# ROOTKITS DETECTED - Can anyone diagnose this log?



## sfrisch8 (Feb 6, 2011)

I also originally posted my issues in the Windows XP forum. But then my issue turned out to be rootkits detected by AVG anti-virus. I couldn't remove them and someone suggested running ComboFix.

I'm new to this site and don't know all the rules, but I thought someone could help me out with reading the log. So, I moved it to this forum.








*COMBOFIX LOG - I heard it could help w/the ROOTKITS* 
ComboFix 11-02-09.02 - Owner 02/09/2011 19:19:30.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.586 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2011-01-10 to 2011-02-10 )))))))))))))))))))))))))))))))
.
2011-02-09 23:16 . 2011-02-10 00:18 -------- d-----w- C:\Retrospect Restore Points
2011-02-09 23:09 . 2011-02-10 00:18 -------- d-----w- c:\documents and settings\All Users\Application Data\RetroExp
2011-02-09 23:09 . 2011-02-09 23:09 -------- d-----w- c:\program files\Retrospect
2011-02-06 21:50 . 2011-02-06 21:50 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-06 21:49 . 2011-02-06 21:49 -------- d-----w- c:\program files\ABBYY FineReader 5.0 Sprint
2011-02-06 21:49 . 2011-02-06 21:49 -------- d-----w- c:\program files\Apple Software Update
2011-02-06 21:49 . 2011-02-06 21:49 -------- d-----w- c:\program files\iTunes
2011-02-06 21:49 . 2011-02-06 21:49 -------- d-----w- c:\program files\iPod
2011-02-06 21:49 . 2011-02-06 21:49 -------- d-----w- c:\program files\vShare
2011-02-06 21:49 . 2011-02-06 21:49 -------- d-----w- c:\documents and settings\Owner\Application Data\vShare
2011-01-21 14:44 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll
2011-01-16 15:43 . 2011-01-16 15:55 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG
2011-01-16 15:41 . 2011-02-06 19:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2006-03-15 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2006-03-15 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2006-03-15 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2006-03-15 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:09 . 2010-05-29 16:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2006-03-15 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:08 . 2006-03-15 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 23:08 . 2006-03-15 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:08 . 2006-03-15 12:00 17408 ------w- c:\windows\system32\corpol.dll
2010-12-20 23:08 . 2010-05-29 16:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 17:26 . 2006-03-15 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2006-03-15 12:00 389120 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2006-03-15 12:00 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2006-03-15 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2006-03-15 12:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-03 22:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-18 18:12 . 2008-11-06 20:36 81920 ----a-w- c:\windows\system32\isign32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-13 39408]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2007-11-26 1206600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"RetroExpress"="c:\progra~1\RETROS~1\RETROS~1.5\RetroExpress.exe" [2008-07-16 9499928]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Webroo tSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRCons umerService]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 04:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 09:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-12-23 23:05 143360 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 19:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X6100 Series]
2003-09-23 06:01 57344 ----a-w- c:\program files\Lexmark X6100 Series\lxbfbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"wwEngineSvc"=2 (0x2)
"gusvc"=2 (0x2)
"gupdate"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [9/18/2009 12:42 PM 29808]
R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [9/19/2009 7:04 AM 45312]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [10/8/2009 2:03 PM 1201640]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/31/2010 5:57 PM 135664]
S4 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [10/11/2009 9:39 AM 598856]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - RETROEXP_HELPER
.
Contents of the 'Scheduled Tasks' folder
2011-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 22:57]
2011-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 22:57]
2011-02-04 c:\windows\Tasks\wrSpySweeper_LB787AB2FEC2847A28A08AFF5B9C0855D.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-10-08 20:19]
2011-02-04 c:\windows\Tasks\wrSpySweeper_LB787AB2FEC2847A28A08AFF5B9C0855D.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-10-08 20:19]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: microsoft.com\office
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-09 19:23
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ... 
scanning hidden autostart entries ... 
scanning hidden files ... 
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2928)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2011-02-09 19:49:34
ComboFix-quarantined-files.txt 2011-02-10 00:49
Pre-Run: 144,273,313,792 bytes free
Post-Run: 144,475,185,152 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
- - End Of File - - DA2CE953CAC300207A3A73573EEA3E1A


----------



## Cookiegal (Aug 27, 2003)

Let's see the AVG report please showing exactly what was detected.


----------



## sfrisch8 (Feb 6, 2011)

I deleted the AVG program, I forgot why, but I was trying thing on my own. I still have all the log files. I think I found the correct one in notepad, but it is massive. 
I don't know what word wrap means, if that would compress the file. Or, if I save it and send in as an attachment (if it lets me do it). Or, I could copy it, but like I said the size is really big.


----------



## Cookiegal (Aug 27, 2003)

You said it found 41 rootkits. Can you just copy and paste that portion of the log?

Word wrap is not compressing. If it's necessary to compress it then just right-click the file and select "send to" and "compressed folder" and then upload it as an attachment.


----------



## Cookiegal (Aug 27, 2003)

Also, are you using iGoogle?


----------



## sfrisch8 (Feb 6, 2011)

I use Google all the time - I have Google updater. I did a search and didn't see iGoogle.
As far as AVG, I tried to read it and I can't tell.


----------



## sfrisch8 (Feb 6, 2011)

I tried what you said about compressing, but it won't let me. When I RH click on file I get nothing. I tried LH click anyway and it gave me the option to save as,or save & when I click save as, it didn't give me that option either.

You don't know how much you help means to me, but I have got to run out for a little bit. If you can thing of another way to send the file, I do it as soon as I get back.

Thanks again


----------



## Cookiegal (Aug 27, 2003)

Please go * here* to download *HijackThis*.

To the right of the green arrow under *HijackThis downloads* click on the *Executable *button and download the *HijackThis.exe* file to your desktop.
Double-click the * HijackThis.exe* file on your desktop to launch the program. If you get a security warning asking if you want to run this software because the publisher couldn't be verified click on Run to allow it.
Click on the *Scan* button. The scan will not take long and when it's finished the resulting log will open automatically in Notepad.
Click on the *Save log* button and save the log file to your desktop. Copy and paste the contents of the log in your post.
*Please do not fix anything with HijackThis unless you are instructed to do so. Most of what appears in the log will be harmless and/or necessary.*


----------



## sfrisch8 (Feb 6, 2011)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:40:21 PM, on 2/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17095)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
C:\PROGRA~1\RETROS~1\RETROS~1.5\retrorun.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\Program Files\internet explorer\iexplore.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RetroExpress] "C:\PROGRA~1\RETROS~1\RETROS~1.5\RetroExpress.exe" /h
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKLM\..\RunOnce: [AvgUninstallURL] "cmd.exe" /c start http://www.avg.com/ww.special-unins...xMCsxLUYxME0xMEQrMQ"&"prod=90"&"ver=10.0.1204
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238543960270
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NTI BackupNowEZSvr - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
O23 - Service: Retrospect Express HD Helper (RetroExp Helper) - EMC Corporation - C:\Program Files\Retrospect\Retrospect Express HD 2.5\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\PROGRA~1\RETROS~1\RETROS~1.5\retrorun.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
O24 - Desktop Component 1: (no name) - http://mail.live.com/
--
End of file - 8148 bytes

It's possible that ComFix fixed the files-(41) total from AVG scan. I also ran "Sophos Anti-Rootkit detector" (sorry, this was when I was thinking that I would not receive further help from this website.) It showed that it had fixed all but 2 rootkit files - but I'm not sure b/c with AVG, it showed all 41 as hidden files.

Thanks again!


----------



## Cookiegal (Aug 27, 2003)

Did you try to upload the AVG log?

Do you have the Sophos log?

There may have been 41 hidden files but that doesn't mean they're rootkits. If you fixed or deleted all hidden files you may have damaged your system.

Please download DDS by sUBs to your desktop from one of the following locations:

http://www.techsupportforum.com/sectools/sUBs/dds
http://download.bleepingcomputer.com/sUBs/dds.scr
http://www.forospyware.com/sUBs/dds

Disable any script blocker you may have as they may interfere and then double-click the DDS.scr to run the tool.

When DDS has finished scanning, it will open two logs named as follows:

DDS.txt
Attach.txt

Save them both to your desktop. Copy and paste the contents of the DDS.txt and Attach.txt files in your reply please.


----------



## sfrisch8 (Feb 6, 2011)

I finally was able to compress the AVG log. The reason it's so large is b/c it shows several dates beginning with 2/6/11. This might be good - I can't remember when I did anything, at this point. Anyway, I don't know how to attach it. I don't see that option anywhere, unless you want me to email it.

I ran a search on Sophos & can't find the log. I really looked hard to locate it.

I saved both the DDS.txt & the Attach.txt to my desktop. When I opened them, they were in Notepad. On the attach.txt it gave these instructions:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
I have zipped it, but I don't know how to attach it, same as AVG.

Here is the other DDS file:

DDS (Ver_10-12-12.02) - NTFSx86 
Run by Owner at 18:39:52.53 on Sat 02/12/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.459 [GMT -5:00]
AV: Trend Micro Internet Security Pro *Enabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *Enabled* 
============== Running Processes ===============
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
C:\PROGRA~1\RETROS~1\RETROS~1.5\retrorun.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\LHKXLM2K\dds[1].scr
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
uRun: [OE] "c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe"
mRun: [ehTray] "c:\windows\ehome\ehtray.exe"
mRun: [SoundMAXPnP] "c:\program files\analog devices\core\smax4pnp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [RetroExpress] "c:\progra~1\retros~1\retros~1.5\RetroExpress.exe" /h
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
mRunOnce: [AvgUninstallURL] "cmd.exe" /c start http://www.avg.com/ww.special-unins...xMCsxLUYxME0xMEQrMQ"&"prod=90"&"ver=10.0.1204
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: microsoft.com\office
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238543960270
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
============= SERVICES / DRIVERS ===============
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-9-18 29808]
R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\newtech infosystems\backup now ez\BackupNowEZSvr.exe [2009-9-19 45312]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2011-2-9 36432]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-11-6 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-10-8 1201640]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2011-2-9 339984]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-2-9 51792]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2011-2-9 497008]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2011-2-9 689416]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\a.tmp --> c:\windows\system32\A.tmp [?]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-31 135664]
=============== Created Last 30 ================
2011-02-12 08:05:20 -------- d-----w- c:\windows\system32\XPSViewer
2011-02-12 08:04:55 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-02-12 08:04:32 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-02-12 08:04:32 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-02-12 08:04:32 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-02-12 08:04:32 117760 ------w- c:\windows\system32\prntvpt.dll
2011-02-12 08:04:31 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-02-12 08:04:31 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-02-12 08:04:31 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-02-12 08:04:31 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-02-12 08:04:31 -------- d-----w- C:\95948fcb29a59252f07a3268bd3c
2011-02-11 02:10:50 -------- d-----w- c:\program files\Sophos
2011-02-10 02:06:11 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Trend Micro
2011-02-10 01:49:12 59472 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2011-02-10 01:49:12 51792 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2011-02-10 01:49:12 163408 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-02-10 01:48:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\Trend Micro
2011-02-10 01:47:38 -------- d-----w- c:\program files\Trend Micro
2011-02-10 01:43:37 661808 ----a-w- c:\windows\system32\UfWSC.cpl
2011-02-10 01:43:34 89872 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2011-02-10 01:43:34 36432 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2011-02-10 01:43:34 339984 ----a-w- c:\windows\system32\drivers\TM_CFW.sys
2011-02-10 01:43:34 249424 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2011-02-10 01:43:34 1331512 ----a-w- c:\windows\system32\drivers\vsapint.sys
2011-02-10 00:17:43 -------- d-sha-r- C:\cmdcons
2011-02-10 00:15:47 98816 ----a-w- c:\windows\sed.exe
2011-02-10 00:15:47 89088 ----a-w- c:\windows\MBR.exe
2011-02-10 00:15:47 256512 ----a-w- c:\windows\PEV.exe
2011-02-10 00:15:47 161792 ----a-w- c:\windows\SWREG.exe
2011-02-09 23:16:46 -------- d-----w- C:\Retrospect Restore Points
2011-02-09 23:09:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\RetroExp
2011-02-09 23:09:38 -------- d-----w- c:\program files\Retrospect
2011-02-06 21:50:05 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-02-06 21:50:05 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-06 21:49:53 -------- d-----w- c:\program files\ABBYY FineReader 5.0 Sprint
2011-02-06 21:49:09 -------- d-----w- c:\program files\vShare
2011-02-06 21:49:09 -------- d-----w- c:\docume~1\owner\applic~1\vShare
2011-01-21 14:44:37 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll
2011-01-16 15:43:22 -------- d-----w- c:\docume~1\owner\applic~1\AVG
==================== Find3M ====================
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:08:45 832512 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:08:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 23:08:45 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:08:45 17408 ------w- c:\windows\system32\corpol.dll
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:25 389120 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38:47 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:05 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
============= FINISH: 18:40:35.70 ===============

Sorry this took so long. I'm computer crazed from being on it so long - but it's worth it! I just asked my husband if we could watched this movie that I downloaded, meaning recorded!


----------



## Cookiegal (Aug 27, 2003)

To attach the file, open up a reply dialog box and then scroll down below it to where you see a button that says "Management Attachments". Click on that and then click on "Browse" and locate the zipped file on your computer then click on "Open" and the "Upload" and finally submit the reply.

Also, please do the following and I will evaluate everything in the morning.

Please download GMER from: http://gmer.net/index.php

Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

*Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.*

Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are *unchecked *on the right-hand side:

IAT/EAT
Any drive letter other than the primary system drive (which is generally C).

Click the *Scan *button and when the scan is finished, click *Save* and save the log in Notepad with the name ark.txt to your desktop.

*Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.*

Open the ark.txt file and copy and paste the contents of the log here please.


----------



## sfrisch8 (Feb 6, 2011)

Please let me know if these didn't come through.


----------



## sfrisch8 (Feb 6, 2011)

I tried to run the GMER link "http://gmer.net/index.php". As soon as I hit the link it immediatly started running, and was done before I could think. I never got the option to click on the download exe button & save it.

It showed about 15 files or so, maybe about 7 were in red - some system 32 files & some driver files.

A warning box popped up and it said: GMER has found system modification caused by rootkit activity. It didn't asked ask if I wanted to run a full scan, but a scan option was availible. It would not let me click on anything within the dialog box - not even to X out of it - it was frozen. I was afraid to try the scan box b/c it wouldn't let me check anything off the check boxes on the RH side & they all had checks in them. Maybe I didn't follow the directions correctly, but I thought I did. Finally I closed out by clicking the X at the very top of the whole page.

Also it advised to turn off everything that was running on the computer before I did anything. I did it, even my virus protection. I didn't like doing it, but I felt I should take the chance.

After I hear from you, I will respond ASAP. My son's home from school where my computer is, and I don't know when he'll wake up.


