR `Action` = 1 OR `Action` = 2)

Action start 00:51:03: StartServices.

MSI (s) (90:30) [00:51:03:015]: Doing action: RegisterUser

Action ended 00:51:03: StartServices. Return value 1.

Action start 00:51:03: RegisterUser.

MSI (s) (90:30) [00:51:03:015]: Doing action: RegisterProduct

Action ended 00:51:03: RegisterUser. Return value 1.

Action start 00:51:03: RegisterProduct.

MSI (s) (90:30) [00:51:03:015]: PROPERTY CHANGE: Adding ProductToBeRegistered property. Its value is '1'.

MSI (s) (90:30) [00:51:03:031]: Doing action: PublishComponents

Action ended 00:51:03: RegisterProduct. Return value 1.

MSI (s) (90:30) [00:51:03:031]: Note: 1: 2262 2: PublishComponent 3: -2147287038

Action start 00:51:03: PublishComponents.

MSI (s) (90:30) [00:51:03:031]: Doing action: MsiPublishAssemblies

Action ended 00:51:03: PublishComponents. Return value 1.

Action start 00:51:03: MsiPublishAssemblies.

MSI (s) (90:30) [00:51:03:031]: Doing action: PublishFeatures

Action ended 00:51:03: MsiPublishAssemblies. Return value 1.

Action start 00:51:03: PublishFeatures.

MSI (s) (90:30) [00:51:03:031]: Doing action: PublishProduct

Action ended 00:51:03: PublishFeatures. Return value 1.

Action start 00:51:03: PublishProduct.

MSI (s) (90:30) [00:51:03:031]: Doing action: InstallFinalize

Action ended 00:51:03: PublishProduct. Return value 1.

MSI (s) (90:30) [00:51:03:031]: Running Script: C:\WINDOWS\Installer\MSICF.tmp

MSI (s) (90:30) [00:51:03:031]: PROPERTY CHANGE: Adding UpdateStarted property. Its value is '1'.

MSI (s) (90:30) [00:51:03:031]: Machine policy value 'DisableRollback' is 0

MSI (s) (90:30) [00:51:03:062]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2

MSI (s) (90:30) [00:51:03:093]: Executing op: Header(Signature=1397708873,Version=301,Timestamp=908658274,LangId=1033,Platform

=0,ScriptType=1,ScriptMajorVersion=21,ScriptMinorVersion=4,ScriptAttributes=1)

Action start 00:51:03: InstallFinalize.

MSI (s) (90:30) [00:51:03:093]: Executing op: ProductInfo(ProductKey={37477865-A3F1-4772-AD43-AAFC6BCFF99F},ProductName=MSXML 4.0 SP2 (KB927978),PackageName=msxml.msi,Language=1033,Version=68429425,Assignment=1,Obs

oleteArg=0,,,PackageCode={2B27DCD9-53FA-4885-B6CD-698623819F4C},,,InstanceType=0,LUASetting=0,RemoteURTInstalls=0)

MSI (s) (90:30) [00:51:03:093]: Executing op: DialogInfo(Type=0,Argument=1033)

MSI (s) (90:30) [00:51:03:093]: Executing op: DialogInfo(Type=1,Argument=MSXML 4.0 SP2 (KB927978))

MSI (s) (90:30) [00:51:03:093]: Executing op: RollbackInfo(,RollbackAction=Rollback,RollbackDescription=Rolling back action:,RollbackTemplate=[1],CleanupAction=RollbackCleanup,CleanupDescription=Re

moving backup files,CleanupTemplate=File: [1])

MSI (s) (90:30) [00:51:03:093]: Executing op: SetBaseline(Baseline=0,)

MSI (s) (90:30) [00:51:03:093]: Executing op: SetBaseline(Baseline=1,)

MSI (s) (90:30) [00:51:03:093]: Executing op: ActionStart(Name=ProcessComponents,Description=Updating component registration,)

MSI (s) (90:30) [00:51:03:093]: Executing op: ProgressTotal(Total=5,Type=1,ByteEquivalent=24000)

MSI (s) (90:30) [00:51:03:093]: Executing op: ComponentUnregister(ComponentId={E9BC82F6-AC0E-407C-8666-619D6D60DF2B},,BinaryType=0,PreviouslyPinned=1)

MSI (s) (90:30) [00:51:03:093]: Note: 1: 1402 2: UNKNOWN\Components\6F28CB9EE0CAC704686616D9D606FDB2 3: 2

MSI (s) (90:30) [00:51:03:093]: Executing op: ComponentUnregister(ComponentId={81754FFD-DA2B-49C6-9447-E1C1E1733BB6},,BinaryType=0,PreviouslyPinned=1)

MSI (s) (90:30) [00:51:03:093]: Note: 1: 1402 2: UNKNOWN\Components\DFF45718B2AD6C9449741E1C1E37B36B 3: 2

MSI (s) (90:30) [00:51:03:093]: Executing op: ComponentUnregister(ComponentId={5E6714E1-EA46-4B0F-B479-06D87058DC74},,BinaryType=0,PreviouslyPinned=1)

MSI (s) (90:30) [00:51:03:093]: Note: 1: 1402 2: UNKNOWN\Components\1E4176E564AEF0B44B97608D0785CD47 3: 2

MSI (s) (90:30) [00:51:03:093]: Executing op: ComponentUnregister(ComponentId={57E0F99D-E884-4BD0-B8CB-803CF9EA2066},,BinaryType=0,PreviouslyPinned=1)

MSI (s) (90:30) [00:51:03:093]: Note: 1: 1402 2: UNKNOWN\Components\D99F0E75488E0DB48BBC08C39FAE0266 3: 2

MSI (s) (90:30) [00:51:03:093]: Executing op: ComponentUnregister(ComponentId={C763CD13-6E1E-4166-8C78-D274B266E9B6},,BinaryType=0,PreviouslyPinned=1)

MSI (s) (90:30) [00:51:03:093]: Note: 1: 1402 2: UNKNOWN\Components\31DC367CE1E66614C8872D472B669E6B 3: 2

MSI (s) (90:30) [00:51:03:093]: Executing op: ProgressTotal(Total=14,Type=1,ByteEquivalent=24000)

MSI (s) (90:30) [00:51:03:093]: Executing op: ComponentRegister(ComponentId={4075CDF6-D88F-4F57-AF1A-29A124755695},KeyPath=c:\Program Files\MSXML 4.0\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)

MSI (s) (90:30) [00:51:03:093]: Executing op: ComponentRegister(ComponentId={D21D9CCD-C3FA-4D72-982F-C29A2DE361EC},KeyPath=02:\Software\Microsoft\Updates\MSXML4SP2\Q927978\Description,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)

MSI (s) (90:30) [00:51:03:093]: Executing op: ComponentRegister(ComponentId={4B1F71A7-50C6-44B7-A3AD-B6C3574BB896},KeyPath=c:\WINDOWS\system32\msxml4.dll,State=3,,Disk=1,SharedDllRefCount=1,BinaryType=0)

MSI (s) (90:30) [00:51:03:093]: Executing op: ComponentRegister(ComponentId={62846705-2671-4547-AB45-854DCC93B3C7},KeyPath=c:\WINDOWS\system32\msxml4r.dll,State=3,,Disk=1,SharedDllRefCount=1,BinaryType=0)

MSI (s) (90:30) [00:51:03:109]: Executing op: ComponentRegister(ComponentId={3AAE95CD-F592-46E7-89A1-9B56717C4413},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0)

MSI (s) (90:30) [00:51:03:109]: Executing op: ComponentRegister(ComponentId={CCF8B6EF-5FB9-4DE1-A276-683008BA3485},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0)

MSI (s) (90:30) [00:51:03:109]: Executing op: ComponentRegister(ComponentId={7B2FCEFF-0F22-B7E1-A06B-D6B9ABF34537},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0)

MSI (s) (90:30) [00:51:03:109]: Executing op: ComponentRegister(ComponentId={7B2FCEFF-0F22-B7E1-C06B-D6B9ABF34537},KeyPath=02:\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\downlevel_manifest\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)

MSI (s) (90:30) [00:51:03:109]: Executing op: ComponentRegister(ComponentId={7B2FCEFF-0F22-B7E1-B06B-D6B9ABF34537},KeyPath=02:\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\downlevel_payload\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)

MSI (s) (90:30) [00:51:03:109]: Executing op: ComponentRegister(ComponentId={DA6654F6-456F-3658-A06B-D6B9ABF34537},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0)

MSI (s) (90:30) [00:51:03:109]: Executing op: ComponentRegister(ComponentId={DA6654F6-456F-3658-C06B-D6B9ABF34537},KeyPath=02:\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\downlevel_manifest\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)

MSI (s) (90:30) [00:51:03:109]: Executing op: ComponentRegister(ComponentId={DA6654F6-456F-3658-B06B-D6B9ABF34537},KeyPath=02:\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\downlevel_payload\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)

MSI (s) (90:30) [00:51:03:109]: Executing op: ComponentRegister(ComponentId={0E9F98FC-A692-A6DF-A06B-D6B9ABF34537},,State=-7,,Disk=1,SharedDllRefCount=0,BinaryType=0)

MSI (s) (90:30) [00:51:03:109]: Executing op: ComponentRegister(ComponentId={0E9F98FC-A692-A6DF-C06B-D6B9ABF34537},KeyPath=02:\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_ff05e224\downlevel_manifest\,State=3,,Disk=1,SharedDllRefCount=0,BinaryType=0)

MSI (s) (90:30) [00:51:03:109]: Executing op: ProgressTotal(Total=1,Type=1,ByteEquivalent=13200)

MSI (s) (90:30) [00:51:03:109]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs,,BinaryType=0)

MSI (s) (90:30) [00:51:03:109]: Executing op: ProgressTick()

MSI (s) (90:30) [00:51:03:109]: Executing op: ProgressTotal(Total=1,Type=1,ByteEquivalent=13200)

MSI (s) (90:30) [00:51:03:109]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs,,BinaryType=0)

MSI (s) (90:30) [00:51:03:109]: Executing op: ProgressTick()

MSI (s) (90:30) [00:51:03:109]: Executing op: ActionStart(Name=RemoveODBC,Description=Removing ODBC components,)

MSI (s) (90:30) [00:51:03:109]: Executing op: ODBCDriverManager(,BinaryType=0)

MSI (s) (90:30) [00:51:03:109]: Executing op: ODBCDriverManager(,BinaryType=1)

MSI (s) (90:30) [00:51:03:109]: Executing op: ActionStart(Name=CreateFolders,Description=Creating folders,Template=Folder: [1])

MSI (s) (90:30) [00:51:03:109]: Executing op: FolderCreate(Folder=c:\Program Files\MSXML 4.0\,Foreign=0,)