----------



## sfrisch8 (Feb 6, 2011)

I shouldn't work on the computer late at night !!!!!!!!!!!!!! I just figured out that when I clicked on the link for GMER, it was just showing an example! I should have scrolled down to the GMER.exe file, which I will do in just a minute. I am so relieved I don't have all the rootkits it showed.


----------



## sfrisch8 (Feb 6, 2011)

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-13 10:01:41
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 MAXTOR_STM3160812AS rev.3.AAJ
Running: u8bzthc7.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kxtcquob.sys

---- System - GMER 1.0.15 ----
SSDT 86F8DA58 ZwAllocateVirtualMemory
SSDT 86FA98A0 ZwCreateKey
SSDT 86FE06E0 ZwCreateProcess
SSDT 86F781C8 ZwCreateProcessEx
SSDT 86F8DD28 ZwCreateThread
SSDT 86F862F8 ZwDeleteKey
SSDT 86FE0758 ZwDeleteValueKey
SSDT 86F8DAD0 ZwQueueApcThread
SSDT 86F8D968 ZwReadVirtualMemory
SSDT 86FDBAF0 ZwRenameKey
SSDT 86F8DBC0 ZwSetContextThread
SSDT 86F97238 ZwSetInformationKey
SSDT 86F8DE18 ZwSetInformationProcess
SSDT 86F8DC38 ZwSetInformationThread
SSDT 86FAC4F8 ZwSetValueKey
SSDT 86F8DDA0 ZwSuspendProcess
SSDT 86F8DB48 ZwSuspendThread
SSDT 86F78150 ZwTerminateProcess
SSDT 86F8DCB0 ZwTerminateThread
SSDT 86F8D9E0 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF6E57F80]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\internet explorer\iexplore.exe[2920] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4D9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2920] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3527F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2920] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E352777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2920] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3527BB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2920] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E352703 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2920] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E35273D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2920] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E352831 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2920] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E20178A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2920] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3529F3 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 86FD3FA8
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 86F8D8F0
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 86F8D8F0
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 86FD3FA8
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 86FD3FA8
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 86F8D8F0
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 86F8D8F0
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 86FD3FA8
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 86F8D8F0
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 86FD3FA8
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 86F8D8F0
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] 86F8D8F0
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] 86FD3FA8
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
Device \Driver\Tcpip \Device\Ip 868391C0
Device \Driver\Tcpip \Device\Ip 867FF120
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
Device \Driver\Tcpip \Device\Tcp 868391C0
Device \Driver\Tcpip \Device\Tcp 867FF120
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
Device \Driver\Tcpip \Device\Udp 868391C0
Device \Driver\Tcpip \Device\Udp 867FF120
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
Device \Driver\Tcpip \Device\RawIp 868391C0
Device \Driver\Tcpip \Device\RawIp 867FF120
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
Device \Driver\Tcpip \Device\IPMULTICAST 868391C0
Device \Driver\Tcpip \Device\IPMULTICAST 867FF120
AttachedDevice \FileSystem\Fastfat \Fat ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----


----------



## Cookiegal (Aug 27, 2003)

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/6/2008 3:40:41 PM
System Uptime: 2/12/2011 11:50:14 AM (7 hours ago)

Motherboard: Dell Inc. | | 0U7077
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 133.215 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP764: 11/14/2010 4:44:07 PM - System Checkpoint
RP765: 11/15/2010 5:22:47 PM - System Checkpoint
RP766: 11/16/2010 6:19:10 PM - System Checkpoint
RP767: 11/17/2010 7:43:02 PM - System Checkpoint
RP768: 11/18/2010 9:04:45 PM - System Checkpoint
RP769: 11/20/2010 4:32:47 PM - System Checkpoint
RP770: 11/21/2010 4:53:24 PM - System Checkpoint
RP771: 11/22/2010 4:54:26 PM - System Checkpoint
RP772: 11/23/2010 5:19:06 PM - System Checkpoint
RP773: 11/24/2010 6:00:25 PM - System Checkpoint
RP774: 11/25/2010 7:00:24 PM - System Checkpoint
RP775: 11/26/2010 7:32:07 PM - System Checkpoint
RP776: 11/27/2010 7:38:36 PM - System Checkpoint
RP777: 11/28/2010 8:32:05 PM - System Checkpoint
RP778: 11/29/2010 9:33:08 PM - System Checkpoint
RP779: 11/30/2010 10:33:10 PM - System Checkpoint
RP780: 12/1/2010 11:33:09 PM - System Checkpoint
RP781: 12/3/2010 12:32:02 AM - System Checkpoint
RP782: 12/4/2010 1:32:02 AM - System Checkpoint
RP783: 12/5/2010 2:32:36 AM - System Checkpoint
RP784: 12/6/2010 3:32:09 AM - System Checkpoint
RP785: 12/7/2010 4:31:59 AM - System Checkpoint
RP786: 12/7/2010 7:47:26 PM - Removed Apple Application Support
RP787: 12/7/2010 7:48:21 PM - Removed Apple Mobile Device Support
RP788: 12/8/2010 7:53:02 PM - System Checkpoint
RP789: 12/9/2010 7:54:39 PM - System Checkpoint
RP790: 12/10/2010 7:56:37 PM - System Checkpoint
RP791: 12/11/2010 8:55:31 PM - System Checkpoint
RP792: 12/12/2010 8:56:33 PM - System Checkpoint
RP793: 12/13/2010 9:55:27 PM - System Checkpoint
RP794: 12/14/2010 10:55:26 PM - System Checkpoint
RP795: 12/15/2010 7:17:31 PM - Software Distribution Service 3.0
RP796: 12/16/2010 7:31:07 PM - System Checkpoint
RP797: 12/17/2010 8:31:06 PM - System Checkpoint
RP798: 12/18/2010 9:29:40 PM - System Checkpoint
RP799: 12/19/2010 9:31:03 PM - System Checkpoint
RP800: 12/20/2010 10:31:03 PM - System Checkpoint
RP801: 12/21/2010 11:51:50 PM - System Checkpoint
RP802: 12/23/2010 12:31:00 AM - System Checkpoint
RP803: 12/24/2010 1:31:05 AM - System Checkpoint
RP804: 12/26/2010 2:33:19 PM - System Checkpoint
RP805: 12/27/2010 3:25:51 PM - System Checkpoint
RP806: 12/28/2010 3:32:56 PM - System Checkpoint
RP807: 12/29/2010 5:43:31 PM - System Checkpoint
RP808: 12/30/2010 6:25:48 PM - System Checkpoint
RP809: 12/31/2010 12:57:21 PM - Software Distribution Service 3.0
RP810: 1/1/2011 1:18:22 PM - System Checkpoint
RP811: 1/2/2011 2:06:39 PM - System Checkpoint
RP812: 1/2/2011 3:24:53 PM - Installed NTI Backup Now EZ
RP813: 1/3/2011 4:06:38 PM - System Checkpoint
RP814: 1/4/2011 4:10:00 PM - System Checkpoint
RP815: 1/5/2011 12:06:39 PM - Software Distribution Service 3.0
RP816: 1/6/2011 12:12:06 PM - System Checkpoint
RP817: 1/7/2011 12:35:41 PM - System Checkpoint
RP818: 1/8/2011 1:13:09 PM - System Checkpoint
RP819: 1/9/2011 3:22:36 PM - System Checkpoint
RP820: 1/10/2011 4:52:52 PM - System Checkpoint
RP821: 1/11/2011 5:13:06 PM - System Checkpoint
RP822: 1/12/2011 3:00:15 AM - Software Distribution Service 3.0
RP823: 1/13/2011 3:24:14 AM - System Checkpoint
RP824: 1/14/2011 4:24:14 AM - System Checkpoint
RP825: 1/15/2011 5:24:12 AM - System Checkpoint
RP826: 1/16/2011 6:24:11 AM - System Checkpoint
RP827: 1/17/2011 7:24:10 AM - System Checkpoint
RP828: 1/18/2011 7:28:38 AM - System Checkpoint
RP829: 1/19/2011 8:28:37 AM - System Checkpoint
RP830: 1/20/2011 9:28:38 AM - System Checkpoint
RP831: 1/21/2011 10:22:07 AM - System Checkpoint
RP832: 1/22/2011 10:46:46 AM - System Checkpoint
RP833: 1/23/2011 10:50:12 AM - System Checkpoint
RP834: 1/24/2011 11:17:29 AM - System Checkpoint
RP835: 1/25/2011 12:00:46 PM - System Checkpoint
RP836: 1/26/2011 12:55:25 PM - System Checkpoint
RP837: 1/27/2011 1:19:36 PM - System Checkpoint
RP838: 1/28/2011 2:19:36 PM - System Checkpoint
RP839: 1/29/2011 3:19:34 PM - System Checkpoint
RP840: 1/30/2011 4:20:39 PM - System Checkpoint
RP841: 1/31/2011 4:29:45 PM - System Checkpoint
RP842: 2/1/2011 5:19:31 PM - System Checkpoint
RP843: 2/2/2011 5:34:52 PM - System Checkpoint
RP844: 2/3/2011 6:20:33 PM - System Checkpoint
RP845: 2/4/2011 6:43:27 PM - System Checkpoint
RP846: 2/5/2011 8:00:54 PM - System Checkpoint
RP847: 2/6/2011 9:32:10 AM - Removed ABBYY FineReader 5.0 Sprint Plus
RP848: 2/6/2011 12:19:08 PM - Removed Apple Software Update
RP849: 2/6/2011 12:28:00 PM - Removed iTunes
RP850: 2/6/2011 12:42:57 PM - Removed QuickTime
RP851: 2/6/2011 4:48:07 PM - Restore Operation
RP852: 2/7/2011 5:21:42 PM - System Checkpoint
RP853: 2/8/2011 7:50:15 PM - Software Distribution Service 3.0
RP854: 2/9/2011 6:09:38 PM - Installed Retrospect Express HD 2.5.
RP855: 2/9/2011 7:08:56 PM - Removed AVG 2011
RP856: 2/9/2011 7:10:00 PM - Removed AVG 2011
RP857: 2/9/2011 8:47:36 PM - Installed Trend Micro Internet Security
RP858: 2/10/2011 10:28:51 PM - Removed Nero 7 Essentials
RP859: 2/10/2011 10:33:16 PM - Removed iTunes
RP860: 2/11/2011 3:08:57 PM - Restore point created by Trend Mico [0x00001101] 
RP861: 2/12/2011 3:00:15 AM - Software Distribution Service 3.0
RP862: 2/12/2011 3:26:53 AM - Printer Driver Microsoft XPS Document Writer Installed

==== Installed Programs ======================

ABBYY FineReader 5.0 Sprint Plus
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.1
AnswerWorks 5.0 English Runtime
Apple Software Update
Bonjour
Broadcom Gigabit Integrated Controller
Compatibility Pack for the 2007 Office system
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Lexmark X6100 Series
LightScribe 1.4.136.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Standard
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
NTI Backup Now EZ
Print to Fax
Quicken 2009
QuickTime
Retrospect Express HD 2.5
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Sophos Anti-Rootkit 1.5.4
SoundMAX
Spelling Dictionaries Support For Adobe Reader 9
Spy Sweeper
Spy Sweeper Core
Trend Micro Internet Security Pro
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
vShare Plugin
WebFldrs XP
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

2/9/2011 7:12:31 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wwEngineSvc with arguments "" in order to run the server: {4C3EFFC6-C5C0-4EB1-B249-3D3C86BEEAF6}
2/9/2011 12:42:29 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
2/8/2011 7:00:59 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
2/8/2011 7:00:59 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
2/8/2011 7:00:59 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/8/2011 7:00:59 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/8/2011 7:00:59 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
2/8/2011 7:00:59 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/8/2011 7:00:07 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
2/8/2011 7:00:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/7/2011 7:53:24 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service NMIndexingService with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
2/6/2011 9:00:26 AM, error: Print [6161] - The document Test Page owned by Owner failed to print on printer Lexmark X6100 Series. Data type: LEMF. Size of the spool file in bytes: 395671. Number of bytes printed: 395671. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\DELL-OWNER. Win32 error code returned by the print processor: 535 (0x217). 
2/12/2011 3:04:51 AM, error: Print [22] - Failed to ugrade printer settings for printer Fax Lexmark X6100 Series driver CAPTURE FAX error 1392.
2/12/2011 3:04:51 AM, error: Print [22] - Failed to ugrade printer settings for printer \\DELL-OWNER\Fax Lexmark X6100 Series,LocalOnly driver C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL error 1392.
2/10/2011 3:57:35 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
2/10/2011 10:15:34 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the RetroExpLauncher service.

==== End Of File ===========================


----------



## sfrisch8 (Feb 6, 2011)

Sorry to ask a dumb question - but I don't understand what you have requested.


----------



## Cookiegal (Aug 27, 2003)

Are you having problems with Windows Updates? Because you don't have as many installed as you should.

I don't see any sign of rootkits in the GMER log.

The AVG log doesn't tell me anything really. I don't see where it says anything about 41 hidden files so it's not helpful at all.

But, I have a hunch that the VShare Plugin may be responsible for the Stack Overflow messages you've been getting. I would recommend uninstalling that.

If you decide to uninstall it then also delete these folders:

c:\program files\*vShare*
c:\documents and settings\Owner\application data\*vShare*

You will have to unhide files/folders in order to see the application data folder. Here are those instructions if you need them:

Click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types". Now click "Apply to all folders".
Click "Apply" then "OK".

Rescan with HijackThis, close all other browser windows, place a check mark beside the following entries and then click on "Fix Checked".

O4 - HKLM\..\RunOnce: [AvgUninstallURL] "cmd.exe" /c start http://www.avg.com/ww.special-uninst..."ver=10.0.1204
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - (no file)

Reboot and post a new HijackThis log please.

Also, please do the following:

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## Cookiegal (Aug 27, 2003)

sfrisch8 said:


> Sorry to ask a dumb question - but I don't understand what you have requested.


Sorry. I just wanted to post that log for easier viewing. There was no need to attach it. Please don't attach logs unless requested to.


----------



## sfrisch8 (Feb 6, 2011)

Do I need to quit my virus protection while running logs such as HiJack this?

Sorry for the questions


----------



## Cookiegal (Aug 27, 2003)

sfrisch8 said:


> Do I need to quit my virus protection while running logs such as HiJack this?
> 
> Sorry for the questions


No, not for HijackThis.


----------



## sfrisch8 (Feb 6, 2011)

OK, thanks. I ran a search for the vShare plugin. I'm not sure the files that came up are plugin files or have plugins in them. these are what's listed:
vShare - Docs & Settings app data

www.vShare.tv Macromedia Flash Player#shared

#www.vShare.tv

vShare - program files (i opened this & again couldn't tell if there was a plugin

vShare_toolbar.dill

Can you tell? I didn't know if I should do the things you mentioned concerning vshare before running HiJack This.
Also, I just realized I need to go out for about 45min. & will get back to this. I hope I'm not wasting your time.


----------



## Cookiegal (Aug 27, 2003)

Please do them in the order that I posted.

You should see the VShare Plugin listed under Add or Remove Programs in the Control Panel. Please uninstall it from there.


----------



## sfrisch8 (Feb 6, 2011)

Sorry it took me so long to get back to you. 

I now have a new issue. I tried to uninstall vShare plugin from add/remove programs. It was there and I clicked on remove. Nothing happened at first, except the computer started making a sound that was louder running than normal. Then my new anti-virus program Trend micro pro, popped up a warning. It said uninstall.exe was a threat to my computer, risk low. I tried to x-out of the warning box b/c that's what I do when I trust the warning - I thought it was the program that was used to uninstall programs from the computer. Also, since Trend is new on my computer, it pops ups with things all the time, that I approve or disaprove.

Finally the warning box went away and I did not attempt to try to uninstall vShare plugin again. I tried to open the Trend main page to check the settings. Well, it wouldn't open at all. Then I thought I shoud try a reboot, and when that didn't work I clicked on Turn off computer. Well that didn't work either, so I just turned it off manually. After starting the computer again I was able to open Trend, and everything seemed fine. But It has so many options that I didn't know what settings to check. Then I Googled uninstall.exe and all kinds of warnings came up about it being a real threat - with ways to repair it, etc. 

So, that's where I'm at now. The vShare thing must be a real issue. Any ideas?


----------



## sfrisch8 (Feb 6, 2011)

Below is the new Hijack log, with errors fixed.

Sorry it took so long, but I was waiting on a response to my last post about what happened when I tried to uninstall vShare plugin. Again I know you are very busy - so today I decided to go ahead and run Hijack, and possibly address vShare at your convenience. I also have a couple of questions regarding the previously run .exe, log and install files on my computer.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:43:13 AM, on 2/15/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17095)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\RETROS~1\RETROS~1.5\RetroExpress.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
C:\PROGRA~1\RETROS~1\RETROS~1.5\retrorun.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\PROGRA~1\RETROS~1\RETROS~1.5\retrospect.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RetroExpress] "C:\PROGRA~1\RETROS~1\RETROS~1.5\RetroExpress.exe" /h
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] "%systemroot%\system32\dumprep" 0 -k
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238543960270
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NTI BackupNowEZSvr - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
O23 - Service: Retrospect Express HD Helper (RetroExp Helper) - EMC Corporation - C:\PROGRA~1\RETROS~1\RETROS~1.5\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\PROGRA~1\RETROS~1\RETROS~1.5\retrorun.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
O24 - Desktop Component 1: (no name) - http://mail.live.com/
--
End of file - 7622 bytes

I will now do the requested info on the event viewer & then post it.

Thanks so much for all of your dedicated help.


----------



## sfrisch8 (Feb 6, 2011)

Event Type: Error
Event Source: crypt32
Event Category: None
Event ID: 8
Date: 2/9/2011
Time: 8:43:58 PM
User: N/A
Computer: DELL-OWNER
Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
System Errors:
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 2/15/2011
Time: 7:03:31 AM
User: DELL-OWNER\Owner
Computer: DELL-OWNER
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service gusvc with arguments "" in order to run the server:
{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 2/14/2011
Time: 6:08:29 AM
User: DELL-OWNER\Owner
Computer: DELL-OWNER
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service gusvc with arguments "" in order to run the server:
{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 2/13/2011
Time: 5:18:11 AM
User: DELL-OWNER\Owner
Computer: DELL-OWNER
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service gusvc with arguments "" in order to run the server:
{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 2/12/2011
Time: 5:08:22 AM
User: DELL-OWNER\Owner
Computer: DELL-OWNER
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service gusvc with arguments "" in order to run the server:
{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Print
Event Category: None
Event ID: 22
Date: 2/12/2011
Time: 3:04:51 AM
User: NT AUTHORITY\SYSTEM
Computer: DELL-OWNER
Description:
Failed to ugrade printer settings for printer Fax Lexmark X6100 Series driver CAPTURE FAX error 1392.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Print
Event Category: None
Event ID: 22
Date: 2/12/2011
Time: 3:04:51 AM
User: NT AUTHORITY\SYSTEM
Computer: DELL-OWNER
Description:
Failed to ugrade printer settings for printer \\DELL-OWNER\Fax Lexmark X6100 Series,LocalOnly driver C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL error 1392.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 2/11/2011
Time: 4:24:33 AM
User: DELL-OWNER\Owner
Computer: DELL-OWNER
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service gusvc with arguments "" in order to run the server:
{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7011
Date: 2/10/2011
Time: 10:15:34 PM
User: N/A
Computer: DELL-OWNER
Description:
Timeout (30000 milliseconds) waiting for a transaction response from the RetroExpLauncher service.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 2/10/2011
Time: 10:14:29 PM
User: DELL-OWNER\Owner
Computer: DELL-OWNER
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service wwEngineSvc with arguments "" in order to run the server:
{4C3EFFC6-C5C0-4EB1-B249-3D3C86BEEAF6}
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 2/10/2011
Time: 3:57:35 AM
User: DELL-OWNER\Owner
Computer: DELL-OWNER
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service gusvc with arguments "" in order to run the server:
{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

Vshare Plugin does use an uninstaller named uninstall.exe.

Download *OTS.exe * to your Desktop. 

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
In *Additional Scans *section put a check in Disabled MS Config Items and EventViewer logs
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.


----------



## sfrisch8 (Feb 6, 2011)

I'm geting ready to run the .exe file and I will attach it in next reply.

I was also wanting to know if it's ok to delete the log, txt, exe, and zip files that we used to diagnose my computer problems.


----------



## sfrisch8 (Feb 6, 2011)

Please find attached the OTS notepad file.


----------



## Cookiegal (Aug 27, 2003)

I don't see anything malicious there, just a few things that need tidied up.

Start *OTS*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.


> [Kill All Processes]
> [Unregister Dlls]
> [Registry - Safe List]
> < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
> ...


----------



## sfrisch8 (Feb 6, 2011)

When I tried to the fix on the OTS. it failed. It stopped on the 1st item - 
"fixing service/driver:[NMIndexingService] [disabled\stopped] -> -> file not found"

Before I received your request I took some actions on my own that I'm sure caused this.

I contacted Trend Micro support b/c I felt they were responsible for the vShare issue. We finally resolved that. Then they said that I could upgrade to the 2011 version (for free) to prevent these kind of issues in the future.

I had a very hard time installing it - my fault, I did something wrong. It came up with several error boxes so fast that I can't even remember what they were - I finally got it installed.

After all the trouble I had with it, I decided to run a disk cleanup. I viewed the files, there were around 232,000 (no joke) files in the recycle bin. There were a lot of Trend files and the others had to be related to the Trend uninstall of the older version and also the errors I recieved when trying to install the new version. I approved the deletion. The computer is still running fine, as far as I can tell - except for the OTS failure.

Below is the OTS file before trying to fix it:

```
OTS logfile created on: 2/17/2011 11:18:11 AM - Run 2
OTS by OldTimer - Version 3.1.41.4     Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 576.00 Mb Available Physical Memory | 56.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 133.21 Gb Free Space | 89.38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL-OWNER
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2011/02/17 11:18:00 | 000,642,560 | ---- | M] (OldTimer Tools)
uiseagnt.exe -> C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe -> [2011/02/16 16:59:07 | 001,006,672 | ---- | M] (Trend Micro Inc.)
uiwatchdog.exe -> C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe -> [2011/02/16 16:59:07 | 000,112,632 | ---- | M] (Trend Micro Inc.)
coreframeworkhost.exe -> C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe -> [2011/02/16 16:58:52 | 000,138,640 | ---- | M] (Trend Micro Inc.)
coreserviceshell.exe -> C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -> [2010/10/01 18:07:32 | 000,196,320 | ---- | M] (Trend Micro Inc.)
backupnowezsvr.exe -> C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe -> [2009/09/19 07:04:50 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.)
googletoolbarnotifier.exe -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2009/09/13 09:06:05 | 000,039,408 | ---- | M] (Google Inc.)
retrorun.exe -> C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe -> [2008/07/16 12:43:00 | 000,107,800 | ---- | M] (EMC Corporation)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
smax4pnp.exe -> C:\Program Files\Analog Devices\Core\smax4pnp.exe -> [2004/10/14 14:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.)

[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2011/02/17 11:18:00 | 000,642,560 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll -> [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(NMIndexingService) NMIndexingService [Disabled | Stopped] ->  -> File not found
(HidServ) Human Interface Device Access [Disabled | Stopped] ->  -> File not found
(Amsp) Trend Micro Solution Platform [Auto | Running] -> C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -> [2010/10/01 18:07:32 | 000,196,320 | ---- | M] (Trend Micro Inc.)
(NTI BackupNowEZSvr) NTI BackupNowEZSvr [Auto | Running] -> C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe -> [2009/09/19 07:04:50 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.)
(RetroExp Helper) Retrospect Express HD Helper [Auto | Stopped] -> C:\Program Files\Retrospect\Retrospect Express HD 2.5\rthlpsvc.exe -> [2008/07/16 12:43:02 | 000,128,280 | ---- | M] (EMC Corporation)
(RetroExpLauncher) Retrospect Express HD Launcher [Auto | Running] -> C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe -> [2008/07/16 12:43:00 | 000,107,800 | ---- | M] (EMC Corporation)

[Driver Services - Safe List]
(tmcomm) tmcomm [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\tmcomm.sys -> [2011/02/16 16:58:56 | 000,189,520 | ---- | M] (Trend Micro Inc.)
(tmtdi) Trend Micro TDI Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\tmtdi.sys -> [2011/02/16 16:58:56 | 000,092,112 | ---- | M] (Trend Micro Inc.)
(tmactmon) tmactmon [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\tmactmon.sys -> [2011/02/16 16:58:56 | 000,080,464 | ---- | M] (Trend Micro Inc.)
(tmevtmgr) tmevtmgr [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\tmevtmgr.sys -> [2011/02/16 16:58:56 | 000,064,080 | ---- | M] (Trend Micro Inc.)
(NTIDrvr) NTIDrvr [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\NTIDrvr.sys -> [2009/05/05 16:46:08 | 000,014,464 | ---- | M] (NewTech Infosystems, Inc.)
(UBHelper) UBHelper [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\UBHelper.sys -> [2009/05/05 16:46:08 | 000,013,440 | ---- | M] (NewTech Infosystems Corporation)
(senfilt) senfilt [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\senfilt.sys -> [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.)
(b57w2k) Broadcom NetXtreme 57xx Gigabit Controller [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\b57xp32.sys -> [2004/08/23 14:49:30 | 000,121,472 | ---- | M] (Broadcom Corporation)
(nv) nv [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2004/08/03 17:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation)
(HCF_MSFT) HCF_MSFT [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HCF_MSFT.sys -> [2001/08/17 08:28:02 | 000,907,456 | ---- | M] (Conexant)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> [URL]http://www.msn.com/[/URL] -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc} -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [C:\PROGRAM FILES\TREND MICRO\TITANIUM\UIFRAMEWORK\TOOLBAR\FIREFOXEXTENSION] -> [2011/02/16 17:11:22 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405} -> C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20004\1.5.1381\6.5.1234\FIREFOXEXTENSION\ [C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20004\1.5.1381\6.5.1234\FIREFOXEXTENSION\] -> [2011/02/16 17:12:05 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
< HOSTS File > ([2011/02/16 17:02:40 | 000,000,734 | ---- | M] - 19 lines) -> C:\WINDOWS\system32\drivers\etc\HOSTS -> 
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{1CA1377B-DC1D-4A52-9585-6E06050FAC53} [HKLM] -> C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll [TmIEPlugInBHO Class] -> [2011/02/16 16:58:54 | 000,185,680 | ---- | M] (Trend Micro Inc.)
{43C6D902-A1C5-45c9-91F6-FD9E90337E18} [HKLM] -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [TSToolbarBHO] -> [2011/02/16 16:59:11 | 000,189,776 | ---- | M] (Trend Micro Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2010/12/24 18:33:34 | 000,297,648 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [Google Toolbar Notifier BHO] -> [2010/10/23 07:10:24 | 000,843,832 | ---- | M] (Google Inc.)
{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} [HKLM] -> C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll [TmBpIeBHO Class] -> [2011/02/16 16:58:54 | 000,234,832 | ---- | M] (Trend Micro Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/12/24 18:33:34 | 000,297,648 | ---- | M] (Google Inc.)
"{CCAC5586-44D7-4c43-B64A-F042461A97D2}" [HKLM] -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [Trend Micro Toolbar] -> [2011/02/16 16:59:11 | 000,189,776 | ---- | M] (Trend Micro Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2010/12/24 18:33:34 | 000,297,648 | ---- | M] (Google Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"KernelFaultCheck" ->  ["%systemroot%\system32\dumprep" 0 -k] -> File not found
"RetroExpress" -> C:\Program Files\Retrospect\Retrospect Express HD 2.5\RetroExpress.exe ["C:\PROGRA~1\RETROS~1\RETROS~1.5\RetroExpress.exe" /h] -> [2008/07/16 12:43:00 | 009,499,928 | ---- | M] (EMC Corporation)
"SoundMAXPnP" -> C:\Program Files\Analog Devices\Core\smax4pnp.exe ["C:\Program Files\Analog Devices\Core\smax4pnp.exe"] -> [2004/10/14 14:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.)
"Trend Micro Client Framework" -> C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe ["C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"] -> [2011/02/16 16:59:07 | 000,112,632 | ---- | M] (Trend Micro Inc.)
"Trend Micro Titanium" -> C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe ["C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""] -> [2011/02/16 16:59:07 | 001,062,224 | ---- | M] (Trend Micro Inc.)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ["C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"] -> [2009/09/13 09:06:05 | 000,039,408 | ---- | M] (Google Inc.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
[URL="file://\\"HonorAutoRunSetting"]\\"HonorAutoRunSetting[/URL]" ->  [1] -> File not found
[URL="file://\\"NoDriveAutoRun"]\\"NoDriveAutoRun[/URL]" ->  [67108863] -> File not found
[URL="file://\\"NoDriveTypeAutoRun"]\\"NoDriveTypeAutoRun[/URL]" ->  [323] -> File not found
[URL="file://\\"NoDrives"]\\"NoDrives[/URL]" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
[URL="file://\\"InstallVisualStyle"]\\"InstallVisualStyle[/URL]" -> C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> [2004/08/10 03:39:00 | 001,347,728 | ---- | M] (Microsoft)
[URL="file://\\"InstallTheme"]\\"InstallTheme[/URL]" -> C:\WINDOWS\Resources\Themes\Royale.Theme [C:\WINDOWS\Resources\Themes\Royale.theme] -> [2004/07/28 02:03:28 | 000,001,293 | ---- | M] ()
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
[URL="file://\\"NoDriveTypeAutoRun"]\\"NoDriveTypeAutoRun[/URL]" ->  [323] -> File not found
[URL="file://\\"NoDriveAutoRun"]\\"NoDriveAutoRun[/URL]" ->  [67108863] -> File not found
[URL="file://\\"NoDrives"]\\"NoDrives[/URL]" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Google Sidewiki... -> C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html] -> [2010/12/24 18:35:37 | 001,866,416 | ---- | M] (Google Inc.)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3 domain(s) found. -> 
office_microsoft.com [https] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [HKLM] -> [URL]http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab[/URL] [Office Genuine Advantage Validation Tool] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> [URL]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238543960270[/URL] [MUWebControl Class] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> [URL]http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab[/URL] [Reg Error: Key error.] -> 
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [HKLM] -> [URL]http://office.microsoft.com/officeupdate/content/opuc4.cab[/URL] [Office Update Installation Engine] -> 
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> [URL]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/URL] [Reg Error: Key error.] -> 
{E77F23EB-E7AB-4502-8F37-247DBAF1A147} [HKLM] -> [URL]http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab[/URL] [Windows Live Hotmail Photo Upload Tool] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.2.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{9629DD78-3B1C-48C3-A113-3B01FDA0BBF8}\\DhcpNameServer -> 192.168.2.1   (Broadcom NetXtreme 57xx Gigabit Controller) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
indows.common-controls_6595b641 ->  -> File not found
*MultiFile Done* -> -> 
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2008/11/06 15:38:43 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* ->

[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2011/02/17 11:17:33 | 000,642,560 | ---- | C] (OldTimer Tools)
 Trend Micro -> C:\Documents and Settings\Owner\Local Settings\Application Data\Trend Micro -> [2011/02/16 18:53:23 | 000,000,000 | ---D | C]
 Trend Micro Titanium Maximum Security -> C:\Documents and Settings\Owner\Start Menu\Programs\Trend Micro Titanium Maximum Security -> [2011/02/16 17:12:54 | 000,000,000 | ---D | C]
 Trend Micro -> C:\Documents and Settings\LocalService\Application Data\Trend Micro -> [2011/02/16 17:12:27 | 000,000,000 | ---D | C]
 tmtdi.sys -> C:\WINDOWS\System32\drivers\tmtdi.sys -> [2011/02/16 17:12:13 | 000,092,112 | ---- | C] (Trend Micro Inc.)
 LastGood -> C:\WINDOWS\LastGood -> [2011/02/16 17:12:11 | 000,000,000 | ---D | C]
 tmcomm.sys -> C:\WINDOWS\System32\drivers\tmcomm.sys -> [2011/02/16 17:12:09 | 000,189,520 | ---- | C] (Trend Micro Inc.)
 tmactmon.sys -> C:\WINDOWS\System32\drivers\tmactmon.sys -> [2011/02/16 17:12:09 | 000,080,464 | ---- | C] (Trend Micro Inc.)
 tmevtmgr.sys -> C:\WINDOWS\System32\drivers\tmevtmgr.sys -> [2011/02/16 17:12:09 | 000,064,080 | ---- | C] (Trend Micro Inc.)
 Trend Micro -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Trend Micro -> [2011/02/16 17:11:44 | 000,000,000 | ---D | C]
 Trend Micro -> C:\Program Files\Trend Micro -> [2011/02/16 17:05:10 | 000,000,000 | ---D | C]
 Interactive -> C:\Documents and Settings\Owner\Interactive -> [2011/02/16 11:00:18 | 000,000,000 | ---D | C]
 log -> C:\Documents and Settings\Owner\log -> [2011/02/16 10:43:46 | 000,000,000 | ---D | C]
 backups -> C:\Documents and Settings\Owner\Desktop\backups -> [2011/02/15 10:25:00 | 000,000,000 | ---D | C]
 Minidump -> C:\WINDOWS\Minidump -> [2011/02/13 09:15:12 | 000,000,000 | ---D | C]
 XPSViewer -> C:\WINDOWS\System32\XPSViewer -> [2011/02/12 03:05:20 | 000,000,000 | ---D | C]
 MSBuild -> C:\Program Files\MSBuild -> [2011/02/12 03:05:16 | 000,000,000 | ---D | C]
 Reference Assemblies -> C:\Program Files\Reference Assemblies -> [2011/02/12 03:05:08 | 000,000,000 | ---D | C]
 printfilterpipelinesvc.exe -> C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe -> [2011/02/12 03:04:32 | 000,597,504 | ---- | C] (Microsoft Corporation)
 prntvpt.dll -> C:\WINDOWS\System32\prntvpt.dll -> [2011/02/12 03:04:32 | 000,117,760 | ---- | C] (Microsoft Corporation)
 filterpipelineprintproc.dll -> C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll -> [2011/02/12 03:04:32 | 000,089,088 | ---- | C] (Microsoft Corporation)
 xpssvcs.dll -> C:\WINDOWS\System32\xpssvcs.dll -> [2011/02/12 03:04:31 | 001,676,288 | ---- | C] (Microsoft Corporation)
 xpssvcs.dll -> C:\WINDOWS\System32\dllcache\xpssvcs.dll -> [2011/02/12 03:04:31 | 001,676,288 | ---- | C] (Microsoft Corporation)
 xpsshhdr.dll -> C:\WINDOWS\System32\dllcache\xpsshhdr.dll -> [2011/02/12 03:04:31 | 000,575,488 | ---- | C] (Microsoft Corporation)
 95948fcb29a59252f07a3268bd3c -> C:\95948fcb29a59252f07a3268bd3c -> [2011/02/12 03:04:31 | 000,000,000 | ---D | C]
 TrendMicro_TISPro_17.50_en-US_32-bit -> C:\Documents and Settings\Owner\My Documents\TrendMicro_TISPro_17.50_en-US_32-bit -> [2011/02/10 22:07:18 | 000,000,000 | ---D | C]
 Retrospect Catalog Files -> C:\Documents and Settings\Owner\My Documents\Retrospect Catalog Files -> [2011/02/09 22:18:23 | 000,000,000 | ---D | C]
 RECYCLER -> C:\RECYCLER -> [2011/02/09 22:08:18 | 000,000,000 | -HSD | C]
 Trend Micro -> C:\Documents and Settings\All Users\Application Data\Trend Micro -> [2011/02/09 20:48:06 | 000,000,000 | ---D | C]
 temp -> C:\WINDOWS\temp -> [2011/02/09 19:49:37 | 000,000,000 | ---D | C]
 cmdcons -> C:\cmdcons -> [2011/02/09 19:17:43 | 000,000,000 | RHSD | C]
 SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2011/02/09 19:15:47 | 000,212,480 | ---- | C] (SteelWerX)
 SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2011/02/09 19:15:47 | 000,161,792 | ---- | C] (SteelWerX)
 SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2011/02/09 19:15:47 | 000,136,704 | ---- | C] (SteelWerX)
 NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2011/02/09 19:15:47 | 000,031,232 | ---- | C] (NirSoft)
 ERDNT -> C:\WINDOWS\ERDNT -> [2011/02/09 19:15:40 | 000,000,000 | ---D | C]
 Qoobox -> C:\Qoobox -> [2011/02/09 19:05:57 | 000,000,000 | ---D | C]
 Retrospect Restore Points -> C:\Retrospect Restore Points -> [2011/02/09 18:16:46 | 000,000,000 | ---D | C]
 RetroExp -> C:\Documents and Settings\All Users\Application Data\RetroExp -> [2011/02/09 18:09:44 | 000,000,000 | ---D | C]
 EMC Retrospect -> C:\Documents and Settings\All Users\Start Menu\Programs\EMC Retrospect -> [2011/02/09 18:09:42 | 000,000,000 | ---D | C]
 Retrospect -> C:\Program Files\Retrospect -> [2011/02/09 18:09:38 | 000,000,000 | ---D | C]

I also have checked restore points. I'm not happy with any of them. I also am hesitant about restoring b/c of all my financial data. I do have it backed up to a flash drive, but the last time I tried to export it back on the computer it was all messed up - bank + Quicken files. I also had backed up my computer to an external hard drive, but it was about a week ago.
```