MSI (s) (90:30) [00:51:03:109]: Executing op: ActionStart(Name=InstallFiles,Description=Copying new files,Template=File: [1], Directory: [9], Size: [6])

MSI (s) (90:30) [00:51:03:109]: Executing op: ProgressTotal(Total=2521072,Type=0,ByteEquivalent=1)

MSI (s) (90:30) [00:51:03:109]: Executing op: SetTargetFolder(Folder=c:\WINDOWS\system32\)

MSI (s) (90:30) [00:51:03:109]: Executing op: SetSourceFolder(Folder=1\System\)

MSI (s) (90:30) [00:51:03:109]: Executing op: ChangeMedia(,MediaPrompt=Please insert the disk: ,MediaCabinet=XML_Core.cab,BytesPerTick=32768,CopierType=2,ModuleFileName=c:\WINDOWS\Installer\13405d2.msi,,,,,IsFirstPhysicalMedia=1)

MSI (s) (90:30) [00:51:03:109]: Executing op: FileCopy(SourceName=msxml4.dll,SourceCabKey=msxml4.dll.246EB7AD_459A_4FA8_83D1_4

1A46D7634B7,DestName=msxml4.dll,Attributes=512,FileSize=1245696,PerTick=32768,,Ve

rifyMedia=1,,,,,CheckCRC=0,Version=4.20.9841.0,Language=0,InstallMode=58982400,,,

,,,,)

MSI (s) (90:30) [00:51:03:125]: File: c:\WINDOWS\system32\msxml4.dll; Overwrite; Won't patch; Existing file is a lower version

MSI (s) (90:30) [00:51:03:125]: Source for file 'msxml4.dll.246EB7AD_459A_4FA8_83D1_41A46D7634B7' is compressed

MSI (s) (90:30) [00:51:03:125]: Re-applying security from existing file.

MSI (s) (90:30) [00:51:03:125]: Verifying accessibility of file: msxml4.dll

MSI (s) (90:30) [00:51:03:140]: SOFTWARE RESTRICTION POLICY: Verifying object --> 'c:\WINDOWS\Installer\13405d2.msi' against software restriction policy

MSI (s) (90:30) [00:51:03:140]: SOFTWARE RESTRICTION POLICY: c:\WINDOWS\Installer\13405d2.msi has a digital signature

MSI (s) (90:30) [00:51:03:218]: SOFTWARE RESTRICTION POLICY: c:\WINDOWS\Installer\13405d2.msi is permitted to run at the 'unrestricted' authorization level.

MSI (s) (90:30) [00:51:03:218]: Note: 1: 2318 2: c:\WINDOWS\system32\msxml4.dll

MSI (s) (90:30) [00:51:03:218]: Note: 1: 2360

MSI (s) (90:30) [00:51:03:234]: Note: 1: 2360

MSI (s) (90:30) [00:51:03:250]: Note: 1: 2360

MSI (s) (90:30) [00:51:03:265]: Note: 1: 2360

MSI (s) (90:30) [00:51:03:281]: Executing op: FileCopy(SourceName=msxml4r.dll,SourceCabKey=msxml4r.dll.246EB7AD_459A_4FA8_83D1

_41A46D7634B7,DestName=msxml4r.dll,Attributes=512,FileSize=82432,PerTick=32768,,V

erifyMedia=1,,,,,CheckCRC=0,Version=4.10.9404.0,Language=1033,InstallMode=5898240

0,,,,,,,)

MSI (s) (90:30) [00:51:03:281]: File: c:\WINDOWS\system32\msxml4r.dll; Won't Overwrite; Won't patch; Existing file is of an equal version

MSI (s) (90:30) [00:51:03:281]: Executing op: SetTargetFolder(Folder=c:\WINDOWS\winsxs\Manifests\)

MSI (s) (90:30) [00:51:03:281]: Executing op: SetSourceFolder(Folder=1\Windows\winsxs\manifest\|Windows\winsxs\Manifests\)

MSI (s) (90:30) [00:51:03:281]: Executing op: FileCopy(SourceName=xl34x2va.rt8|x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841

.0_x-ww_18171213.manifest,SourceCabKey=manifest.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537,

DestName=x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213.manifest,,FileSize=3973,PerTick=32768,,VerifyMedia=1,ElevateFlags=4,

,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-85909274,HashPart2=-393638470,HashPart3=495071453,HashPart4=945762879,,)

MSI (s) (90:30) [00:51:03:281]: File: c:\WINDOWS\winsxs\Manifests\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213.manifest; To be installed; Won't patch; No existing file

MSI (s) (90:30) [00:51:03:281]: Source for file 'manifest.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537' is compressed

MSI (s) (90:30) [00:51:03:281]: Note: 1: 2318 2: c:\WINDOWS\winsxs\Manifests\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213.manifest

MSI (s) (90:30) [00:51:03:296]: Executing op: FileCopy(SourceName=yl34x2va.rt8|x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841

.0_x-ww_18171213.cat,SourceCabKey=catalog.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537,DestNa

me=x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213.cat,,FileSize=8347,PerTick=32768,,VerifyMedia=1,ElevateFlags=4,,,,Ch

eckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-1679697816,HashPart2=1808584787,HashPart3=1425912084,HashPart4=629236904,,)

MSI (s) (90:30) [00:51:03:296]: File: c:\WINDOWS\winsxs\Manifests\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213.cat; To be installed; Won't patch; No existing file

MSI (s) (90:30) [00:51:03:296]: Source for file 'catalog.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537' is compressed

MSI (s) (90:30) [00:51:03:296]: Note: 1: 2318 2: c:\WINDOWS\winsxs\Manifests\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213.cat

MSI (s) (90:30) [00:51:03:312]: Executing op: SetTargetFolder(Folder=c:\WINDOWS\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\)

MSI (s) (90:30) [00:51:03:312]: Executing op: SetSourceFolder(Folder=1\Windows\winsxs\tl34x2va.rt8\)

MSI (s) (90:30) [00:51:03:312]: Executing op: FileCopy(SourceName=1m34x2va.rt8|msxml4.dll,SourceCabKey=msxml4.dll.7B2FCEFF_0F2

2_B7E1_FF6B_D6B9ABF34537,DestName=msxml4.dll,,FileSize=1245696,PerTick=32768,,Ver

ifyMedia=1,ElevateFlags=4,,,,CheckCRC=0,Version=4.20.9841.0,Language=0,InstallMod

e=58982400,,,,,,,)

MSI (s) (90:30) [00:51:03:312]: File: c:\WINDOWS\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\msxml4.dll; To be installed; Won't patch; No existing file

MSI (s) (90:30) [00:51:03:312]: Source for file 'msxml4.dll.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537' is compressed

MSI (s) (90:30) [00:51:03:312]: Note: 1: 2318 2: c:\WINDOWS\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\msxml4.dll

MSI (s) (90:30) [00:51:03:312]: Note: 1: 2360

MSI (s) (90:30) [00:51:03:328]: Note: 1: 2360

MSI (s) (90:30) [00:51:03:343]: Note: 1: 2360

MSI (s) (90:30) [00:51:03:359]: Note: 1: 2360

MSI (s) (90:30) [00:51:03:359]: Executing op: SetTargetFolder(Folder=c:\WINDOWS\winsxs\Manifests\)

MSI (s) (90:30) [00:51:03:359]: Executing op: SetSourceFolder(Folder=1\Windows\winsxs\manifest\|Windows\winsxs\Manifests\)

MSI (s) (90:30) [00:51:03:359]: Executing op: FileCopy(SourceName=9n0mtfut.k85|x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_

x-ww_29c3ad6a.manifest,SourceCabKey=manifest.DA6654F6_456F_3658_FF6B_D6B9ABF34537,

DestName=x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a.manifest,,FileSize=500,PerTick=32768,,VerifyMedia=1,ElevateFlags=4,,

,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-707213148,HashPart2=1938794768,HashPart3=-933075776,HashPart4=-843550219,,)

MSI (s) (90:30) [00:51:03:359]: File: c:\WINDOWS\winsxs\Manifests\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a.manifest; Won't Overwrite; Won't patch; Existing file is unversioned and unmodified - hash matches source file

MSI (s) (90:30) [00:51:03:359]: Executing op: FileCopy(SourceName=an0mtfut.k85|x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_

x-ww_29c3ad6a.cat,SourceCabKey=catalog.DA6654F6_456F_3658_FF6B_D6B9ABF34537,DestNa

me=x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a.cat,,FileSize=8349,PerTick=32768,,VerifyMedia=1,ElevateFlags=4,,,,Ch

eckCRC=0,,,InstallMode=58982400,HashOptions=0,HashPart1=-1336197992,HashPart2=-627824155,HashPart3=82633343,HashPart4=1105156543,,)

MSI (s) (90:30) [00:51:03:375]: File: c:\WINDOWS\winsxs\Manifests\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a.cat; Overwrite; Won't patch; Existing file is unversioned and unmodified - hash doesn't match source file

MSI (s) (90:30) [00:51:03:375]: Source for file 'catalog.DA6654F6_456F_3658_FF6B_D6B9ABF34537' is compressed

MSI (s) (90:30) [00:51:03:375]: Re-applying security from existing file.

MSI (s) (90:30) [00:51:03:453]: Verifying accessibility of file: x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a.cat

MSI (s) (90:30) [00:51:03:484]: Note: 1: 2318 2: c:\WINDOWS\winsxs\Manifests\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a.cat

MSI (s) (90:30) [00:51:03:531]: Executing op: SetTargetFolder(Folder=c:\WINDOWS\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\)

MSI (s) (90:30) [00:51:03:531]: Executing op: SetSourceFolder(Folder=1\Windows\winsxs\5n0mtfut.k85\)

MSI (s) (90:30) [00:51:03:531]: Executing op: FileCopy(SourceName=dn0mtfut.k85|msxml4r.dll,SourceCabKey=msxml4r.dll.DA6654F6_4

56F_3658_FF6B_D6B9ABF34537,DestName=msxml4r.dll,,FileSize=82432,PerTick=32768,,Ve

rifyMedia=1,ElevateFlags=4,,,,CheckCRC=0,Version=4.10.9404.0,Language=1033,Instal

lMode=58982400,,,,,,,)

MSI (s) (90:30) [00:51:03:531]: File: c:\WINDOWS\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll; Won't Overwrite; Won't patch; Existing file is of an equal version

MSI (s) (90:30) [00:51:03:531]: Executing op: SetTargetFolder(Folder=c:\WINDOWS\winsxs\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8\)

MSI (s) (90:30) [00:51:03:531]: Executing op: SetSourceFolder(Folder=1\Windows\winsxs\Policies\i0r1wg7y.dqe\)

MSI (s) (90:30) [00:51:03:531]: Executing op: FileCopy(SourceName=l0r1wg7y.dqe|4.20.9841.0.policy,SourceCabKey=manifest.0E9F98