----------



## Cookiegal (Aug 27, 2003)

Please don't do anything else on your own.

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## sfrisch8 (Feb 6, 2011)

ABBYY FineReader 5.0 Sprint Plus
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.1
AnswerWorks 5.0 English Runtime
Apple Software Update
Bonjour
Broadcom Gigabit Integrated Controller
Compatibility Pack for the 2007 Office system
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB961118)
Lexmark X6100 Series
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Standard
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
Print to Fax
Quicken 2009
QuickTime
Retrospect Express HD 2.5
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
SoundMAX
Spelling Dictionaries Support For Adobe Reader 9
Trend Micro Titanium Maximum Security
Trend Micro Titanium Maximum Security
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Windows XP Service Pack 3

Thank you for saving me again!


----------



## Cookiegal (Aug 27, 2003)

When you go to MS updates are there any available?


----------



## sfrisch8 (Feb 6, 2011)

I just checked and it stated "no high priority updates for my computer are available". i checked my update history and there are 30 for windows xp since the end of Nov, and 2 for office.


----------



## Cookiegal (Aug 27, 2003)

Please upload the following file as an attachment. It will be very large so you may have to zip it up first.

C:\Windows\WindowsUpdate.log

This should tell us if updates are failing.


----------



## sfrisch8 (Feb 6, 2011)

Here's the windows update file.

Thanks!


----------



## Cookiegal (Aug 27, 2003)

Go to this link and download Dial-a-Fix.

http://www.majorgeeks.com/download4899.html

Check:

*WU/WUAU*

Then click on Go.

Then reboot and visit Microsoft Updates again and see if it will show up dates for download please.


----------



## sfrisch8 (Feb 6, 2011)

Followed all instructions, but no high priority updates are available.


----------



## Cookiegal (Aug 27, 2003)

Please run the MGA Diagnostic Tool and post back the report it creates:
Download *MGADiag* to your desktop.
Double-click on MGADiag.exe to launch the program
Click "Continue"
Ensure that the "Windows" tab is selected (it should be by default).
Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
Paste the MGA Diagnostic Report back here in your next reply.


----------



## sfrisch8 (Feb 6, 2011)

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-MDC9F-94K9T-J93FG
Windows Product Key Hash: PB22P6dYS+n1AdhCWJvdrtjgIqs=
Windows Product ID: 76487-OEM-2280907-21798
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010100.3.0.med
ID: {25552C10-9F2D-4245-B140-688F3100E1E8}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 100 Genuine
Microsoft Office XP Standard - 100 Genuine
OGA Version: Registered, 1.6.28.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-230-1
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{25552C10-9F2D-4245-B140-688F3100E1E8}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.med</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-J93FG</PKey><PID>76487-OEM-2280907-21798</PID><PIDType>3</PIDType><SID>S-1-5-21-1606980848-115176313-839522115</SID><SYSTEM><Manufacturer>Dell Inc. </Manufacturer><Model>Dimension 8400 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc. </Manufacturer><Version>A09</Version><SMBIOSVersion major="2" minor="3"/><Date>20060707000000.000000+000</Date></BIOS><HWID>0EDC348F0184E06D</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120409-6000-11D3-8CFE-0050048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office XP Standard</Name><Ver>10</Ver><Val>5AA73475A061AA4</Val><Hash>ygBeJjxJYdhwF4nFatEhsgq238Y=</Hash><Pid>54187-755-1747385-17106</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="10" Result="100"/><App Id="18" Version="10" Result="100"/><App Id="1A" Version="10" Result="100"/><App Id="1B" Version="10" Result="100"/></Applications></Office></Software></GenuineResults> 
Licensing Data-->
N/A
Windows Activation Technologies-->
N/A
HWID Data-->
N/A
OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 16DBF:Compaq Computer Corporation|1AD7Fell Inc|1AD7F:Microsoft Corporation
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005
OEM Activation 2.0 Data-->
N/A


----------



## Cookiegal (Aug 27, 2003)

Click Start - Run then type *services.msc* and click OK.

Double-click Background Intelligent Transfer Service. Is the Startup type set on Manual? If not, change it to Manual. Then click on the Log On tab and make sure the service is enabled for all profiles listed. Then go back to the General tab and click Start to Start the Service.

Now scroll down and double-click on the Event Log service. Make sure the Startup type is set to Automatic. If the startup status says that it's Stopped, click Start and then click OK.

Now double-click on the Automatic Update service. Make sure the startup type is set to Automatic. If the startup status says that it's Stopped, click Start and then click OK.

Close the Services window and attempt try visit Windows Updates again to see if any are detected. If they are download them. If it still says there are 0 updates availalbe, please attach the latest Windows Update log as you did before so I can see what the last entries say.


----------



## sfrisch8 (Feb 6, 2011)

Checked the services and all were set correctly.

I went to Windows Update, and there was 1 high priority update: "Update for Windows XP (KB971029)". I downloaded it.

I have my computer set for automatic updates, do you think this was a brand new one & I caught it before it went to automatic? Or, is this one that was missed because of my computer issues?

Once again, you have gone beyond the call of duty to help me out. I can't express my appreciation enough. Thanks again!


----------



## Cookiegal (Aug 27, 2003)

Please open Dial-a-Fix again but this time select this option and then hit GO:
*
SSL/HTTPS/Cryptopgraphy*

After doing that, reboot and visit Windows Updates again and let me know if any updates are detected.

I'm not sure why that update just came through but it was orignally offered in August of 2009.

http://www.microsoft.com/downloads/...f6-8b16-4157-9635-8cfc0bbf4c35&displaylang=en


----------



## sfrisch8 (Feb 6, 2011)

Followed instructions with Dial-a-Fix. Checked Microsoft Updates again & nothing new came up.


----------



## Cookiegal (Aug 27, 2003)

When did you install Service Pack 3?


----------



## sfrisch8 (Feb 6, 2011)

It was installed in November 2008.


----------



## Cookiegal (Aug 27, 2003)

Let's do a test. I chose a random update from 2009. Please see if you can download it of if it generates any error message (saying it's alread installed for instance).

http://www.microsoft.com/downloads/...76-eeb2-4ff4-9d2c-46882f214719&displaylang=en

After downloading it, please do this again:

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## sfrisch8 (Feb 6, 2011)

I downloaded the update, but no error messages received. I wasn't sure whether to install it or not, because it came with a warning to backup my computer first.

I backed up my computer to an external hard drive. It listed several restore points but none of them would work out because I downloaded a lot of financial info, prior to the restore points listed.

So, I haven't installed the update, and I know everything would probably be fine - but I just didn't want to create any new issues with this computer.

I apologize for bringing up the whole install issue, because you instructed me to just download the update. I'm not real "computerized" yet and maybe should have already known what to do.


----------



## Cookiegal (Aug 27, 2003)

Can you give me the exact message please?

Also, navigate to the following folder:

WINDOWS\system32\SoftwareDistribution\Setup\*ServiceStartup*

Please open the *ServiceStartup* folder and let me know the names of any subfolders it contains.


----------



## sfrisch8 (Feb 6, 2011)

I forgot to mention that when I downloaded the file "WindowsXP-KB956744-x86-ENU.exe", I saved it to my desktop. When I clicked it, to do the install, it immediatly extracted files. Where are the extracted files?