FC_A692_A6DF_FF6B_D6B9ABF34537,DestName=4.20.9841.0.policy,,FileSize=652,PerTick=

32768,,VerifyMedia=1,ElevateFlags=4,,,,CheckCRC=0,,,InstallMode=58982400,HashOpti

ons=0,HashPart1=49613189,HashPart2=1139053242,HashPart3=-1699064514,HashPart4=-854272932,,)

MSI (s) (90:30) [00:51:03:531]: File: c:\WINDOWS\winsxs\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8\4.20.9841.0.policy; To be installed; Won't patch; No existing file

MSI (s) (90:30) [00:51:03:531]: Source for file 'manifest.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537' is compressed

MSI (s) (90:30) [00:51:03:531]: Note: 1: 2318 2: c:\WINDOWS\winsxs\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8\4.20.9841.0.policy

MSI (s) (90:30) [00:51:03:531]: Executing op: FileCopy(SourceName=m0r1wg7y.dqe|4.20.9841.0.cat,SourceCabKey=catalog.0E9F98FC_A

692_A6DF_FF6B_D6B9ABF34537,DestName=4.20.9841.0.cat,,FileSize=8359,PerTick=32768,

,VerifyMedia=1,ElevateFlags=4,,,,CheckCRC=0,,,InstallMode=58982400,HashOptions=0,

HashPart1=-861819424,HashPart2=1423527147,HashPart3=-1146259424,HashPart4=2040409349,,)

MSI (s) (90:30) [00:51:03:531]: File: c:\WINDOWS\winsxs\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8\4.20.9841.0.cat; To be installed; Won't patch; No existing file

MSI (s) (90:30) [00:51:03:531]: Source for file 'catalog.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537' is compressed

MSI (s) (90:30) [00:51:03:531]: Note: 1: 2318 2: c:\WINDOWS\winsxs\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8\4.20.9841.0.cat

MSI (s) (90:30) [00:51:03:546]: Executing op: ChangeMedia(,MediaPrompt=Please insert the disk: ,MediaCabinet=XML_SDK.cab,BytesPerTick=32768,CopierType=2,ModuleFileName=c:\WINDOWS\Installer\13405d2.msi,,,,,IsFirstPhysicalMedia=1)

MSI (s) (90:30) [00:51:03:546]: Executing op: CacheSizeFlush(,)

MSI (s) (90:30) [00:51:03:546]: Executing op: InstallProtectedFiles(AllowUI=0)

MSI (s) (90:30) [00:51:03:546]: Executing op: ActionStart(Name=WriteRegistryValues,Description=Writing system registry values,Template=Key: [1], Name: [2], Value: [3])

MSI (s) (90:30) [00:51:03:546]: Executing op: ProgressTotal(Total=112,Type=1,ByteEquivalent=13200)

MSI (s) (90:30) [00:51:03:546]: Executing op: RegOpenKey(,Key=CLSID\{88D969C0-F192-11D4-A65F-0040963251E5},,BinaryType=0)

MSI (s) (90:30) [00:51:03:546]: Executing op: RegAddValue(,Value=XML DOM Document 4.0,)

MSI (s) (90:30) [00:51:03:546]: Executing op: RegOpenKey(,Key=CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InProcServer32,,BinaryType=0)

MSI (s) (90:30) [00:51:03:546]: Executing op: RegAddValue(,Value=c:\WINDOWS\system32\msxml4.dll,)

MSI (s) (90:30) [00:51:03:546]: Executing op: RegAddValue(Name=ThreadingModel,Value=Both,)

MSI (s) (90:30) [00:51:03:546]: Executing op: RegOpenKey(,Key=Msxml2.DOMDocument.4.0,,BinaryType=0)

MSI (s) (90:30) [00:51:03:546]: Executing op: RegAddValue(,Value=XML DOM Document 4.0,)

MSI (s) (90:30) [00:51:03:546]: Executing op: RegOpenKey(,Key=CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\ProgID,,BinaryType=0)

MSI (s) (90:30) [00:51:03:546]: Executing op: RegAddValue(,Value=Msxml2.DOMDocument.4.0,)

MSI (s) (90:30) [00:51:03:546]: Executing op: RegOpenKey(,Key=CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\Version,,BinaryType=0)

MSI (s) (90:30) [00:51:03:546]: Executing op: RegAddValue(,Value=4.0,)

MSI (s) (90:30) [00:51:03:546]: Executing op: RegOpenKey(,Key=CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\TypeLib,,BinaryType=0)

MSI (s) (90:30) [00:51:03:546]: Executing op: RegAddValue(,Value={F5078F18-C551-11D3-89B9-0000F81FE221},)

MSI (s) (90:30) [00:51:03:546]: Executing op: RegOpenKey(,Key=Msxml2.DOMDocument.4.0\CLSID,,BinaryType=0)

MSI (s) (90:30) [00:51:03:546]: Executing op: RegAddValue(,Value={88D969C0-F192-11D4-A65F-0040963251E5},)

MSI (s) (90:30) [00:51:03:546]: Executing op: RegOpenKey(,Key=CLSID\{88D969C1-F192-11D4-A65F-0040963251E5},,BinaryType=0)

MSI (s) (90:30) [00:51:03:546]: Executing op: RegAddValue(,Value=Free Threaded XML DOM Document 4.0,)

MSI (s) (90:30) [00:51:03:546]: Executing op: RegOpenKey(,Key=CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InProcServer32,,BinaryType=0)

MSI (s) (90:30) [00:51:03:546]: Executing op: RegAddValue(,Value=c:\WINDOWS\system32\msxml4.dll,)

MSI (s) (90:30) [00:51:03:546]: Executing op: RegAddValue(Name=ThreadingModel,Value=Both,)

MSI (s) (90:30) [00:51:03:546]: Executing op: RegOpenKey(,Key=Msxml2.FreeThreadedDOMDocument.4.0,,BinaryType=0)

MSI (s) (90:30) [00:51:03:546]: Executing op: RegAddValue(,Value=Free Threaded XML DOM Document 4.0,)

MSI (s) (90:30) [00:51:03:546]: Executing op: RegOpenKey(,Key=CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\ProgID,,BinaryType=0)

MSI (s) (90:30) [00:51:03:546]: Executing op: RegAddValue(,Value=Msxml2.FreeThreadedDOMDocument.4.0,)

MSI (s) (90:30) [00:51:03:546]: Executing op: RegOpenKey(,Key=CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\Version,,BinaryType=0)

MSI (s) (90:30) [00:51:03:546]: Executing op: RegAddValue(,Value=4.0,)

MSI (s) (90:30) [00:51:03:546]: Executing op: RegOpenKey(,Key=CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\TypeLib,,BinaryType=0)

MSI (s) (90:30) [00:51:03:546]: Executing op: RegAddValue(,Value={F5078F18-C551-11D3-89B9-0000F81FE221},)

MSI (s) (90:30) [00:51:03:546]: Executing op: RegOpenKey(,Key=Msxml2.FreeThreadedDOMDocument.4.0\CLSID,,BinaryType=0)

MSI (s) (90:30) [00:51:03:546]: Executing op: RegAddValue(,Value={88D969C1-F192-11D4-A65F-0040963251E5},)

MSI (s) (90:30) [00:51:03:546]: Executing op: RegOpenKey(,Key=CLSID\{88D969C4-F192-11D4-A65F-0040963251E5},,BinaryType=0)

MSI (s) (90:30) [00:51:03:546]: Executing op: RegAddValue(,Value=XML Data Source Object 4.0,)

MSI (s) (90:30) [00:51:03:546]: Executing op: RegOpenKey(,Key=CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InProcServer32,,BinaryType=0)

MSI (s) (90:30) [00:51:03:546]: Executing op: RegAddValue(,Value=c:\WINDOWS\system32\msxml4.dll,)

MSI (s) (90:30) [00:51:03:546]: Executing op: RegAddValue(Name=ThreadingModel,Value=Apartment,)

MSI (s) (90:30) [00:51:03:546]: Executing op: RegOpenKey(,Key=Msxml2.DSOControl.4.0,,BinaryType=0)

MSI (s) (90:30) [00:51:03:546]: Executing op: RegAddValue(,Value=XML Data Source Object 4.0,)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegOpenKey(,Key=CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\ProgID,,BinaryType=0)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegAddValue(,Value=Msxml2.DSOControl.4.0,)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegOpenKey(,Key=CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\Version,,BinaryType=0)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegAddValue(,Value=4.0,)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegOpenKey(,Key=CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\TypeLib,,BinaryType=0)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegAddValue(,Value={F5078F18-C551-11D3-89B9-0000F81FE221},)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegOpenKey(,Key=Msxml2.DSOControl.4.0\CLSID,,BinaryType=0)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegAddValue(,Value={88D969C4-F192-11D4-A65F-0040963251E5},)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegOpenKey(,Key=CLSID\{88D969C5-F192-11D4-A65F-0040963251E5},,BinaryType=0)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegAddValue(,Value=XML HTTP 4.0,)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegOpenKey(,Key=CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InProcServer32,,BinaryType=0)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegAddValue(,Value=c:\WINDOWS\system32\msxml4.dll,)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegAddValue(Name=ThreadingModel,Value=Apartment,)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegOpenKey(,Key=Msxml2.XMLHTTP.4.0,,BinaryType=0)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegAddValue(,Value=XML HTTP 4.0,)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegOpenKey(,Key=CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\ProgID,,BinaryType=0)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegAddValue(,Value=Msxml2.XMLHTTP.4.0,)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegOpenKey(,Key=CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\Version,,BinaryType=0)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegAddValue(,Value=4.0,)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegOpenKey(,Key=CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\TypeLib,,BinaryType=0)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegAddValue(,Value={F5078F18-C551-11D3-89B9-0000F81FE221},)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegOpenKey(,Key=Msxml2.XMLHTTP.4.0\CLSID,,BinaryType=0)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegAddValue(,Value={88D969C5-F192-11D4-A65F-0040963251E5},)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegOpenKey(,Key=CLSID\{88D969C6-F192-11D4-A65F-0040963251E5},,BinaryType=0)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegAddValue(,Value=Server XML HTTP 4.0,)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegOpenKey(,Key=CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InProcServer32,,BinaryType=0)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegAddValue(,Value=c:\WINDOWS\system32\msxml4.dll,)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegAddValue(Name=ThreadingModel,Value=Apartment,)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegOpenKey(,Key=Msxml2.ServerXMLHTTP.4.0,,BinaryType=0)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegAddValue(,Value=Server XML HTTP 4.0,)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegOpenKey(,Key=CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\ProgID,,BinaryType=0)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegAddValue(,Value=Msxml2.ServerXMLHTTP.4.0,)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegOpenKey(,Key=CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\Version,,BinaryType=0)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegAddValue(,Value=4.0,)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegOpenKey(,Key=CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\TypeLib,,BinaryType=0)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegAddValue(,Value={F5078F18-C551-11D3-89B9-0000F81FE221},)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegOpenKey(,Key=Msxml2.ServerXMLHTTP.4.0\CLSID,,BinaryType=0)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegAddValue(,Value={88D969C6-F192-11D4-A65F-0040963251E5},)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegOpenKey(,Key=CLSID\{88D969C2-F192-11D4-A65F-0040963251E5},,BinaryType=0)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegAddValue(,Value=XML Schema Cache 4.0,)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegOpenKey(,Key=CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InProcServer32,,BinaryType=0)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegAddValue(,Value=c:\WINDOWS\system32\msxml4.dll,)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegAddValue(Name=ThreadingModel,Value=Both,)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegOpenKey(,Key=Msxml2.XMLSchemaCache.4.0,,BinaryType=0)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegAddValue(,Value=XML Schema Cache 4.0,)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegOpenKey(,Key=CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\ProgID,,BinaryType=0)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegAddValue(,Value=Msxml2.XMLSchemaCache.4.0,)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegOpenKey(,Key=CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\Version,,BinaryType=0)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegAddValue(,Value=4.0,)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegOpenKey(,Key=Msxml2.XMLSchemaCache.4.0\CLSID,,BinaryType=0)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegAddValue(,Value={88D969C2-F192-11D4-A65F-0040963251E5},)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegOpenKey(,Key=CLSID\{88D969C3-F192-11D4-A65F-0040963251E5},,BinaryType=0)