Then the "Software Update Wizard" box came up with this message:
"Before you install this update we recommend that you -back up your system and close all open programs."

I opened the system startup folder, and these are the sub folders:

WUPS2.dill
7.2.6001.788
7.4.7600.226
WUPS.dill
7.0.6000.381
7.2.6001.788
7.4.7600.226
I hope this is what you needed.


----------



## Cookiegal (Aug 27, 2003)

I assume those file extensions are .dll and not .dil, correct?

Please go to Start - Run and copy and paste the following then click Enter:

*regsvr32 WUPS2.dll*

Do the same for this one please:

*regsvr32 WUPS.dll*

Then reboot and visit Windows Updates again and let me know if any are detected please.


----------



## sfrisch8 (Feb 6, 2011)

Followed all instructions & no updates detected.


----------



## Cookiegal (Aug 27, 2003)

Please upload the windows update log again as you did before. I'd like to see the latest entries.


----------



## sfrisch8 (Feb 6, 2011)

I zipped it, hope that was ok.


----------



## Cookiegal (Aug 27, 2003)

Go to the following link and click on the FixIt button under Fix it for Me to reset the Windows Updates components.

http://support.microsoft.com/kb/971058

Then reboot and visit Windows Updates again and let me know if any are detected.

Then, whether there were any updates or not, please do this again:

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## sfrisch8 (Feb 6, 2011)

Followed all instuctions with Fix-it, and still no updates. HiJack log follows:

ABBYY FineReader 5.0 Sprint Plus
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.1
AnswerWorks 5.0 English Runtime
Apple Software Update
Bonjour
Broadcom Gigabit Integrated Controller
Compatibility Pack for the 2007 Office system
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB961118)
Lexmark X6100 Series
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Standard
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
Print to Fax
Quicken 2009
QuickTime
Retrospect Express HD 2.5
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
SoundMAX
Spelling Dictionaries Support For Adobe Reader 9
Spy Sweeper
Spy Sweeper Core
Trend Micro Titanium Maximum Security
Trend Micro Titanium Maximum Security
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB971029)
Windows XP Service Pack 3


----------



## Cookiegal (Aug 27, 2003)

I would try uninstalling SpySweeper. Sometimes it interferes with things.

Is it intentional that you don't have Sun Java installed?


----------



## sfrisch8 (Feb 6, 2011)

OK, I will uninstall Spy Sweeper. I had read reviews on it and it got very good reviews.

I have always felt that I needed extra spyware & malware protection in addition to my anti-virus program. What do you think? Can you suggest one?

No, it is not intentional that I don't have Sun Java installed. I really have never understood the whole Java thing. Where would the installation come from? I checked internet options and the box was not checked for IE7 updates.
Sorry for all the questions.
Thanks for your help


----------



## Cookiegal (Aug 27, 2003)

sfrisch8 said:


> I checked internet options and the box was not checked for IE7 updates.


Would you please explain this as I don't understand what you mean.


----------



## sfrisch8 (Feb 6, 2011)

On the Windows Internet Explorer page, I went to the toolbar. Then I clicked on tools, internet options, advanced, settings. I was actually looking for something that said Java.

Under browsing, there was a box (not checked-off) to enable internet updates. I checked the box to enable internet updates. Like I said I don't get Java and don't know where it is downloaded from. I thought maybe it came from internet updates, and when I saw that the box was not checked, I checked it.


----------



## Cookiegal (Aug 27, 2003)

Are you still getting the "stack overflow" errors?


----------



## sfrisch8 (Feb 6, 2011)

No I'm not. You had said that maybe the vShare was causing it, so once I removed that, I haven't had any problems. Just watch me get one tomorrow!


----------



## Cookiegal (Aug 27, 2003)

OK, let try this.

Please go to the following link:

http://support.microsoft.com/kb/943144

and follow Method 1: Download and install the Windows Update Agent

This is the one for a 32-bit computer:

Windows Update Agent for an x86-based computer

Reboot after doing that and then visit Windows Updates again please.


----------



## sfrisch8 (Feb 6, 2011)

I downloaded the Windows Update Agent for x86 based computer, & saved it.
When I tried to install it, before it finished a box came up. It said "install is not needed since Windows Update Agent was already installed."
I did a reboot anyway & checked for updates again & there were none.

I did a search on my computer to see if there was another Windows Update Agent for x86 based computer, that was installed. But it didn't show anything else except what was done today. I tried the search (which probably wasn't necessary) because I'm just guessing at this stuff, which is over my head.

I know we are focusing on the update issue. But, you had mentioned uninstalling the Webroot spyware program. Is it because it is not a safe program, and if not, can you suggest one?

Thanks!


----------



## Cookiegal (Aug 27, 2003)

Webroot is a safe program but it does sometimes interfere with other programs or block connections if not configured properly.

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## sfrisch8 (Feb 6, 2011)

I am so sorry that I wasn't able to complete this task. I know we have done this before, but I got really mixed up with the copy and paste into notepad. I followed the instructions - I opened the error, and clicked on the icon that looks like 2 pieces of paper & then ok.

Where does this copy the error to? How do I paste it into notepad, I don't understand where notepad is.
If you can please answer the questions for me it would be great, because I really need to know.

The real issue here is the amount of errors that showed up in "App & System", which is bad in itself. I don't mean to sound lazy, but it would take me forever to complete the process on all of those. I tried clicking on a few to give you an idea of the full errors. But that's when I got mixed up trying to find where the errors were copied to.

The only thing I could think of doing was to copy the system and application error logs from the event viewer. Each of them were so large that I zipped them and added as attachments. I hope I zipped them correctly. I've lost my confidence. I know they won't show the expanded errors but I thought you could at least see the amount of errors. After I opened the error files before I zipped them, I got the error message that "Microsoft or IE (I forgot) needed to shut the system down", which it did.

Now, I'm getting really concerned, a lot of the errors were dated before we even started working on this. The computer seems to be running fine, except for the update issue.

Please accept my apology.


----------



## sfrisch8 (Feb 6, 2011)

Please note that when I said my system shut down, it didn't turn off, it just went back to my desktop.


----------



## Cookiegal (Aug 27, 2003)

I apologize for the delay in responding. Things have been very busy around here.

When you click on the two pieces of paper that copies the full error to the clipboard. You won't actually see the clipboard. Then you open Notepad via Start - All Programs - Accessories and either click on "Edit" Paste" or just right-click and select "paste" from the right-click menu. It would be helpful to see one of two of those errors please but just include them in your reply rather than attaching them.

Also, please do this:

Please open HijackThis.
Click on *Open Misc Tools Section*
Make sure that both boxes beside "Generate StartupList Log" are checked:

*List all minor sections(Full)*
*List Empty Sections(Complete)*
Click *Generate StartupList Log*.
Click *Yes* at the prompt.
It will open a text file. Please copy the entire contents of that page and paste it here.


----------



## sfrisch8 (Feb 6, 2011)

Don't worry about any delay - I just appreciate your help. I worked at the MS Campus in Charlotte, NC for over 5 years. I wasn't in support, but I know how crazy it can get!

Application errors:

Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/8/2011
Time: 6:39:07 PM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1060) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/8/2011
Time: 1:44:59 PM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1060) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/8/2011
Time: 9:05:30 AM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1060) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/7/2011
Time: 10:15:58 PM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1060) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/7/2011
Time: 6:34:54 PM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1060) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/7/2011
Time: 2:55:55 PM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1060) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/7/2011
Time: 5:52:22 AM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1060) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/7/2011
Time: 2:23:23 AM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1060) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/6/2011
Time: 10:19:23 PM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1060) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/6/2011
Time: 4:13:53 PM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1060) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/6/2011
Time: 9:06:45 AM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1096) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/6/2011
Time: 2:10:12 AM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1096) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

System errors:

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 3/8/2011
Time: 12:46:43 PM
User: DELL-OWNER\Owner
Computer: DELL-OWNER
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service gusvc with arguments "" in order to run the server:
{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 3/7/2011
Time: 12:41:05 PM
User: DELL-OWNER\Owner
Computer: DELL-OWNER
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service gusvc with arguments "" in order to run the server:
{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: PlugPlayManager
Event Category: None
Event ID: 11
Date: 3/6/2011
Time: 1:15:13 PM
User: N/A
Computer: DELL-OWNER
Description:
The device Root\LEGACY_SSIDRV\0000 disappeared from the system without first being prepared for removal.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 .... 
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 3/6/2011
Time: 1:15:07 PM
User: N/A
Computer: DELL-OWNER
Description:
The Webroot Client Service service terminated unexpectedly. It has done this 1 time(s).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 3/6/2011
Time: 12:54:13 PM
User: DELL-OWNER\Owner
Computer: DELL-OWNER
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service gusvc with arguments "" in order to run the server:
{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

HiJackThis text file:

StartupList report, 3/8/2011, 7:33:22 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HiJackThis\HiJackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.17095)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
C:\PROGRA~1\RETROS~1\RETROS~1.5\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Owner\Start Menu\Programs\Startup]
*No files*
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
*No files*
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ehTray = "C:\WINDOWS\ehome\ehtray.exe"
SoundMAXPnP = "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
QuickTime Task = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Trend Micro Client Framework = "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
Trend Micro Titanium = "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
swg = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
= 
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\ComFile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
--------------------------------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
--------------------------------------------------
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=*Registry value not found*
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'
Registry check passed
--------------------------------------------------
Enumerating Browser Helper Objects:
AcroIEHelperStub - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
Trend Micro NSC BHO - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll - {1CA1377B-DC1D-4A52-9585-6E06050FAC53}
Trend Micro Toolbar BHO - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll - {43C6D902-A1C5-45c9-91F6-FD9E90337E18}
(no name) - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
TmBpIeBHO - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}
--------------------------------------------------
Enumerating Task Scheduler jobs:
GoogleUpdateTaskMachineCore.job
GoogleUpdateTaskMachineUA.job
--------------------------------------------------
Enumerating Download Program Files:
[Office Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\OGACheckControl.DLL
CODEBASE = http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238543960270
[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
CODEBASE = http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc4.cab
[{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
CODEBASE = http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
[Windows Live Hotmail Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
NameSpace #4: C:\Program Files\Bonjour\mdnsNSP.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\mswsock.dll
Protocol #5: C:\WINDOWS\system32\mswsock.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\rsvpsp.dll
Protocol #11: C:\WINDOWS\system32\rsvpsp.dll
--------------------------------------------------
Enumerating Windows NT/2000/XP services
Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Trend Micro Solution Platform: "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 (autostart)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
Broadcom NetXtreme 57xx Gigabit Controller: system32\DRIVERS\b57xp32.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Bonjour Service: "C:\Program Files\Bonjour\mDNSResponder.exe" (autostart)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
catchme: \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys (manual start)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
CryptSvc: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Wired AutoConfig: %SystemRoot%\System32\svchost.exe -k dot3svc (manual start)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Extensible Authentication Protocol Service: %SystemRoot%\System32\svchost.exe -k eapsvcs (manual start)
Media Center Receiver Service: C:\WINDOWS\eHome\ehRecvr.exe (autostart)
Media Center Scheduler Service: C:\WINDOWS\eHome\ehSched.exe (autostart)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Windows Presentation Foundation Font Cache 3.0.0.0: c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (manual start)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
Google Update Service (gupdate): "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (disabled)
Google Software Updater: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (disabled)
HCF_MSFT: system32\DRIVERS\HCF_MSFT.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
Health Key and Certificate Management Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
Windows CardSpace: "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: %systemroot%\system32\imapi.exe (manual start)
IntelIde: system32\DRIVERS\intelide.sys (system)
Intel Processor Driver: system32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
LexBce Server: C:\WINDOWS\system32\LEXBCES.EXE (autostart)
LightScribeService Direct Disc Labeling Service: "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
MEMSWEEP2: \??\C:\WINDOWS\system32\A.tmp (manual start)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
MHN: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
MHN driver: system32\DRIVERS\mhndrv.sys (manual start)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
Windows Installer: %systemroot%\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
Network Access Protection Agent: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Net.Tcp Port Sharing Service: "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" (disabled)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NMIndexingService: "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" (disabled)
NTI BackupNowEZSvr: C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe (autostart)
NTIDrvr: \??\C:\WINDOWS\system32\drivers\NTIDrvr.sys (manual start)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: system32\DRIVERS\nv4_mini.sys (manual start)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
Parallel port driver: system32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Retrospect Express HD Helper: "C:\PROGRA~1\RETROS~1\RETROS~1.5\rthlpsvc.exe" (autostart)
Retrospect Express HD Launcher: "C:\PROGRA~1\RETROS~1\RETROS~1.5\retrorun.exe" (autostart)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
senfilt: system32\drivers\senfilt.sys (manual start)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Serial port driver: system32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
smwdm: system32\drivers\smwdm.sys (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{C259DEFA-2D5D-4DD7-9105-04D0404935DA} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\system32\tlntsvr.exe (manual start)
tmactmon: system32\DRIVERS\tmactmon.sys (autostart)
tmcomm: system32\DRIVERS\tmcomm.sys (autostart)
tmevtmgr: system32\DRIVERS\tmevtmgr.sys (autostart)
Trend Micro TDI Driver: system32\DRIVERS\tmtdi.sys (system)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
UBHelper: \??\C:\WINDOWS\system32\drivers\UBHelper.sys (manual start)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (manual start)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Apple Mobile USB Driver: System32\Drivers\usbaapl.sys (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\shell32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*No values found*
--------------------------------------------------
End of report, 34,248 bytes
Report generated in 0.140 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## sfrisch8 (Feb 6, 2011)

Hi there!

I received 2 automatic updates this morning!

Security Update for Windows XP - KB2481109
Windows Malicious Software Removal Tool March 2011 - KB890830


----------



## Cookiegal (Aug 27, 2003)

I meant busy at this site. I don't work for Microsoft. 

It appears that we fixed the update problem from the time we started working on it BUT we haven't been able to get the missing updates to be recognized for download.

Go to *Start *- *Run *and copy and paste the following the dialog box then click OK and a log will open in Notepad. If you can copy and paste it here that would be great but if it's too long then upload it as an attachment please.

*%windir%\SoftwareDistribution\ReportingEvents.log*


----------



## sfrisch8 (Feb 6, 2011)

Advised that the log was too long. 

Tried to attach it and received this:

DO NOT UPLOAD PRIVATE DATA!Please remember that files you upload here will be visible to anyone visiting this site. Do not upload files that contain private information (like customer names). 

So, I zipped it.


----------



## Cookiegal (Aug 27, 2003)

According to that log, updates were installed successfully during 2009 and 2010.

Please do this again.

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## sfrisch8 (Feb 6, 2011)

ABBYY FineReader 5.0 Sprint Plus
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.1
AnswerWorks 5.0 English Runtime
Apple Software Update
Bonjour
Broadcom Gigabit Integrated Controller
Compatibility Pack for the 2007 Office system
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB961118)
Lexmark X6100 Series
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Standard
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
Print to Fax
Quicken 2009
QuickTime
Retrospect Express HD 2.5
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
SoundMAX
Spelling Dictionaries Support For Adobe Reader 9
Trend Micro Titanium Maximum Security
Trend Micro Titanium Maximum Security
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB971029)
Windows XP Service Pack 3


----------



## Cookiegal (Aug 27, 2003)

When you go to the Control Panel - Add or Remove Programs and put a check mark at the top to show all updates, do you see the same listing? In other words, do you see more updates listed as "Security Update for Windows XP" than we're seeing in the list you posted?


----------



## sfrisch8 (Feb 6, 2011)

I checked the updates & the list was exactly the same.


----------



## Cookiegal (Aug 27, 2003)

Let's try installing another random update KB978601:

http://www.microsoft.com/downloads/...F0-F3EA-47C8-ADA2-E69F6C1B5F96&displaylang=en


----------



## sfrisch8 (Feb 6, 2011)

I'm confused. I clicked the link that took me to the download page. Then it asked me if I wanted to run it. I clicked yes and then it went through the setup process (I think it was in this order). When it was finished, it said that I had completed the setup wizard. At some point it showed where it was extracting files.I saved the exe file, when I click on that it wants to do the same process all over again. Then I did a reboot too. I thought maybe it did get installed, so I checked windows update & it wasn't there.
I don't know what I've done wrong, I've downloaded many things in the past. How do I install this? Also, can you explain what I did wrong?


----------



## Cookiegal (Aug 27, 2003)

You should be able to just download the executable file to your desktop and then double-click on it to run it.


----------



## sfrisch8 (Feb 6, 2011)

I tried it again & then checked windows update - it doesn't show it.


----------



## Cookiegal (Aug 27, 2003)

Did it install? Does it show in Add or Remove Programs?

Please post the latest windows update log.


----------



## sfrisch8 (Feb 6, 2011)

It did not install. It was too large to copy & paste, so I had to zip it as an attachment.


----------



## Cookiegal (Aug 27, 2003)

In C:\Windows is there a file called KB978601.log? If so, please open it in Notepad and copy and paste the contents here.