MSI (s) (90:30) [00:51:03:562]: Executing op: RegAddValue(,Value=XSL Template 4.0,)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegOpenKey(,Key=CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InProcServer32,,BinaryType=0)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegAddValue(,Value=c:\WINDOWS\system32\msxml4.dll,)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegAddValue(Name=ThreadingModel,Value=Both,)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegOpenKey(,Key=Msxml2.XSLTemplate.4.0,,BinaryType=0)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegAddValue(,Value=XSL Template 4.0,)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegOpenKey(,Key=CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\ProgID,,BinaryType=0)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegAddValue(,Value=Msxml2.XSLTemplate.4.0,)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegOpenKey(,Key=CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\Version,,BinaryType=0)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegAddValue(,Value=4.0,)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegOpenKey(,Key=Msxml2.XSLTemplate.4.0\CLSID,,BinaryType=0)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegAddValue(,Value={88D969C3-F192-11D4-A65F-0040963251E5},)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegOpenKey(,Key=CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F},,BinaryType=0)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegAddValue(,Value=SAX XML Reader 4.0,)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegOpenKey(,Key=CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InProcServer32,,BinaryType=0)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegAddValue(,Value=c:\WINDOWS\system32\msxml4.dll,)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegAddValue(Name=ThreadingModel,Value=Both,)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegOpenKey(,Key=Msxml2.SAXXMLReader.4.0,,BinaryType=0)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegAddValue(,Value=SAX XML Reader 4.0,)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegOpenKey(,Key=CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\ProgID,,BinaryType=0)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegAddValue(,Value=Msxml2.SAXXMLReader.4.0,)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegOpenKey(,Key=CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\Version,,BinaryType=0)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegAddValue(,Value=4.0,)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegOpenKey(,Key=Msxml2.SAXXMLReader.4.0\CLSID,,BinaryType=0)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegAddValue(,Value={7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F},)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegOpenKey(,Key=CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136},,BinaryType=0)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegAddValue(,Value=MX XML Reader 4.0,)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegOpenKey(,Key=CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InProcServer32,,BinaryType=0)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegAddValue(,Value=c:\WINDOWS\system32\msxml4.dll,)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegAddValue(Name=ThreadingModel,Value=Both,)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegOpenKey(,Key=CLSID\{88D969C8-F192-11D4-A65F-0040963251E5},,BinaryType=0)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegAddValue(,Value=MXXMLWriter 4.0,)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegOpenKey(,Key=CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InProcServer32,,BinaryType=0)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegAddValue(,Value=c:\WINDOWS\system32\msxml4.dll,)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegAddValue(Name=ThreadingModel,Value=Both,)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegOpenKey(,Key=Msxml2.MXXMLWriter.4.0,,BinaryType=0)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegAddValue(,Value=MXXMLWriter 4.0,)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegOpenKey(,Key=CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\ProgID,,BinaryType=0)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegAddValue(,Value=Msxml2.MXXMLWriter.4.0,)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegOpenKey(,Key=CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\Version,,BinaryType=0)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegAddValue(,Value=4.0,)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegOpenKey(,Key=Msxml2.MXXMLWriter.4.0\CLSID,,BinaryType=0)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegAddValue(,Value={88D969C8-F192-11D4-A65F-0040963251E5},)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegOpenKey(,Key=CLSID\{88D969C9-F192-11D4-A65F-0040963251E5},,BinaryType=0)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegAddValue(,Value=MXHTMLWriter 4.0,)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegOpenKey(,Key=CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InProcServer32,,BinaryType=0)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegAddValue(,Value=c:\WINDOWS\system32\msxml4.dll,)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegAddValue(Name=ThreadingModel,Value=Both,)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegOpenKey(,Key=Msxml2.MXHTMLWriter.4.0,,BinaryType=0)

MSI (s) (90:30) [00:51:03:578]: Executing op: RegAddValue(,Value=MXHTMLWriter 4.0,)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegOpenKey(,Key=CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\ProgID,,BinaryType=0)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegAddValue(,Value=Msxml2.MXHTMLWriter.4.0,)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegOpenKey(,Key=CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\Version,,BinaryType=0)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegAddValue(,Value=4.0,)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegOpenKey(,Key=Msxml2.MXHTMLWriter.4.0\CLSID,,BinaryType=0)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegAddValue(,Value={88D969C9-F192-11D4-A65F-0040963251E5},)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegOpenKey(,Key=CLSID\{88D969CA-F192-11D4-A65F-0040963251E5},,BinaryType=0)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegAddValue(,Value=SAXAttributes 4.0,)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegOpenKey(,Key=CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InProcServer32,,BinaryType=0)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegAddValue(,Value=c:\WINDOWS\system32\msxml4.dll,)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegAddValue(Name=ThreadingModel,Value=Both,)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegOpenKey(,Key=Msxml2.SAXAttributes.4.0,,BinaryType=0)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegAddValue(,Value=SAXAttributes 4.0,)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegOpenKey(,Key=CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\ProgID,,BinaryType=0)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegAddValue(,Value=Msxml2.SAXAttributes.4.0,)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegOpenKey(,Key=CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\Version,,BinaryType=0)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegAddValue(,Value=4.0,)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegOpenKey(,Key=Msxml2.SAXAttributes.4.0\CLSID,,BinaryType=0)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegAddValue(,Value={88D969CA-F192-11D4-A65F-0040963251E5},)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegOpenKey(,Key=CLSID\{88D969D6-F192-11D4-A65F-0040963251E5},,BinaryType=0)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegAddValue(,Value=MXNamespaceManager 4.0,)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegOpenKey(,Key=CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InProcServer32,,BinaryType=0)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegAddValue(,Value=c:\WINDOWS\system32\msxml4.dll,)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegAddValue(Name=ThreadingModel,Value=Both,)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegOpenKey(,Key=Msxml2.MXNamespaceManager.4.0,,BinaryType=0)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegAddValue(,Value=MXNamespaceManager 4.0,)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegOpenKey(,Key=CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\ProgID,,BinaryType=0)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegAddValue(,Value=Msxml2.MXNamespaceManager.4.0,)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegOpenKey(,Key=CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\Version,,BinaryType=0)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegAddValue(,Value=4.0,)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegOpenKey(,Key=Msxml2.MXNamespaceManager.4.0\CLSID,,BinaryType=0)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegAddValue(,Value={88D969D6-F192-11D4-A65F-0040963251E5},)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegOpenKey(Root=-2147483646,Key=Software\Microsoft\Updates\MSXML4SP2\Q927978,,BinaryType=0)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegAddValue(Name=Description,Value=FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2,)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegAddValue(Name=InstalledDate,Value=09/01/2007,)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegAddValue(Name=InstalledBy,Value=MARIE-ALICE,)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegAddValue(Name=IsInstalled,Value=#1,)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegAddValue(Name=ServicePack,Value=#1,)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Classes\TypeLib\{F5078F18-C551-11D3-89B9-0000F81FE221}\4.0,,BinaryType=0)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegAddValue(,Value=Microsoft XML, v4.0,)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Classes\TypeLib\{F5078F18-C551-11D3-89B9-0000F81FE221}\4.0\0,,BinaryType=0)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegAddValue(,,)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Classes\TypeLib\{F5078F18-C551-11D3-89B9-0000F81FE221}\4.0\0\win32,,BinaryType=0)

MSI (s) (90:30) [00:51:03:593]: Executing op: RegAddValue(,Value=c:\WINDOWS\system32\msxml4.dll,)

MSI (s) (90:30) [00:51:03:609]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Classes\TypeLib\{F5078F18-C551-11D3-89B9-0000F81FE221}\4.0\FLAGS,,BinaryType=0)

MSI (s) (90:30) [00:51:03:609]: Executing op: RegAddValue(,Value=0,)

MSI (s) (90:30) [00:51:03:609]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Classes\TypeLib\{F5078F18-C551-11D3-89B9-0000F81FE221}\4.0\HELPDIR,,BinaryType=0)

MSI (s) (90:30) [00:51:03:609]: Executing op: RegAddValue(,,)

MSI (s) (90:30) [00:51:03:609]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\downlevel_payload,,BinaryType=0)

MSI (s) (90:30) [00:51:03:609]: Executing op: RegAddValue(,,)

MSI (s) (90:30) [00:51:03:609]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\downlevel_manifest,,BinaryType=0)

MSI (s) (90:30) [00:51:03:609]: Executing op: RegAddValue(,,)

MSI (s) (90:30) [00:51:03:609]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\downlevel_payload,,BinaryType=0)

MSI (s) (90:30) [00:51:03:609]: Executing op: RegAddValue(,,)

MSI (s) (90:30) [00:51:03:609]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\downlevel_manifest,,BinaryType=0)

MSI (s) (90:30) [00:51:03:609]: Executing op: RegAddValue(,,)

MSI (s) (90:30) [00:51:03:609]: Executing op: RegOpenKey(Root=-2147483646,Key=SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_ff05e224\downlevel_manifest,,BinaryType=0)

MSI (s) (90:30) [00:51:03:609]: Executing op: RegAddValue(,,)

MSI (s) (90:30) [00:51:03:609]: Executing op: RegOpenKey(Root=-2147483646,Key=Software\Microsoft\Windows\CurrentVersion\SideBySide\PatchedComponents,,BinaryType=0)