----------



## sfrisch8 (Feb 6, 2011)

[KB978601.log]
2.016: ================================================================================
2.016: 2011/03/14 17:42:42.619 (local)
2.016: c:\24f44d33983e4dc623477dabf2\update\update.exe (version 6.3.13.0)
2.032: Hotfix started with following command line: 
2.032: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
3.141: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
3.141: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
3.141: ---- Old Information In The Registry ------
3.141: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.cfg.1299576009.tmp 
3.141: Destination: 
3.141: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.1299576009.tmp 
3.141: Destination: 
3.141: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.cfg.1299576009.tmp 
3.141: Destination: 
3.141: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.1299576009.tmp 
3.141: Destination: 
3.141: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\tmwhite.637.1299576009.tmp 
3.141: Destination: 
3.141: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00635.001.1299576009.tmp 
3.141: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.cfg.1299597612.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.1299597612.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.885.1299597612.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.cfg.1299662413.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.1299662413.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00636.001.1299662413.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.cfg.1299684015.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.1299684015.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.887.1299684015.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.cfg.1299738014.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.1299738014.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.cfg.1299738014.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.1299738014.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.889.1299738014.tmp 
3.157: Destination: 
3.172: Source:C:\Program Files\Trend Micro\AMSP\Module\10001\1.5.1381\6.2.1028\ssapiptn.da6.1299738014.tmp 
3.172: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.cfg.1299748811.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.1299748811.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00637.001.1299748811.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.cfg.1299846014.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.1299846014.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00638.001.1299846014.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.cfg.1299856818.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.1299856818.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.891.1299856818.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.cfg.1299943219.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.1299943219.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.893.1299943219.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.cfg.1299964822.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.1299964822.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.895.1299964822.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.cfg.1300029621.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.1300029621.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.897.1300029621.tmp 
3.188: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.cfg.1300083628.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.cfg.1300083628.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.1300083628.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.1300083628.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\127300.txt.1300083628.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\tmtd.ptn.1300083628.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.cfg.1300094428.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.1300094428.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00639.001.1300094428.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.cfg.1300116035.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.1300116035.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.899.1300116035.tmp 
3.203: Destination: 
3.203: ---- New Information In The Registry ------
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.cfg.1299576009.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.1299576009.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.cfg.1299576009.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.1299576009.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\tmwhite.637.1299576009.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00635.001.1299576009.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.cfg.1299597612.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.1299597612.tmp 
3.203: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.885.1299597612.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.cfg.1299662413.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.1299662413.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00636.001.1299662413.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.cfg.1299684015.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.1299684015.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.887.1299684015.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.cfg.1299738014.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.1299738014.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.cfg.1299738014.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.1299738014.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.889.1299738014.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Module\10001\1.5.1381\6.2.1028\ssapiptn.da6.1299738014.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.cfg.1299748811.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.1299748811.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00637.001.1299748811.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.cfg.1299846014.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.1299846014.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00638.001.1299846014.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.cfg.1299856818.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.1299856818.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.891.1299856818.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.cfg.1299943219.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.1299943219.tmp 
3.219: Destination: 
3.235: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.893.1299943219.tmp 
3.235: Destination: 
3.235: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.cfg.1299964822.tmp 
3.235: Destination: 
3.235: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.1299964822.tmp 
3.235: Destination: 
3.235: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.895.1299964822.tmp 
3.235: Destination: 
3.235: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.cfg.1300029621.tmp 
3.235: Destination: 
3.235: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.1300029621.tmp 
3.235: Destination: 
3.235: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.897.1300029621.tmp 
3.235: Destination: 
3.235: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.cfg.1300083628.tmp 
3.235: Destination: 
3.250: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.cfg.1300083628.tmp 
3.250: Destination: 
3.250: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.1300083628.tmp 
3.250: Destination: 
3.250: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.1300083628.tmp 
3.250: Destination: 
3.250: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\127300.txt.1300083628.tmp 
3.250: Destination: 
3.250: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\tmtd.ptn.1300083628.tmp 
3.250: Destination: 
3.250: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.cfg.1300094428.tmp 
3.250: Destination: 
3.250: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.1300094428.tmp 
3.250: Destination: 
3.250: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00639.001.1300094428.tmp 
3.250: Destination: 
3.250: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.cfg.1300116035.tmp 
3.250: Destination: 
3.250: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.1300116035.tmp 
3.250: Destination: 
3.250: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.899.1300116035.tmp 
3.250: Destination: 
3.250: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
3.250: SetProductTypes: InfProductBuildType=BuildType.IP
3.250: SetAltOsLoaderPath: No section uses DirId 65701; done.
3.313: DoInstallation: FetchSourceURL for c:\24f44d33983e4dc623477dabf2\update\update_SP3GDR.inf failed
3.313: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
3.344: BuildCabinetManifest: update.url absent
3.344: Starting AnalyzeComponents
3.344: AnalyzePhaseZero used 0 ticks
3.344: No c:\windows\INF\updtblk.inf file.
3.344: OEM file scan used 0 ticks
3.438: AnalyzePhaseOne: used 94 ticks
3.438: AnalyzeComponents: Hotpatch analysis disabled; skipping.
3.438: AnalyzeComponents: Hotpatching is disabled.
3.438: FindFirstFile c:\windows\$hf_mig$\*.*
6.407: AnalyzeForBranching used 0 ticks.
6.407: AnalyzePhaseTwo used 0 ticks
6.407: AnalyzePhaseThree used 0 ticks
6.407: AnalyzePhaseFive used 0 ticks
6.407: AnalyzePhaseSix used 0 ticks
11.953: AnalyzeComponents used 8609 ticks
11.953: Downloading 0 files
11.953: bPatchMode = FALSE
11.953: Inventory complete: ReturnStatus=0, 8640 ticks
13.438: CreateUninstall = 0,Directory = C:\WINDOWS\$NtUninstallKB978601$ 
13.438: Num Ticks for invent : 10125
13.469: VerifyTargetFileSize: Unable to verify size as Source = NULL for file c:\windows\inf\HFXF97.tmp
13.828: Copied file: c:\windows\inf\branches.inf
53.250: Allocation size of drive C: is 4096 bytes, free space = 146696077312 bytes
53.266: Drive C: free 139900MB req: 5MB w/uninstall 0MB
53.266: CabinetBuild complete
53.266: Num Ticks for Cabinet build : 39828
53.266: DynamicStrings section not defined or empty.
53.282: FileInUse:: Detection disabled.
54.282: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
57.719: System Restore Point set.
57.813: Copied file: C:\WINDOWS\system32\spmsg.dll
58.063: PFE2: Not avoiding Per File Exceptions.
58.360: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\24f44d33983e4dc623477dabf2\update\update_SP3QFE.inf -> c:\windows\$hf_mig$\KB978601\update\update_SP3QFE.inf.
58.438: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\24f44d33983e4dc623477dabf2\spuninst.exe -> c:\windows\$hf_mig$\KB978601\spuninst.exe.
58.563: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\24f44d33983e4dc623477dabf2\spmsg.dll -> c:\windows\$hf_mig$\KB978601\spmsg.dll.
58.610: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\24f44d33983e4dc623477dabf2\update\spcustom.dll -> c:\windows\$hf_mig$\KB978601\update\spcustom.dll.
58.703: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\24f44d33983e4dc623477dabf2\update\KB978601.CAT -> c:\windows\$hf_mig$\KB978601\update\KB978601.CAT.
58.907: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\24f44d33983e4dc623477dabf2\update\update.exe -> c:\windows\$hf_mig$\KB978601\update\update.exe.
59.016: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\24f44d33983e4dc623477dabf2\update\updspapi.dll -> c:\windows\$hf_mig$\KB978601\update\updspapi.dll.
59.063: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\24f44d33983e4dc623477dabf2\update\update.ver -> c:\windows\$hf_mig$\KB978601\update\update.ver.
59.078: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\24f44d33983e4dc623477dabf2\update\updatebr.inf -> c:\windows\$hf_mig$\KB978601\update\updatebr.inf.
59.094: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\24f44d33983e4dc623477dabf2\update\eula.txt -> c:\windows\$hf_mig$\KB978601\update\eula.txt.
59.172: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\24f44d33983e4dc623477dabf2\update\branches.inf -> c:\windows\$hf_mig$\KB978601\update\branches.inf.
59.203: DoInstallation: Installing assemblies with source root path: c:\24f44d33983e4dc623477dabf2\
59.203: Num Ticks for Copying files : 5937
59.219: Num Ticks for Reg update and deleting 0 size files : 16 
59.266: ---- Old Information In The Registry ------
59.266: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.cfg.1299576009.tmp 
59.266: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.1299576009.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.cfg.1299576009.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.1299576009.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\tmwhite.637.1299576009.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00635.001.1299576009.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.cfg.1299597612.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.1299597612.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.885.1299597612.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.cfg.1299662413.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.1299662413.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00636.001.1299662413.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.cfg.1299684015.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.1299684015.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.887.1299684015.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.cfg.1299738014.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.1299738014.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.cfg.1299738014.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.1299738014.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.889.1299738014.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Module\10001\1.5.1381\6.2.1028\ssapiptn.da6.1299738014.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.cfg.1299748811.tmp 
59.282: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.1299748811.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00637.001.1299748811.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.cfg.1299846014.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.1299846014.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00638.001.1299846014.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.cfg.1299856818.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.1299856818.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.891.1299856818.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.cfg.1299943219.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.1299943219.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.893.1299943219.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.cfg.1299964822.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.1299964822.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.895.1299964822.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.cfg.1300029621.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.1300029621.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.897.1300029621.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.cfg.1300083628.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.cfg.1300083628.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.1300083628.tmp 
59.297: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.1300083628.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\127300.txt.1300083628.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\tmtd.ptn.1300083628.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.cfg.1300094428.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.1300094428.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00639.001.1300094428.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.cfg.1300116035.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.1300116035.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.899.1300116035.tmp 
59.313: Destination: 
59.313: ---- New Information In The Registry ------
59.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.cfg.1299576009.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.1299576009.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.cfg.1299576009.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.1299576009.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\tmwhite.637.1299576009.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00635.001.1299576009.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.cfg.1299597612.tmp 
59.313: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.1299597612.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.885.1299597612.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.cfg.1299662413.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.1299662413.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00636.001.1299662413.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.cfg.1299684015.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.1299684015.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.887.1299684015.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.cfg.1299738014.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.1299738014.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.cfg.1299738014.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.1299738014.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.889.1299738014.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Module\10001\1.5.1381\6.2.1028\ssapiptn.da6.1299738014.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.cfg.1299748811.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.1299748811.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00637.001.1299748811.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.cfg.1299846014.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.1299846014.tmp 
59.328: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00638.001.1299846014.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.cfg.1299856818.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.1299856818.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.891.1299856818.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.cfg.1299943219.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.1299943219.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.893.1299943219.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.cfg.1299964822.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.1299964822.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.895.1299964822.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.cfg.1300029621.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.1300029621.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.897.1300029621.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.cfg.1300083628.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.cfg.1300083628.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.1300083628.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.1300083628.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\127300.txt.1300083628.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\tmtd.ptn.1300083628.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.cfg.1300094428.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.1300094428.tmp 
59.344: Destination: 
59.360: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00639.001.1300094428.tmp 
59.360: Destination: 
59.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.cfg.1300116035.tmp 
59.360: Destination: 
59.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.1300116035.tmp 
59.360: Destination: 
59.360: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.899.1300116035.tmp 
59.360: Destination: 
59.360: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section is empty; nothing to do.
228.485: RebootNecessary = 0,WizardInput = 0 , DontReboot = 1, ForceRestart = 0
1.313: ================================================================================
1.313: 2011/03/14 17:58:28.713 (local)
1.313: c:\136a15b86cded1cff38164d3\update\update.exe (version 6.3.13.0)
1.329: Hotfix started with following command line: 
1.329: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
2.297: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
2.297: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
2.297: ---- Old Information In The Registry ------
2.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.cfg.1299576009.tmp 
2.297: Destination: 
2.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.1299576009.tmp 
2.297: Destination: 
2.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.cfg.1299576009.tmp 
2.297: Destination: 
2.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.1299576009.tmp 
2.297: Destination: 
2.297: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\tmwhite.637.1299576009.tmp 
2.297: Destination: 
2.297: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00635.001.1299576009.tmp 
2.297: Destination: 
2.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.cfg.1299597612.tmp 
2.297: Destination: 
2.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.1299597612.tmp 
2.313: Destination: 
2.313: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.885.1299597612.tmp 
2.313: Destination: 
2.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.cfg.1299662413.tmp 
2.313: Destination: 
2.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.1299662413.tmp 
2.313: Destination: 
2.313: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00636.001.1299662413.tmp 
2.313: Destination: 
2.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.cfg.1299684015.tmp 
2.313: Destination: 
2.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.1299684015.tmp 
2.313: Destination: 
2.313: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.887.1299684015.tmp 
2.313: Destination: 
2.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.cfg.1299738014.tmp 
2.313: Destination: 
2.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.1299738014.tmp 
2.313: Destination: 
2.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.cfg.1299738014.tmp 
2.313: Destination: 
2.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.1299738014.tmp 
2.313: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.889.1299738014.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Module\10001\1.5.1381\6.2.1028\ssapiptn.da6.1299738014.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.cfg.1299748811.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.1299748811.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00637.001.1299748811.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.cfg.1299846014.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.1299846014.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00638.001.1299846014.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.cfg.1299856818.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.1299856818.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.891.1299856818.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.cfg.1299943219.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.1299943219.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.893.1299943219.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.cfg.1299964822.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.1299964822.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.895.1299964822.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.cfg.1300029621.tmp 
2.329: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.1300029621.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.897.1300029621.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.cfg.1300083628.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.cfg.1300083628.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.1300083628.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.1300083628.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\127300.txt.1300083628.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\tmtd.ptn.1300083628.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.cfg.1300094428.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.1300094428.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00639.001.1300094428.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.cfg.1300116035.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.1300116035.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.899.1300116035.tmp 
2.344: Destination: 
2.344: ---- New Information In The Registry ------
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.cfg.1299576009.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.1299576009.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.cfg.1299576009.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.1299576009.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\tmwhite.637.1299576009.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00635.001.1299576009.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.cfg.1299597612.tmp 
2.344: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.1299597612.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.885.1299597612.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.cfg.1299662413.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.1299662413.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00636.001.1299662413.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.cfg.1299684015.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.1299684015.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.887.1299684015.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.cfg.1299738014.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.1299738014.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.cfg.1299738014.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.1299738014.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.889.1299738014.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Module\10001\1.5.1381\6.2.1028\ssapiptn.da6.1299738014.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.cfg.1299748811.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.1299748811.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00637.001.1299748811.tmp 
2.360: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.cfg.1299846014.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.1299846014.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00638.001.1299846014.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.cfg.1299856818.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.1299856818.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.891.1299856818.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.cfg.1299943219.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.1299943219.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.893.1299943219.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.cfg.1299964822.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.1299964822.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.895.1299964822.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.cfg.1300029621.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.1300029621.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.897.1300029621.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.cfg.1300083628.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.cfg.1300083628.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.1300083628.tmp 
2.375: Destination: 
2.391: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.1300083628.tmp 
2.391: Destination: 
2.391: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\127300.txt.1300083628.tmp 
2.391: Destination: 
2.391: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\tmtd.ptn.1300083628.tmp 
2.391: Destination: 
2.391: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.cfg.1300094428.tmp 
2.391: Destination: 
2.391: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.1300094428.tmp 
2.391: Destination: 
2.391: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00639.001.1300094428.tmp 
2.391: Destination: 
2.391: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.cfg.1300116035.tmp 
2.391: Destination: 
2.391: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.1300116035.tmp 
2.391: Destination: 
2.391: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.899.1300116035.tmp 
2.391: Destination: 
2.391: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
2.391: SetProductTypes: InfProductBuildType=BuildType.IP
2.391: SetAltOsLoaderPath: No section uses DirId 65701; done.
2.422: DoInstallation: FetchSourceURL for c:\136a15b86cded1cff38164d3\update\update_SP3GDR.inf failed
2.438: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
2.454: BuildCabinetManifest: update.url absent
2.454: Starting AnalyzeComponents
2.454: AnalyzePhaseZero used 0 ticks
2.454: No c:\windows\INF\updtblk.inf file.
2.454: OEM file scan used 0 ticks
2.454: AnalyzePhaseOne: used 0 ticks
2.454: AnalyzeComponents: Hotpatch analysis disabled; skipping.
2.454: AnalyzeComponents: Hotpatching is disabled.
2.454: FindFirstFile c:\windows\$hf_mig$\*.*
3.047: AnalyzeForBranching used 0 ticks.
3.047: AnalyzePhaseTwo used 0 ticks
3.047: AnalyzePhaseThree used 0 ticks
3.047: AnalyzePhaseFive used 0 ticks
3.063: AnalyzePhaseSix used 16 ticks
17.407: Message displayed to the user: Are you sure you want to cancel?
17.407: User Input: YES
18.063: AnalyzeComponents: Cancelled
18.063: Inventory complete: ReturnStatus=1223, 15641 ticks
18.094: KB978601 Setup canceled.
22.000: Message displayed to the user: KB978601 Setup canceled.
22.000: User Input: OK
22.000: Update.exe extended error code = 0xf00d
22.000: Update.exe return code was masked to 0x643 for MSI custom action compliance.
1.344: ================================================================================
1.344: 2011/03/14 17:59:51.867 (local)
1.344: c:\cb73b6e207efd0c373e201d4\update\update.exe (version 6.3.13.0)
1.360: Hotfix started with following command line: 
1.360: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.657: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
1.657: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
1.657: ---- Old Information In The Registry ------
1.657: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.cfg.1299576009.tmp 
1.657: Destination: 
1.657: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.1299576009.tmp 
1.657: Destination: 
1.657: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.cfg.1299576009.tmp 
1.657: Destination: 
1.657: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.1299576009.tmp 
1.657: Destination: 
1.657: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\tmwhite.637.1299576009.tmp 
1.657: Destination: 
1.657: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00635.001.1299576009.tmp 
1.657: Destination: 
1.657: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.cfg.1299597612.tmp 
1.657: Destination: 
1.657: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.1299597612.tmp 
1.657: Destination: 
1.657: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.885.1299597612.tmp 
1.657: Destination: 
1.657: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.cfg.1299662413.tmp 
1.657: Destination: 
1.657: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.1299662413.tmp 
1.657: Destination: 
1.657: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00636.001.1299662413.tmp 
1.657: Destination: 
1.657: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.cfg.1299684015.tmp 
1.657: Destination: 
1.672: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.1299684015.tmp 
1.672: Destination: 
1.672: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.887.1299684015.tmp 
1.672: Destination: 
1.672: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.cfg.1299738014.tmp 
1.672: Destination: 
1.672: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.1299738014.tmp 
1.672: Destination: 
1.672: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.cfg.1299738014.tmp 
1.672: Destination: 
1.672: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.1299738014.tmp 
1.672: Destination: 
1.672: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.889.1299738014.tmp 
1.672: Destination: 
1.672: Source:C:\Program Files\Trend Micro\AMSP\Module\10001\1.5.1381\6.2.1028\ssapiptn.da6.1299738014.tmp 
1.672: Destination: 
1.672: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.cfg.1299748811.tmp 
1.672: Destination: 
1.672: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.1299748811.tmp 
1.672: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00637.001.1299748811.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.cfg.1299846014.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.1299846014.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00638.001.1299846014.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.cfg.1299856818.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.1299856818.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.891.1299856818.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.cfg.1299943219.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.1299943219.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.893.1299943219.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.cfg.1299964822.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.1299964822.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.895.1299964822.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.cfg.1300029621.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.1300029621.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.897.1300029621.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.cfg.1300083628.tmp 
1.688: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.cfg.1300083628.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.1300083628.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.1300083628.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\127300.txt.1300083628.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\tmtd.ptn.1300083628.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.cfg.1300094428.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.1300094428.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00639.001.1300094428.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.cfg.1300116035.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.1300116035.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.899.1300116035.tmp 
1.704: Destination: 
1.704: ---- New Information In The Registry ------
1.704: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.cfg.1299576009.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.1299576009.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.cfg.1299576009.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.1299576009.tmp 
1.704: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\tmwhite.637.1299576009.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00635.001.1299576009.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.cfg.1299597612.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.1299597612.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.885.1299597612.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.cfg.1299662413.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.1299662413.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00636.001.1299662413.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.cfg.1299684015.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.1299684015.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.887.1299684015.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.cfg.1299738014.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.1299738014.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.cfg.1299738014.tmp 
1.719: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.1299738014.tmp 
1.735: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.889.1299738014.tmp 
1.735: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Module\10001\1.5.1381\6.2.1028\ssapiptn.da6.1299738014.tmp 
1.735: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.cfg.1299748811.tmp 
1.735: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.1299748811.tmp 
1.735: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00637.001.1299748811.tmp 
1.735: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.cfg.1299846014.tmp 
1.735: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.1299846014.tmp 
1.735: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00638.001.1299846014.tmp 
1.735: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.cfg.1299856818.tmp 
1.735: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.1299856818.tmp 
1.735: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.891.1299856818.tmp 
1.735: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.cfg.1299943219.tmp 
1.735: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.1299943219.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.893.1299943219.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.cfg.1299964822.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.1299964822.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.895.1299964822.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.cfg.1300029621.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.1300029621.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.897.1300029621.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.cfg.1300083628.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.cfg.1300083628.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.1300083628.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.1300083628.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\127300.txt.1300083628.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\tmtd.ptn.1300083628.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.cfg.1300094428.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.1300094428.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00639.001.1300094428.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.cfg.1300116035.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.1300116035.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.899.1300116035.tmp 
1.750: Destination: 
1.766: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.766: SetProductTypes: InfProductBuildType=BuildType.IP
1.766: SetAltOsLoaderPath: No section uses DirId 65701; done.
1.797: DoInstallation: FetchSourceURL for c:\cb73b6e207efd0c373e201d4\update\update_SP3GDR.inf failed
1.797: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
1.813: BuildCabinetManifest: update.url absent
1.813: Starting AnalyzeComponents
1.813: AnalyzePhaseZero used 0 ticks
1.813: No c:\windows\INF\updtblk.inf file.
1.813: OEM file scan used 0 ticks
1.813: AnalyzePhaseOne: used 0 ticks
1.813: AnalyzeComponents: Hotpatch analysis disabled; skipping.
1.813: AnalyzeComponents: Hotpatching is disabled.
1.813: FindFirstFile c:\windows\$hf_mig$\*.*
2.469: AnalyzeForBranching used 0 ticks.
2.469: AnalyzePhaseTwo used 0 ticks
2.469: AnalyzePhaseThree used 0 ticks
2.469: AnalyzePhaseFive used 0 ticks
2.485: AnalyzePhaseSix used 16 ticks
12.907: Message displayed to the user: Are you sure you want to cancel?
12.907: User Input: YES
14.485: AnalyzeComponents: Cancelled
14.485: Inventory complete: ReturnStatus=1223, 12688 ticks
14.485: KB978601 Setup canceled.
16.719: Message displayed to the user: KB978601 Setup canceled.
16.719: User Input: OK
16.719: Update.exe extended error code = 0xf00d
16.719: Update.exe return code was masked to 0x643 for MSI custom action compliance.
1.359: ================================================================================
1.359: 2011/03/14 18:04:30.609 (local)
1.359: c:\60dff07201fa92d9b8\update\update.exe (version 6.3.13.0)
1.375: Hotfix started with following command line: 
1.375: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
2.640: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
2.640: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
2.640: DoInstallation: CleanPFR failed: 0x2 
2.640: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
2.640: SetProductTypes: InfProductBuildType=BuildType.IP
2.640: SetAltOsLoaderPath: No section uses DirId 65701; done.
2.718: DoInstallation: FetchSourceURL for c:\60dff07201fa92d9b8\update\update_SP3GDR.inf failed
2.718: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
2.734: BuildCabinetManifest: update.url absent
2.734: Starting AnalyzeComponents
2.734: AnalyzePhaseZero used 0 ticks
2.734: No c:\windows\INF\updtblk.inf file.
2.734: OEM file scan used 0 ticks
2.796: AnalyzePhaseOne: used 62 ticks
2.796: AnalyzeComponents: Hotpatch analysis disabled; skipping.
2.796: AnalyzeComponents: Hotpatching is disabled.
2.796: FindFirstFile c:\windows\$hf_mig$\*.*
6.875: AnalyzeForBranching used 0 ticks.
6.875: AnalyzePhaseTwo used 0 ticks
6.875: AnalyzePhaseThree used 0 ticks
6.875: AnalyzePhaseFive used 0 ticks
6.875: AnalyzePhaseSix used 0 ticks
6.875: AnalyzeComponents used 4141 ticks
6.875: Downloading 0 files
6.875: bPatchMode = FALSE
6.875: Inventory complete: ReturnStatus=0, 4157 ticks
7.640: CreateUninstall = 0,Directory = C:\WINDOWS\$NtUninstallKB978601$ 
7.640: Num Ticks for invent : 4922
7.687: VerifyTargetFileSize: Unable to verify size as Source = NULL for file c:\windows\inf\HFX6.tmp
7.781: Copied file: c:\windows\inf\branches.inf
45.250: Allocation size of drive C: is 4096 bytes, free space = 146714492928 bytes
45.265: Drive C: free 139917MB req: 5MB w/uninstall 0MB
45.265: CabinetBuild complete
45.265: Num Ticks for Cabinet build : 37625
45.265: DynamicStrings section not defined or empty.
45.281: FileInUse:: Detection disabled.
46.281: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
50.296: System Restore Point set.
50.484: Copied file: C:\WINDOWS\system32\spmsg.dll
50.546: PFE2: Not avoiding Per File Exceptions.
51.062: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\60dff07201fa92d9b8\update\update_SP3QFE.inf -> c:\windows\$hf_mig$\KB978601\update\update_SP3QFE.inf.
51.453: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\60dff07201fa92d9b8\spuninst.exe -> c:\windows\$hf_mig$\KB978601\spuninst.exe.
51.750: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\60dff07201fa92d9b8\spmsg.dll -> c:\windows\$hf_mig$\KB978601\spmsg.dll.
52.140: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\60dff07201fa92d9b8\update\spcustom.dll -> c:\windows\$hf_mig$\KB978601\update\spcustom.dll.
52.312: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\60dff07201fa92d9b8\update\KB978601.CAT -> c:\windows\$hf_mig$\KB978601\update\KB978601.CAT.
52.781: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\60dff07201fa92d9b8\update\update.exe -> c:\windows\$hf_mig$\KB978601\update\update.exe.
53.265: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\60dff07201fa92d9b8\update\updspapi.dll -> c:\windows\$hf_mig$\KB978601\update\updspapi.dll.
53.468: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\60dff07201fa92d9b8\update\update.ver -> c:\windows\$hf_mig$\KB978601\update\update.ver.
53.500: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\60dff07201fa92d9b8\update\updatebr.inf -> c:\windows\$hf_mig$\KB978601\update\updatebr.inf.
53.500: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\60dff07201fa92d9b8\update\eula.txt -> c:\windows\$hf_mig$\KB978601\update\eula.txt.
53.593: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\60dff07201fa92d9b8\update\branches.inf -> c:\windows\$hf_mig$\KB978601\update\branches.inf.
53.609: DoInstallation: Installing assemblies with source root path: c:\60dff07201fa92d9b8\
53.609: Num Ticks for Copying files : 8344
53.625: Num Ticks for Reg update and deleting 0 size files : 16 
53.812: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section is empty; nothing to do.
180.640: RebootNecessary = 0,WizardInput = 0 , DontReboot = 1, ForceRestart = 0
1.063: ================================================================================
1.063: 2011/03/14 18:09:45.125 (local)
1.063: c:\81ba9792c3efcf7f1f75\update\update.exe (version 6.3.13.0)
1.078: Hotfix started with following command line: 
1.078: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.391: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
1.391: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
1.391: DoInstallation: CleanPFR failed: 0x2 
1.391: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.391: SetProductTypes: InfProductBuildType=BuildType.IP
1.391: SetAltOsLoaderPath: No section uses DirId 65701; done.
1.422: DoInstallation: FetchSourceURL for c:\81ba9792c3efcf7f1f75\update\update_SP3GDR.inf failed
1.422: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
1.438: BuildCabinetManifest: update.url absent
1.438: Starting AnalyzeComponents
1.438: AnalyzePhaseZero used 0 ticks
1.438: No c:\windows\INF\updtblk.inf file.
1.438: OEM file scan used 0 ticks
1.438: AnalyzePhaseOne: used 0 ticks
1.438: AnalyzeComponents: Hotpatch analysis disabled; skipping.
1.438: AnalyzeComponents: Hotpatching is disabled.
1.438: FindFirstFile c:\windows\$hf_mig$\*.*
1.844: AnalyzeForBranching used 0 ticks.
1.859: AnalyzePhaseTwo used 15 ticks
1.859: AnalyzePhaseThree used 0 ticks
1.859: AnalyzePhaseFive used 0 ticks
1.859: AnalyzePhaseSix used 0 ticks
15.906: AnalyzeComponents used 14468 ticks
15.906: Downloading 0 files
15.906: bPatchMode = FALSE
15.906: Inventory complete: ReturnStatus=0, 14484 ticks
17.500: CreateUninstall = 0,Directory = C:\WINDOWS\$NtUninstallKB978601$ 
17.500: Num Ticks for invent : 16078
17.531: VerifyTargetFileSize: Unable to verify size as Source = NULL for file c:\windows\inf\HFX32.tmp
17.594: Copied file: c:\windows\inf\branches.inf
40.047: Message displayed to the user: Are you sure you want to cancel?
40.047: User Input: YES
48.781: Error getting disk usage info, GLE=0x4c7
48.781: DoInstallation:AnalyzeDiskUsage failed
48.844: KB978601 Setup canceled.
51.625: Message displayed to the user: KB978601 Setup canceled.
51.625: User Input: OK
51.625: Update.exe extended error code = 0xf00d
51.625: Update.exe return code was masked to 0x643 for MSI custom action compliance.
1.125: ================================================================================
1.125: 2011/03/14 18:11:58.453 (local)
1.125: c:\2099b78fc012a4ebc0\update\update.exe (version 6.3.13.0)
1.140: Hotfix started with following command line: 
1.156: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.515: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
1.515: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
1.515: DoInstallation: CleanPFR failed: 0x2 
1.515: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.515: SetProductTypes: InfProductBuildType=BuildType.IP
1.515: SetAltOsLoaderPath: No section uses DirId 65701; done.
1.547: DoInstallation: FetchSourceURL for c:\2099b78fc012a4ebc0\update\update_SP3GDR.inf failed
1.547: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
1.562: BuildCabinetManifest: update.url absent
1.562: Starting AnalyzeComponents
1.562: AnalyzePhaseZero used 0 ticks
1.562: No c:\windows\INF\updtblk.inf file.
1.562: OEM file scan used 0 ticks
1.562: AnalyzePhaseOne: used 0 ticks
1.562: AnalyzeComponents: Hotpatch analysis disabled; skipping.
1.562: AnalyzeComponents: Hotpatching is disabled.
1.562: FindFirstFile c:\windows\$hf_mig$\*.*
1.953: AnalyzeForBranching used 0 ticks.
1.953: AnalyzePhaseTwo used 0 ticks
1.953: AnalyzePhaseThree used 0 ticks
1.953: AnalyzePhaseFive used 0 ticks
1.968: AnalyzePhaseSix used 15 ticks
25.047: Message displayed to the user: Are you sure you want to cancel?
25.047: User Input: NO
28.906: AnalyzeComponents used 27344 ticks
28.906: Downloading 0 files
28.906: bPatchMode = FALSE
28.906: Inventory complete: ReturnStatus=0, 27359 ticks
31.015: CreateUninstall = 0,Directory = C:\WINDOWS\$NtUninstallKB978601$ 
31.015: Num Ticks for invent : 29468
31.031: VerifyTargetFileSize: Unable to verify size as Source = NULL for file c:\windows\inf\HFX33.tmp
31.062: Copied file: c:\windows\inf\branches.inf
36.265: Allocation size of drive C: is 4096 bytes, free space = 146684612608 bytes
36.281: Drive C: free 139889MB req: 5MB w/uninstall 0MB
36.281: CabinetBuild complete
36.281: Num Ticks for Cabinet build : 5266
36.281: DynamicStrings section not defined or empty.
36.297: FileInUse:: Detection disabled.
37.297: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
41.218: System Restore Point set.
41.265: Copied file: C:\WINDOWS\system32\spmsg.dll
41.281: PFE2: Not avoiding Per File Exceptions.
41.515: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\2099b78fc012a4ebc0\update\update_SP3QFE.inf -> c:\windows\$hf_mig$\KB978601\update\update_SP3QFE.inf.
41.578: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\2099b78fc012a4ebc0\spuninst.exe -> c:\windows\$hf_mig$\KB978601\spuninst.exe.
41.593: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\2099b78fc012a4ebc0\spmsg.dll -> c:\windows\$hf_mig$\KB978601\spmsg.dll.
41.797: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\2099b78fc012a4ebc0\update\spcustom.dll -> c:\windows\$hf_mig$\KB978601\update\spcustom.dll.
41.906: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\2099b78fc012a4ebc0\update\KB978601.CAT -> c:\windows\$hf_mig$\KB978601\update\KB978601.CAT.
42.125: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\2099b78fc012a4ebc0\update\update.exe -> c:\windows\$hf_mig$\KB978601\update\update.exe.
42.390: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\2099b78fc012a4ebc0\update\updspapi.dll -> c:\windows\$hf_mig$\KB978601\update\updspapi.dll.
42.406: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\2099b78fc012a4ebc0\update\update.ver -> c:\windows\$hf_mig$\KB978601\update\update.ver.
42.422: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\2099b78fc012a4ebc0\update\updatebr.inf -> c:\windows\$hf_mig$\KB978601\update\updatebr.inf.
42.422: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\2099b78fc012a4ebc0\update\eula.txt -> c:\windows\$hf_mig$\KB978601\update\eula.txt.
42.453: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\2099b78fc012a4ebc0\update\branches.inf -> c:\windows\$hf_mig$\KB978601\update\branches.inf.
42.484: DoInstallation: Installing assemblies with source root path: c:\2099b78fc012a4ebc0\
42.484: Num Ticks for Copying files : 6203
42.484: Num Ticks for Reg update and deleting 0 size files : 0 
42.593: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section is empty; nothing to do.
53.953: RebootNecessary = 0,WizardInput = 0 , DontReboot = 1, ForceRestart = 0
1.078: ================================================================================
1.078: 2011/03/14 19:59:03.015 (local)
1.078: c:\969a5887ea075430a0a602064eae79\update\update.exe (version 6.3.13.0)
1.109: Hotfix started with following command line: 
1.109: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.609: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
1.609: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
1.609: DoInstallation: CleanPFR failed: 0x2 
1.609: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.609: SetProductTypes: InfProductBuildType=BuildType.IP
1.625: SetAltOsLoaderPath: No section uses DirId 65701; done.
1.656: DoInstallation: FetchSourceURL for c:\969a5887ea075430a0a602064eae79\update\update_SP3GDR.inf failed
1.656: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
1.656: BuildCabinetManifest: update.url absent
1.656: Starting AnalyzeComponents
1.656: AnalyzePhaseZero used 0 ticks
1.656: No c:\windows\INF\updtblk.inf file.
1.656: OEM file scan used 0 ticks
1.672: AnalyzePhaseOne: used 16 ticks
1.672: AnalyzeComponents: Hotpatch analysis disabled; skipping.
1.672: AnalyzeComponents: Hotpatching is disabled.
1.672: FindFirstFile c:\windows\$hf_mig$\*.*
2.078: AnalyzeForBranching used 0 ticks.
2.078: AnalyzePhaseTwo used 0 ticks
2.078: AnalyzePhaseThree used 0 ticks
2.078: AnalyzePhaseFive used 0 ticks
2.094: AnalyzePhaseSix used 16 ticks
32.281: AnalyzeComponents used 30625 ticks
32.297: Downloading 0 files
32.297: bPatchMode = FALSE
32.297: Inventory complete: ReturnStatus=0, 30641 ticks
33.469: CreateUninstall = 0,Directory = C:\WINDOWS\$NtUninstallKB978601$ 
33.469: Num Ticks for invent : 31813
33.500: VerifyTargetFileSize: Unable to verify size as Source = NULL for file c:\windows\inf\HFX5F.tmp
33.563: Copied file: c:\windows\inf\branches.inf
63.422: Allocation size of drive C: is 4096 bytes, free space = 146621075456 bytes
63.453: Drive C: free 139828MB req: 5MB w/uninstall 0MB
63.453: CabinetBuild complete
63.453: Num Ticks for Cabinet build : 29984
63.453: DynamicStrings section not defined or empty.
63.469: FileInUse:: Detection disabled.
64.469: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
68.422: System Restore Point set.
68.469: Copied file: C:\WINDOWS\system32\spmsg.dll
68.484: PFE2: Not avoiding Per File Exceptions.
68.922: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\969a5887ea075430a0a602064eae79\update\update_SP3QFE.inf -> c:\windows\$hf_mig$\KB978601\update\update_SP3QFE.inf.
69.109: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\969a5887ea075430a0a602064eae79\spuninst.exe -> c:\windows\$hf_mig$\KB978601\spuninst.exe.
69.125: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\969a5887ea075430a0a602064eae79\spmsg.dll -> c:\windows\$hf_mig$\KB978601\spmsg.dll.
69.172: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\969a5887ea075430a0a602064eae79\update\spcustom.dll -> c:\windows\$hf_mig$\KB978601\update\spcustom.dll.
69.219: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\969a5887ea075430a0a602064eae79\update\KB978601.CAT -> c:\windows\$hf_mig$\KB978601\update\KB978601.CAT.
69.281: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\969a5887ea075430a0a602064eae79\update\update.exe -> c:\windows\$hf_mig$\KB978601\update\update.exe.
69.313: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\969a5887ea075430a0a602064eae79\update\updspapi.dll -> c:\windows\$hf_mig$\KB978601\update\updspapi.dll.
69.422: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\969a5887ea075430a0a602064eae79\update\update.ver -> c:\windows\$hf_mig$\KB978601\update\update.ver.
69.422: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\969a5887ea075430a0a602064eae79\update\updatebr.inf -> c:\windows\$hf_mig$\KB978601\update\updatebr.inf.
69.422: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\969a5887ea075430a0a602064eae79\update\eula.txt -> c:\windows\$hf_mig$\KB978601\update\eula.txt.
69.453: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\969a5887ea075430a0a602064eae79\update\branches.inf -> c:\windows\$hf_mig$\KB978601\update\branches.inf.
69.469: DoInstallation: Installing assemblies with source root path: c:\969a5887ea075430a0a602064eae79\
69.469: Num Ticks for Copying files : 6016
69.484: Num Ticks for Reg update and deleting 0 size files : 15 
69.609: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section is empty; nothing to do.
80.750: RebootNecessary = 0,WizardInput = 0 , DontReboot = 1, ForceRestart = 0