MSI (s) (90:30) [00:51:03:609]: Executing op: RegAddValue(Name={7B2FCEFF-0F22-B7E1-C06B-D6B9ABF34537},Value=c:\WINDOWS\winsxs\Manifests\\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213.manifest[~]{7B2FCEFF-0F22-B7E1-C06B-D6B9ABF34537}[~]c:\WINDOWS\winsxs\Manifests\\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213.cat[~]{7B2FCEFF-0F22-B7E1-C06B-D6B9ABF34537}[~]c:\WINDOWS\winsxs\Manifests\[~]{7B2FCEFF-0F22-B7E1-C06B-D6B9ABF34537},)

MSI (s) (90:30) [00:51:03:609]: Executing op: RegAddValue(Name={7B2FCEFF-0F22-B7E1-B06B-D6B9ABF34537},Value=c:\WINDOWS\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\\msxml4.dll[~]{7B2FCEFF-0F22-B7E1-B06B-D6B9ABF34537}[~]c:\WINDOWS\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\[~]{7B2FCEFF-0F22-B7E1-B06B-D6B9ABF34537},)

MSI (s) (90:30) [00:51:03:609]: Executing op: RegAddValue(Name={DA6654F6-456F-3658-C06B-D6B9ABF34537},Value=c:\WINDOWS\winsxs\Manifests\\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a.manifest[~]{DA6654F6-456F-3658-C06B-D6B9ABF34537}[~]c:\WINDOWS\winsxs\Manifests\\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a.cat[~]{DA6654F6-456F-3658-C06B-D6B9ABF34537}[~]c:\WINDOWS\winsxs\Manifests\[~]{DA6654F6-456F-3658-C06B-D6B9ABF34537},)

MSI (s) (90:30) [00:51:03:609]: Executing op: RegAddValue(Name={DA6654F6-456F-3658-B06B-D6B9ABF34537},Value=c:\WINDOWS\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\\msxml4r.dll[~]{DA6654F6-456F-3658-B06B-D6B9ABF34537}[~]c:\WINDOWS\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\[~]{DA6654F6-456F-3658-B06B-D6B9ABF34537},)

MSI (s) (90:30) [00:51:03:609]: Executing op: RegAddValue(Name={0E9F98FC-A692-A6DF-C06B-D6B9ABF34537},Value=c:\WINDOWS\winsxs\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8\\4.20.9841.0.policy[~]{0E9F98FC-A692-A6DF-C06B-D6B9ABF34537}[~]c:\WINDOWS\winsxs\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8\\4.20.9841.0.cat[~]{0E9F98FC-A692-A6DF-C06B-D6B9ABF34537}[~]c:\WINDOWS\winsxs\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8\[~]{0E9F98FC-A692-A6DF-C06B-D6B9ABF34537},)

MSI (s) (90:30) [00:51:03:609]: Executing op: ActionStart(Name=RegisterTypeLibraries,Description=Registering type libraries,Template=LibID: [1])

MSI (s) (90:30) [00:51:03:609]: Executing op: TypeLibraryRegister(,,FilePath=c:\WINDOWS\system32\msxml4.dll,LibID={F5078F18-C551-11D3-89B9-0000F81FE221},Version=1024,,Language=0,,BinaryType=0,IgnoreRegistrationFailure=0

)

MSI (s) (90:30) [00:51:03:609]: QueryPathOfRegTypeLib returned 0 in local context. Path is 'c:\WINDOWS\system32\msxml4.dll'

MSI (s) (90:30) [00:51:03:609]: Note: 1: 1402 2: UNKNOWN\TypeLib\{F5078F18-C551-11D3-89B9-0000F81FE221}\400.0\0\win32 3: 2

MSI (s) (90:30) [00:51:03:609]: CMsiServices::ProcessTypeLibrary runs in local context, not impersonated.

MSI (s) (90:30) [00:51:03:765]: ProcessTypeLibraryCore returns: 0. (0 means OK)

MSI (s) (90:30) [00:51:03:765]: CMsiServices::ProcessTypeLibrary runs in local context, not impersonated.

MSI (s) (90:30) [00:51:03:765]: ProcessTypeLibraryCore returns: 0. (0 means OK)

MSI (s) (90:30) [00:51:03:765]: Executing op: ActionStart(Name=RegisterUser,Description=Registering user,Template=[1])

MSI (s) (90:30) [00:51:03:765]: Executing op: UserRegister(Owner=MARIE-ALICE,,ProductId=none)

MSI (s) (90:30) [00:51:03:781]: Executing op: ActionStart(Name=RegisterProduct,Description=Registering product,Template=[1])

MSI (s) (90:30) [00:51:03:781]: Executing op: ChangeMedia(,MediaPrompt=Please insert the disk: ,MediaCabinet=XML_Core.cab,BytesPerTick=0,CopierType=2,ModuleFileName=c:\WINDOWS\Installer\13405d2.msi,,,,,IsFirstPhysicalMedia=1)

MSI (s) (90:30) [00:51:03:781]: Executing op: DatabaseCopy(DatabasePath=c:\WINDOWS\Installer\13405d2.msi,ProductCode={37477865-A3F1-4772-AD43-AAFC6BCFF99F},CabinetStreams=XML_Core.cab;XML_SDK.cab,,)

MSI (s) (90:30) [00:51:04:218]: Executing op: ProductRegister(UpgradeCode={7CE723E3-E56B-432C-9F24-78C0606045A5},VersionString=4.20.9841.0,HelpLink=http://support.microsoft.com/kb/927978,,,InstallSource=c:\5c4d5aba6ff8501ed853afe816\,Publisher=Microsoft Corporation,,,,,,,,,,,,EstimatedSize=2625)

MSI (s) (90:30) [00:51:04:250]: Executing op: ProductCPDisplayInfoRegister()

MSI (s) (90:30) [00:51:04:250]: Executing op: ActionStart(Name=PublishFeatures,Description=Publishing Product Features,Template=Feature: [1])

MSI (s) (90:30) [00:51:04:250]: Executing op: FeaturePublish(Feature=MSXML,,Absent=2,Component=MF}e835XRAhvfl[X%h~W(s-UlQ2mt@MgogY-xd{t)

MSI (s) (90:30) [00:51:04:250]: Executing op: FeaturePublish(Feature=MSXMLSYS,Parent=MSXML,Absent=2,Component=V2?0@7$9*=IdbugpYRMX}GHaGLdZ==A&kv@Y~]3iui-r60O)l=Em%pCn7G4))

MSI (s) (90:30) [00:51:04:250]: Executing op: FeaturePublish(Feature=MSXMLSUPP2,Parent=MSXML,Absent=2,Component=?`ZsjqO[%A*`NW3OG&nR)

MSI (s) (90:30) [00:51:04:250]: Executing op: FeaturePublish(Feature=MSXMLSXS,Parent=MSXML,Absent=2,Component=LdCZOHqG+dpWsfdD

E!j5LdCZOHqG+d6XsfdDE!j5LdCZOHqG+d%XsfdDE!j5`DM4olJ_O5pWsfdDE!j5`DM4olJ_O56XsfdDE!j5`DM4olJ_O5%XsfdDE!j5l0Rd'9?m^^pWsfdDE!j5l0Rd'9?m^^6XsfdDE!j5)

MSI (s) (90:30) [00:51:04:265]: Executing op: FeaturePublish(Feature=XMLSDK,,Absent=3,Component=mk`[Q=PRe?RvYBgpXHXc5~{DF_B]-@1_XLnB~RWMMvh8D]u5G@j^sM7=J&oH0G,*i]!a$9uKNVM3Kykc)

MSI (s) (90:30) [00:51:04:265]: Executing op: ActionStart(Name=PublishProduct,Description=Publishing product information,)

MSI (s) (90:30) [00:51:04:265]: Executing op: IconCreate(Icon=icon.exe,Data=BinaryData)

MSI (s) (90:30) [00:51:04:265]: Executing op: CleanupConfigData()

MSI (s) (90:30) [00:51:04:265]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\568774731F3A2774DA34AACFB6FC9FF9\Patches 3: 2

MSI (s) (90:30) [00:51:04:265]: Executing op: RegisterPatchOrder(Continue=0,SequenceType=1,Remove=0)

MSI (s) (90:30) [00:51:04:265]: Note: 1: 1402 2: UNKNOWN\Products\568774731F3A2774DA34AACFB6FC9FF9\Patches 3: 2

MSI (s) (90:30) [00:51:04:265]: Executing op: ProductPublish(PackageKey={2B27DCD9-53FA-4885-B6CD-698623819F4C})

MSI (s) (90:30) [00:51:04:281]: Note: 1: 1402 2: UNKNOWN\Installer\Products\568774731F3A2774DA34AACFB6FC9FF9 3: 2

MSI (s) (90:30) [00:51:04:281]: Executing op: UpgradeCodePublish(UpgradeCode={7CE723E3-E56B-432C-9F24-78C0606045A5})

MSI (s) (90:30) [00:51:04:281]: Executing op: SourceListPublish(,,,,NumberOfDisks=2)

MSI (s) (90:30) [00:51:04:281]: Note: 1: 1402 2: UNKNOWN\Installer\Products\568774731F3A2774DA34AACFB6FC9FF9\SourceList 3: 2

MSI (s) (90:30) [00:51:04:281]: Executing op: ProductPublishClient(,,)

MSI (s) (90:30) [00:51:04:281]: Executing op: SourceListRegisterLastUsed(SourceProduct={37477865-A3F1-4772-AD43-AAFC6BCFF99F},LastUsedSource=c:\5c4d5aba6ff8501ed853afe816\)

MSI (s) (90:30) [00:51:04:281]: Entering CMsiConfigurationManager::SetLastUsedSource.

MSI (s) (90:30) [00:51:04:281]: Specifed source is already in a list.

MSI (s) (90:30) [00:51:04:281]: User policy value 'SearchOrder' is 'nmu'

MSI (s) (90:30) [00:51:04:281]: Machine policy value 'DisableBrowse' is 0

MSI (s) (90:30) [00:51:04:281]: Machine policy value 'AllowLockdownBrowse' is 0

MSI (s) (90:30) [00:51:04:281]: Adding new sources is allowed.

MSI (s) (90:30) [00:51:04:281]: Set LastUsedSource to: c:\5c4d5aba6ff8501ed853afe816\.

MSI (s) (90:30) [00:51:04:281]: Set LastUsedType to: n.

MSI (s) (90:30) [00:51:04:281]: Set LastUsedIndex to: 1.

MSI (s) (90:30) [00:51:04:281]: Executing op: End(Checksum=0,ProgressTotalHDWord=0,ProgressTotalLDWord=4481872)

MSI (s) (90:30) [00:51:04:296]: User policy value 'DisableRollback' is 0

MSI (s) (90:30) [00:51:04:296]: Machine policy value 'DisableRollback' is 0

MSI (s) (90:30) [00:51:04:375]: No System Restore sequence number for this installation.