----------



## Cookiegal (Aug 27, 2003)

Please do this again:

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## sfrisch8 (Feb 6, 2011)

ABBYY FineReader 5.0 Sprint Plus
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.1
AnswerWorks 5.0 English Runtime
Apple Software Update
Bonjour
Broadcom Gigabit Integrated Controller
Compatibility Pack for the 2007 Office system
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB961118)
Lexmark X6100 Series
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Standard
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
Print to Fax
Quicken 2009
QuickTime
Retrospect Express HD 2.5
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
SoundMAX
Spelling Dictionaries Support For Adobe Reader 9
Trend Micro Titanium Maximum Security
Trend Micro Titanium Maximum Security
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB971029)
Windows XP Service Pack 3


----------



## Cookiegal (Aug 27, 2003)

Can you post the KB log for one of these updates that were successfully installed please for comparison purposes.

Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)


----------



## sfrisch8 (Feb 6, 2011)

[KB2393802.log]
1.187: ================================================================================
1.187: 2011/02/08 19:50:17.359 (local)
1.187: C:\WINDOWS\SoftwareDistribution\Download\f35839bf00bc83543dbda7acaf1e2a3b\update\update.exe (version 6.3.13.0)
1.219: DoInstallation: GetProcAddress(InitializeCustomizationDLL) Returned: 0x7f 
1.219: Failed To Enable SE_SHUTDOWN_PRIVILEGE
1.234: Hotfix started with following command line: -q -z -er /ParentInfo:f1e4d1914d0603438891333aa7aca0d6 
1.234: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.250: Return Value From MpSysCheck = 1
1.250: MpSysCheck returned 441092
1.250: Return Value From MpSysCheck = 1
1.250: MpSysCheck returned value( 0x1 ) which is Equal To 0x1
1.250: Condition succeeded for section MagicTrap.Check.Condition in Line 1 of PreRequisite 
1.953: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
1.953: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
1.953: DoInstallation: CleanPFR failed: 0x2 
1.984: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
2.000: SetProductTypes: InfProductBuildType=BuildType.IP
2.062: SetAltOsLoaderPath: No section uses DirId 65701; done.
2.219: DoInstallation: FetchSourceURL for c:\windows\softwaredistribution\download\f35839bf00bc83543dbda7acaf1e2a3b\update\update_SP3GDR.inf failed
2.250: CreateUninstall = 1,Directory = C:\WINDOWS\$NtUninstallKB2393802$ 
2.281: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
2.750: BuildCabinetManifest: update.url absent
2.750: Starting AnalyzeComponents
2.750: AnalyzePhaseZero used 0 ticks
2.750: No c:\windows\INF\updtblk.inf file.
2.750: SetupFindFirstLine in LoadExclusionList Failed with error: 0xe0000102
2.750: SetupFindFirstLine in LoadExclusionList Failed with error: 0xe0000102
2.750: Enumerating Devices of computer, GUID {4d36e966-e325-11ce-bfc1-08002be10318}
3.390: OEM file scan used 640 ticks
4.875: AnalyzePhaseOne: used 2125 ticks
4.875: AnalyzeComponents: Hotpatch analysis disabled; skipping.
4.875: AnalyzeComponents: Hotpatching is disabled.
4.875: FindFirstFile c:\windows\$hf_mig$\*.*
4.937: KB2393802 Setup encountered an error: The update.ver