MSI (s) (90:30) [00:51:04:375]: Unlocking Server

MSI (s) (90:30) [00:51:04:375]: PROPERTY CHANGE: Deleting UpdateStarted property. Its current value is '1'.

MSI (s) (90:30) [00:51:04:375]: Skipping action: SxsUninstallCA (condition is false)

MSI (s) (90:30) [00:51:04:375]: Doing action: RemoveExistingProducts

Action ended 00:51:04: InstallFinalize. Return value 1.

Action start 00:51:04: RemoveExistingProducts.

Action ended 00:51:04: RemoveExistingProducts. Return value 1.

Action ended 00:51:04: INSTALL. Return value 1.

Property(S): ProductName = MSXML 4.0 SP2 (KB927978)

Property(S): ProductCode = {37477865-A3F1-4772-AD43-AAFC6BCFF99F}

Property(S): Manufacturer = Microsoft Corporation

Property(S): ProductVersion = 4.20.9841.0

Property(S): ProductLanguage = 1033

Property(S): BannerBitmap = bannrbmp

Property(S): IAgree = No

Property(S): ProductID = none

Property(S): ARPHELPLINK = http://support.microsoft.com/kb/927978

Property(S): ButtonText_Back = < &Back

Property(S): ButtonText_Browse = Br&owse

Property(S): ButtonText_Cancel = Cancel

Property(S): ButtonText_Exit = &Exit

Property(S): ButtonText_Finish = &Finish

Property(S): ButtonText_Ignore = &Ignore

Property(S): ButtonText_Install = &Install

Property(S): ButtonText_InstallNow = &Install Now

Property(S): ButtonText_Next = &Next >

Property(S): ButtonText_No = &No

Property(S): ButtonText_OK = OK

Property(S): ButtonText_Remove = &Remove

Property(S): ButtonText_Reset = &Reset

Property(S): ButtonText_Resume = &Resume

Property(S): ButtonText_Retry = &Retry

Property(S): ButtonText_Return = &Return

Property(S): ButtonText_Yes = &Yes

Property(S): CompleteSetupIcon = completi

Property(S): CustomSetupIcon = custicon

Property(S): DialogBitmap = dlgbmp

Property(S): DlgTitleFont = {&DlgFontBold8}

Property(S): ExclamationIcon = exclamic

Property(S): InfoIcon = info

Property(S): InstallerIcon = insticon

Property(S): INSTALLLEVEL = 3

Property(S): InstallModeTxt_1 = Custom

Property(S): InstallModeVal = InstallModeTxt_1

Property(S): InstallModeTxt_2 = Complete

Property(S): InstallModeTxt_3 = Server Image

Property(S): InstallModeTxt_4 = Change

Property(S): InstallModeTxt_5 = Repair

Property(S): InstallModeTxt_6 = Remove

Property(S): PIDTemplate = 12345<###-%%%%%%%>@@@@@

Property(S): Progress1Txt_1 = Installing

Property(S): Progress1 = Progress1Txt_1

Property(S): Progress2Txt_1 = installs

Property(S): Progress2 = Progress2Txt_1

Property(S): Progress1Txt_2 = Changing

Property(S): Progress2Txt_2 = changes

Property(S): Progress1Txt_3 = Repairing

Property(S): Progress2Txt_3 = repairs

Property(S): Progress1Txt_4 = Removing

Property(S): Progress2Txt_4 = removes

Property(S): PROMPTROLLBACKCOST = P

Property(S): RemoveIcon = removico

Property(S): RepairIcon = repairic

Property(S): Setup = Setup

Property(S): Wizard = Setup Wizard

Property(S): DefaultUIFont = DlgFont8

Property(S): ErrorDialog = ErrorDlg

Property(S): TARGETDIR = c:\

Property(S): USERNAME = MARIE-ALICE

Property(S): APPS_TEST = 1

Property(S): VersionNT = 501

Property(S): SecureCustomProperties = MSXML4SP2

Property(S): UpgradeCode = {7CE723E3-E56B-432C-9F24-78C0606045A5}

Property(S): ALLUSERS = 1

Property(S): WINHTTP_51 = WinHttpRequest Component version 5.1

Property(S): MSXML = c:\Program Files\MSXML 4.0\

Property(S): SourceDir = c:\5c4d5aba6ff8501ed853afe816\

Property(S): DesktopFolder = c:\Documents and Settings\All Users\Bureau\

Property(S): ProgramFilesFolder = c:\Program Files\

Property(S): ProductState = -1

Property(S): PackageCode = {2B27DCD9-53FA-4885-B6CD-698623819F4C}

Property(S): SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7 = c:\WINDOWS\system32\

Property(S): SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1 = c:\WINDOWS\system32\

Property(S): SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB = c:\WINDOWS\system32\

Property(S): WinSxsDirectory.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\

Property(S): payload_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff\

Property(S): payload.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\

Property(S): WinSxsManifests.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\Manifests\

Property(S): WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 = c:\WINDOWS\

Property(S): SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 = c:\WINDOWS\system32\

Property(S): WinSxsPolicies.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\Policies\

Property(S): policydir.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\Policies\x86_Microsoft.MSXML2_6bd6b9abf345378f_x-ww_b261cf09\

Property(S): policydir_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\

Property(S): WinSxsDirectory.DA6654F6_456F_3658_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\

Property(S): payload_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6\

Property(S): payload.DA6654F6_456F_3658_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\

Property(S): WinSxsManifests.DA6654F6_456F_3658_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\Manifests\

Property(S): WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 = c:\WINDOWS\

Property(S): SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 = c:\WINDOWS\system32\

Property(S): WinSxsPolicies.DA6654F6_456F_3658_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\Policies\

Property(S): policydir.DA6654F6_456F_3658_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\Policies\x86_Microsoft.MSXML2R_6bd6b9abf345378f_x-ww_f529d679\

Property(S): policydir_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\

Property(S): WinSxsDirectory.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\

Property(S): payload_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa692

0e9f98fc\

Property(S): WinSxsPolicies.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\Policies\

Property(S): policydir.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8\

Property(S): WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 = c:\WINDOWS\

Property(S): SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 = c:\WINDOWS\system32\

Property(S): WinSxsManifests.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\Manifests\

Property(S): payload.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_ff05e224\

Property(S): policydir_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 = c:\WINDOWS\winsxs\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_ff05e224\

Property(S): DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901 = c:\Documents and Settings\All Users\Bureau\

Property(S): ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901 = c:\Documents and Settings\All Users\Menu Démarrer\Programmes\

Property(S): MenuMSXML.4576A2F1_959E_4BCA_94A9_596523761901 = c:\Documents and Settings\All Users\Menu Démarrer\Programmes\MSXML 4.0\

Property(S): DOC.4576A2F1_959E_4BCA_94A9_596523761901 = c:\Program Files\MSXML 4.0\doc\

Property(S): LIB.4576A2F1_959E_4BCA_94A9_596523761901 = c:\Program Files\MSXML 4.0\lib\

Property(S): INC.4576A2F1_959E_4BCA_94A9_596523761901 = c:\Program Files\MSXML 4.0\inc\

Property(S): CommonFilesFolder = c:\Program Files\Fichiers communs\

Property(S): MicrosoftShared.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 = c:\Program Files\Fichiers communs\Microsoft Shared\

Property(S): MSDN.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 = c:\Program Files\Fichiers communs\Microsoft Shared\MSDN\

Property(S): Date = 09/01/2007

Property(S): PackagecodeChanging = 1

Property(S): REBOOT = ReallySuppress

Property(S): CURRENTDIRECTORY = c:\5c4d5aba6ff8501ed853afe816

Property(S): CLIENTUILEVEL = 3

Property(S): CLIENTPROCESSID = 1300

Property(S): VersionDatabase = 200

Property(S): VersionMsi = 3.01

Property(S): WindowsBuild = 2600

Property(S): ServicePackLevel = 2

Property(S): ServicePackLevelMinor = 0

Property(S): MsiNTProductType = 1

Property(S): MsiNTSuitePersonal = 1

Property(S): WindowsFolder = c:\WINDOWS\

Property(S): WindowsVolume = c:\

Property(S): SystemFolder = C:\WINDOWS\system32\

Property(S): System16Folder = C:\WINDOWS\system\

Property(S): RemoteAdminTS = 1

Property(S): TempFolder = C:\WINDOWS\TEMP\

Property(S): AppDataFolder = C:\WINDOWS\system32\config\systemprofile\Application Data\

Property(S): FavoritesFolder = C:\WINDOWS\system32\config\systemprofile\Favoris\

Property(S): NetHoodFolder = C:\WINDOWS\system32\config\systemprofile\Voisinage réseau\

Property(S): PersonalFolder = C:\WINDOWS\system32\config\systemprofile\Mes documents\

Property(S): PrintHoodFolder = C:\WINDOWS\system32\config\systemprofile\Voisinage d'impression\

Property(S): RecentFolder = C:\WINDOWS\system32\config\systemprofile\Recent\

Property(S): SendToFolder = C:\WINDOWS\system32\config\systemprofile\SendTo\

Property(S): TemplateFolder = C:\Documents and Settings\All Users\Modèles\

Property(S): CommonAppDataFolder = C:\Documents and Settings\All Users\Application Data\

Property(S): LocalAppDataFolder = C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\

Property(S): MyPicturesFolder = C:\WINDOWS\system32\config\systemprofile\Mes documents\Mes images\

Property(S): AdminToolsFolder = C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Outils d'administration\

Property(S): StartupFolder = C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\

Property(S): ProgramMenuFolder = C:\Documents and Settings\All Users\Menu Démarrer\Programmes\

Property(S): StartMenuFolder = C:\Documents and Settings\All Users\Menu Démarrer\

Property(S): FontsFolder = C:\WINDOWS\Fonts\

Property(S): GPTSupport = 1

Property(S): OLEAdvtSupport = 1

Property(S): ShellAdvtSupport = 1

Property(S): Intel = 6

Property(S): PhysicalMemory = 959

Property(S): VirtualMemory = 1533

Property(S): AdminUser = 1

Property(S): LogonUser = SYSTEM

Property(S): UserSID = S-1-5-18

Property(S): UserLanguageID = 1036

Property(S): ComputerName = ALICE

Property(S): SystemLanguageID = 1036

Property(S): ScreenX = 1024

Property(S): ScreenY = 768

Property(S): CaptionHeight = 26

Property(S): BorderTop = 1

Property(S): BorderSide = 1

Property(S): TextHeight = 16

Property(S): ColorBits = 32

Property(S): TTCSupport = 1

Property(S): Time = 00:51:04

Property(S): MsiNetAssemblySupport = 1.1.4322.2032

Property(S): MsiWin32AssemblySupport = 5.1.2600.2180

Property(S): RedirectedDllSupport = 2

Property(S): Privileged = 1

Property(S): DATABASE = c:\WINDOWS\Installer\13405d2.msi

Property(S): OriginalDatabase = c:\5c4d5aba6ff8501ed853afe816\msxml.msi

Property(S): UILevel = 2

Property(S): ACTION = INSTALL

Property(S): ROOTDRIVE = c:\

Property(S): CostingComplete = 1

Property(S): OutOfDiskSpace = 0

Property(S): OutOfNoRbDiskSpace = 0

Property(S): PrimaryVolumeSpaceAvailable = 0

Property(S): PrimaryVolumeSpaceRequired = 0

Property(S): PrimaryVolumeSpaceRemaining = 0

Property(S): SOURCEDIR = c:\5c4d5aba6ff8501ed853afe816\

Property(S): SourcedirProduct = {37477865-A3F1-4772-AD43-AAFC6BCFF99F}

Property(S): ProductToBeRegistered = 1

MSI (s) (90:30) [00:51:04:421]: Note: 1: 1707

MSI (s) (90:30) [00:51:04:421]: Product: MSXML 4.0 SP2 (KB927978) -- Installation completed successfully.

MSI (s) (90:30) [00:51:04:453]: Cleaning up uninstalled install packages, if any exist

MSI (s) (90:30) [00:51:04:453]: MainEngineThread is returning 0

MSI (s) (90:A0) [00:51:04:562]: Destroying RemoteAPI object.

MSI (s) (90:D8) [00:51:04:562]: Custom Action Manager thread ending.

=== Logging stopped: 09/01/2007 00:51:04 ===

MSI © (14:D4) [00:51:04:562]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1

=== Verbose logging stopped: 09/01/2007 00:51:04 ===

Falkra · le 20 septembre 2008

Bonsoir, et bienvenue.

Messages : 1

Si jamais tu as besoin de quelques infos :

Comment participer à un forum

Retrouver ses messages

F-Secure n'est pas un très bon antivirus. Si tu veux économiser un peu d'argent, il est possible à partir de logiciels gratuits de construire une configuration logicielle de sécurité techniquement plus efficace.

La machine est infectée par plusieurs bestioles.

Clique sur ce lien de navilog1 de IL-MAFIOSO :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistre le fichier sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, navilog1 s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
Laisse-toi guider. Au menu principal, choisis 1 et valide.
(ne fais pas le choix 2,3 ou 4 sans accord)
Cela dure un moment, attends le message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le Bloc-notes va s'ouvrir.
Copie-colle l'intégralité du rapport dans ton prochain post. Referme le bloc note.

Note :

Le rapport est aussi sauvegardé à la racine du disque (fixnavi.txt)

Si ton antivirus se plaint de fichiers de Navilog1, dis lui d'ignorer les fichiers.

pog · le 21 septembre 2008

Merci falkra de bien vouloir m'aider, voici le rapport navilog

Search Navipromo version 3.6.5 commencé le 21/09/2008 à 12:30:19,28

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!

!!! Postez ce rapport sur le forum pour le faire analyser !!!

!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1

Session actuelle : "MICHEL"

Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]

Internet Explorer : 7.0.5730.13

Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***

Favorit

*** Recherche dossiers dans "C:\WINDOWS" ***

*** Recherche dossiers dans "C:\Program Files" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\MICHEL\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\MARIE-~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\PELUCHE\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\PROPRI~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\MICHEL\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\MARIE-~1\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\PELUCHE\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\MICHEL\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\MARIE-~1\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\PELUCHE\menudm~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***

pour + d'infos : http://www.gmer.net

*** Recherche avec GenericNaviSearch ***

!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!

!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\MICHEL\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\MARIE-~1\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\PELUCHE\locals~1\applic~1" *

*** Recherche fichiers ***

*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

*** Module de Recherche complémentaire ***

(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

* Dans "C:\Documents and Settings\MICHEL\locals~1\applic~1" :

aqiec.dat trouvé !

aqiec.exe trouvé !

aqiec_nav.dat trouvé !

aqiec_navps.dat trouvé !

* Dans "C:\DOCUME~1\MARIE-~1\locals~1\applic~1" :

* Dans "C:\DOCUME~1\PELUCHE\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup trouvé !

Certificat Electronic-Group trouvé !

Certificat Montorgueil absent !

Certificat OOO-Favorit trouvé !

Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32\AaIPAJjl.ini2 trouvé ! infection Vundo possible non traitée par cet outil !

C:\WINDOWS\system32\IRtAyyay.ini2 trouvé ! infection Vundo possible non traitée par cet outil !

*** Analyse terminée le 21/09/2008 à 13:05:19,73 ***

Falkra · le 21 septembre 2008

On a encore du boulot :

Double-clique sur le raccourci Navilog1 présent sur le bureau et laisse-toi guider.
Au menu principal, choisis 2 et valide.
Le programme va t'informer qu'il va alors redémarrer ton PC.
Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts.
Appuie sur une touche comme demandé. Le pc va redémarrer.
Au redémarrage de ton PC, choisis ta session habituelle. Attends le message :
*** Nettoyage Termine le ..... ***
Le Bloc-notes va s'ouvrir : sauvegarde le rapport de manière à le retrouver.
Referme le Bloc-notes. Ton bureau va réapparaitre

PS: Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.

Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"

Tape explorer.exe et valide. Cela fera revenir ton bureau.

Note:

Si tu ne trouves pas le rapport, il se nomme cleannavi.txt et se trouve dans C:\

-+------------------

Après ça télécharge Malwarebytes' Anti-Malware (MBAM)

Double clique sur le fichier téléchargé pour lancer le processus d'installation.
Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
Sélectionne "Exécuter un examen rapide"
Clique sur "Rechercher"
L'analyse démarre, le scan est relativement long, c'est normal.
A la fin de l'analyse, un message s'affiche :
L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

NB : Si MBAM te demande à redémarrer, fais-le.

pog · le 21 septembre 2008

Hello falkra

Tout ceci, me semble-t-il ne s'est pas trop mal passé, me semble - t-il.

voici les rapports, d'abord cleanavi, puis malwarebyte.

vundo c'est quoi ??

encore un grand merci

----------------------------------------------------------------------------------------------------

Clean Navipromo version 3.6.5 commencé le 21/09/2008 à 15:00:59,40

Outil exécuté depuis C:\Program Files\navilog1

Session actuelle : "MICHEL"

Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]

Internet Explorer : 7.0.5730.13

Système de fichiers : NTFS

Mode suppression automatique

avec prise en charge résultats Catchme et GNS

Nettoyage exécuté au redémarrage de l'ordinateur

*** fsbl1.txt non trouvé ***

(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *

* Suppression dans "C:\Documents and Settings\MICHEL\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\MARIE-~1\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\PELUCHE\locals~1\applic~1" *

*** Suppression dossiers dans "C:\WINDOWS" ***

*** Suppression dossiers dans "C:\Program Files" ***

*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***

*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\MICHEL\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\MARIE-~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\PELUCHE\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\PROPRI~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\MICHEL\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\MARIE-~1\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\PELUCHE\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\MICHEL\menudm~1\progra~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\MARIE-~1\menudm~1\progra~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\PELUCHE\menudm~1\progra~1" ***

*** Suppression fichiers ***

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !

Nettoyage contenu C:\Documents and Settings\MICHEL\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***

(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :

* Dans "C:\WINDOWS\system32" *

* Dans "C:\Documents and Settings\MICHEL\locals~1\applic~1" *

aqiec.exe trouvé !

Copie aqiec.exe réalisée avec succès !

aqiec.exe supprimé !

aqiec.dat trouvé !

Copie aqiec.dat réalisée avec succès !

aqiec.dat supprimé !

aqiec_nav.dat trouvé !

Copie aqiec_nav.dat réalisée avec succès !

aqiec_nav.dat supprimé !

aqiec_navps.dat trouvé !

Copie aqiec_navps.dat réalisée avec succès !

aqiec_navps.dat supprimé !

C:\WINDOWS\prefetch\aqiec*.pf trouvé !

Copie C:\WINDOWS\prefetch\aqiec*.pf réalisée avec succès !

C:\WINDOWS\prefetch\aqiec*.pf supprimé !

* Dans "C:\DOCUME~1\MARIE-~1\locals~1\applic~1" *

* Dans "C:\DOCUME~1\PELUCHE\locals~1\applic~1" *

*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

*** Certificats ***

Certificat Egroup supprimé !

Certificat Electronic-Group supprimé !

Certificat Montorgueil absent !

Certificat OOO-Favorit supprimé !

Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 21/09/2008 à 15:14:15,15 ***

________________________________________________________________________________

____________

Malwarebytes' Anti-Malware 1.28

Version de la base de données: 1184

Windows 5.1.2600 Service Pack 2

21/09/2008 16:02:01

mbam-log-2008-09-21 (16-01-18).txt

Type de recherche: Examen rapide

Eléments examinés: 60906

Temps écoulé: 31 minute(s), 55 second(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 3

Clé(s) du Registre infectée(s): 16

Valeur(s) du Registre infectée(s): 2

Elément(s) de données du Registre infecté(s): 2

Dossier(s) infecté(s): 4

Fichier(s) infecté(s): 78

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):

C:\WINDOWS\system32\yayyAtRI.dll (Trojan.Vundo.H) -> No action taken.

C:\WINDOWS\system32\vqfxqk.dll (Trojan.Vundo) -> No action taken.

C:\WINDOWS\system32\wvUkJbyx.dll (Trojan.Vundo.H) -> No action taken.

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43f512bc-d43a-424d-8832-ac3d3d93b2ca} (Trojan.Vundo.H) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvukjbyx (Trojan.Vundo.H) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{43f512bc-d43a-424d-8832-ac3d3d93b2ca} (Trojan.Vundo.H) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5c19c580-8264-4a27-bca0-b587eae40805} (Trojan.Vundo.H) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{5c19c580-8264-4a27-bca0-b587eae40805} (Trojan.Vundo.H) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d91fe7d8-703b-4bc9-b629-95f9f03d061c} (Trojan.Vundo.H) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{d91fe7d8-703b-4bc9-b629-95f9f03d061c} (Trojan.Vundo.H) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{43f512bc-d43a-424d-8832-ac3d3d93b2ca} (Trojan.Vundo.H) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm2ba93ae9 (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yayyatri -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yayyatri -> No action taken.

Dossier(s) infecté(s):

C:\Program Files\dynamic toolbar (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\Cache (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\PBFRV2 (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\PBFRV2\Cache (Adware.2020search) -> No action taken.

Fichier(s) infecté(s):

C:\WINDOWS\system32\wvUkJbyx.dll (Trojan.Vundo.H) -> No action taken.

C:\WINDOWS\system32\vqfxqk.dll (Trojan.Vundo.H) -> No action taken.

C:\WINDOWS\system32\yayyAtRI.dll (Trojan.Vundo.H) -> No action taken.

C:\WINDOWS\system32\IRtAyyay.ini (Trojan.Vundo.H) -> No action taken.

C:\WINDOWS\system32\IRtAyyay.ini2 (Trojan.Vundo.H) -> No action taken.

C:\WINDOWS\system32\benynhkn.dll (Trojan.Vundo.H) -> No action taken.

C:\WINDOWS\system32\nkhnyneb.ini (Trojan.Vundo.H) -> No action taken.

C:\WINDOWS\system32\ljJAPIaA.dll (Trojan.Vundo.H) -> No action taken.

C:\WINDOWS\system32\AaIPAJjl.ini (Trojan.Vundo.H) -> No action taken.

C:\WINDOWS\system32\AaIPAJjl.ini2 (Trojan.Vundo.H) -> No action taken.

C:\WINDOWS\system32\rmcedhvs.dll (Trojan.Vundo.H) -> No action taken.

C:\WINDOWS\system32\svhdecmr.ini (Trojan.Vundo.H) -> No action taken.

C:\WINDOWS\system32\dqtlihei.dll (Trojan.Vundo) -> No action taken.

C:\WINDOWS\system32\purbmdoc.0ll (Trojan.Vundo) -> No action taken.

C:\WINDOWS\system32\qdfciw.dll (Trojan.Vundo) -> No action taken.

C:\WINDOWS\system32\vdkhybbk.0ll (Trojan.Vundo) -> No action taken.

C:\WINDOWS\system32\enjkygbi.dll (Trojan.Vundo) -> No action taken.

C:\WINDOWS\system32\ldhiveiq.dll (Trojan.Vundo) -> No action taken.

C:\WINDOWS\system32\mravcdrm.dll (Trojan.Vundo) -> No action taken.

C:\WINDOWS\system32\jiinae.dll (Trojan.Vundo) -> No action taken.

C:\WINDOWS\system32\jyetxv.dll (Trojan.Vundo) -> No action taken.

C:\Documents and Settings\MICHEL\Local Settings\Temporary Internet Files\Content.IE5\37S7KNAZ\upd105320[1] (Trojan.Vundo) -> No action taken.

C:\Documents and Settings\MICHEL\Local Settings\Temporary Internet Files\Content.IE5\4D6AWNM2\nd82m0[1] (Trojan.Vundo) -> No action taken.

C:\Documents and Settings\MARIE-ALICE\Local Settings\Temporary Internet Files\Content.IE5\0L67GHUJ\nd82m0[1] (Trojan.Vundo) -> No action taken.

C:\Documents and Settings\MARIE-ALICE\Local Settings\Temporary Internet Files\Content.IE5\81MZGDIB\nd82m0[1] (Trojan.Vundo) -> No action taken.

C:\Documents and Settings\MARIE-ALICE\Local Settings\Temporary Internet Files\Content.IE5\81MZGDIB\upd105320[1] (Trojan.Vundo) -> No action taken.

C:\Documents and Settings\MARIE-ALICE\Local Settings\Temporary Internet Files\Content.IE5\KX6ZW9IN\upd105320[1] (Trojan.Vundo) -> No action taken.

C:\Documents and Settings\MARIE-ALICE\Local Settings\Temporary Internet Files\Content.IE5\KX6ZW9IN\upd105320[1].0 (Trojan.Vundo) -> No action taken.

C:\Program Files\dynamic toolbar\batch.bat (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\unins000.dat (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\unins000.exe (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\Cache\go.bmp (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\Cache\home.bmp (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\Cache\logo_pb.bmp (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\Cache\parent_off.bmp (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\Cache\parent_on.bmp (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\Cache\pbfrv2tb0200.cfg (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\Cache\popup_off.bmp (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\Cache\popup_on.bmp (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\Cache\search.bmp (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\Cache\services.bmp (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\Cache\skin.bmp (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\Cache\skin1.bmp (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\Cache\skin2.bmp (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\Cache\skin3.bmp (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\Cache\skin4.bmp (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\Cache\skin5.bmp (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\Cache\store.bmp (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\Cache\style.css (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\Cache\support.bmp (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\Cache\ticker.xml (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\ErrorLog.txt (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\go.bmp (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\home.bmp (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\logo_pb.bmp (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\parent_off.bmp (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\parent_on.bmp (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\pbfrv2tb0200.cfg (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\popup_off.bmp (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\popup_on.bmp (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\search.bmp (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\services.bmp (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin.bmp (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin1.bmp (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin2.bmp (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin3.bmp (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin4.bmp (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin5.bmp (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\store.bmp (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\style.css (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\support.bmp (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\ticker.xml (Adware.2020search) -> No action taken.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\_Ticker_ticker.txt (Adware.2020search) -> No action taken.

C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.

C:\WINDOWS\system32\irnenqxn.dll (Trojan.Agent) -> No action taken.

C:\WINDOWS\pskt.ini (Trojan.Vundo) -> No action taken.

C:\WINDOWS\BM2ba93ae9.xml (Trojan.Vundo) -> No action taken.

C:\WINDOWS\BM2ba93ae9.txt (Trojan.Vundo) -> No action taken.

pog · le 21 septembre 2008

Hello, je suis pas certain d'avoir envoyé le bon log de mbam

__________________________________________________

Malwarebytes' Anti-Malware 1.28

Version de la base de données: 1184

Windows 5.1.2600 Service Pack 2

21/09/2008 16:02:32

mbam-log-2008-09-21 (16-02-32).txt

Type de recherche: Examen rapide

Eléments examinés: 60906

Temps écoulé: 31 minute(s), 55 second(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 3

Clé(s) du Registre infectée(s): 16

Valeur(s) du Registre infectée(s): 2

Elément(s) de données du Registre infecté(s): 2

Dossier(s) infecté(s): 4

Fichier(s) infecté(s): 78

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):

C:\WINDOWS\system32\yayyAtRI.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\vqfxqk.dll (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\system32\wvUkJbyx.dll (Trojan.Vundo.H) -> Delete on reboot.

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43f512bc-d43a-424d-8832-ac3d3d93b2ca} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvukjbyx (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{43f512bc-d43a-424d-8832-ac3d3d93b2ca} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5c19c580-8264-4a27-bca0-b587eae40805} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{5c19c580-8264-4a27-bca0-b587eae40805} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d91fe7d8-703b-4bc9-b629-95f9f03d061c} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{d91fe7d8-703b-4bc9-b629-95f9f03d061c} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{43f512bc-d43a-424d-8832-ac3d3d93b2ca} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm2ba93ae9 (Trojan.Agent) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yayyatri -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yayyatri -> Delete on reboot.

Dossier(s) infecté(s):

C:\Program Files\dynamic toolbar (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\Cache (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\PBFRV2 (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\PBFRV2\Cache (Adware.2020search) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):

C:\WINDOWS\system32\wvUkJbyx.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\vqfxqk.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\yayyAtRI.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\system32\IRtAyyay.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\IRtAyyay.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\benynhkn.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\nkhnyneb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ljJAPIaA.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\AaIPAJjl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\AaIPAJjl.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\rmcedhvs.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\svhdecmr.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dqtlihei.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\purbmdoc.0ll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\qdfciw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vdkhybbk.0ll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\enjkygbi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ldhiveiq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mravcdrm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jiinae.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jyetxv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\MICHEL\Local Settings\Temporary Internet Files\Content.IE5\37S7KNAZ\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\MICHEL\Local Settings\Temporary Internet Files\Content.IE5\4D6AWNM2\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\MARIE-ALICE\Local Settings\Temporary Internet Files\Content.IE5\0L67GHUJ\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\MARIE-ALICE\Local Settings\Temporary Internet Files\Content.IE5\81MZGDIB\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\MARIE-ALICE\Local Settings\Temporary Internet Files\Content.IE5\81MZGDIB\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\MARIE-ALICE\Local Settings\Temporary Internet Files\Content.IE5\KX6ZW9IN\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\MARIE-ALICE\Local Settings\Temporary Internet Files\Content.IE5\KX6ZW9IN\upd105320[1].0 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\batch.bat (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\unins000.dat (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\unins000.exe (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\Cache\go.bmp (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\Cache\home.bmp (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\Cache\logo_pb.bmp (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\Cache\parent_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\Cache\parent_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\Cache\pbfrv2tb0200.cfg (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\Cache\popup_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\Cache\popup_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\Cache\search.bmp (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\Cache\services.bmp (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\Cache\skin.bmp (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\Cache\skin1.bmp (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\Cache\skin2.bmp (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\Cache\skin3.bmp (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\Cache\skin4.bmp (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\Cache\skin5.bmp (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\Cache\store.bmp (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\Cache\style.css (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\Cache\support.bmp (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\Cache\ticker.xml (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\ErrorLog.txt (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\go.bmp (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\home.bmp (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\logo_pb.bmp (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\parent_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\parent_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\pbfrv2tb0200.cfg (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\popup_off.bmp (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\popup_on.bmp (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\search.bmp (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\services.bmp (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin.bmp (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin1.bmp (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin2.bmp (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin3.bmp (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin4.bmp (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin5.bmp (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\store.bmp (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\style.css (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\support.bmp (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\ticker.xml (Adware.2020search) -> Quarantined and deleted successfully.

C:\Program Files\dynamic toolbar\PBFRV2\Cache\_Ticker_ticker.txt (Adware.2020search) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\irnenqxn.dll (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\BM2ba93ae9.xml (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\BM2ba93ae9.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

Falkra · le 21 septembre 2008

Dans le premier MBAM tu n'avais pas demandé la suppression.

Redémarre si pas déjà fait après la suppression, et poste un nouveau rapport hijackThis stp.

pog · le 21 septembre 2008

le post avec correction mbam a été posté un peu plus tard, voici le nouveau hijack

mais déjà ça a l'air beaucoup mieux !!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:43:22, on 21/09/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe

C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE

C:\Program Files\Pack Securite\Common\FSMA32.EXE

c:\APPS\HIDSERVICE\HIDSERVICE.exe

C:\Program Files\Pack Securite\Common\FSMB32.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Pack Securite\Common\FCH32.EXE

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe

C:\Program Files\Pack Securite\Common\FAMEH32.EXE

C:\Program Files\Pack Securite\FSPC\fspc.exe

c:\APPS\Powercinema\Kernel\TV\CLSched.exe

C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe

C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe

C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Pack Securite\FSAUA\program\fsus.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Pack Securite\Common\FSM32.EXE

C:\Program Files\Neuf\Kit\WiFi\9wifi.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Pack Securite\FSGUI\fsguidll.exe

C:\Program Files\e-cb nouv\ecbl-lbp.exe

C:\WINDOWS\system32\sistray.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Opera\opera.exe

C:\Bridge Base Online\FFBBO.exe

C:\Documents and Settings\MICHEL\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://format.packardbell.com/cgi-bin/redi...;keyword=google

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll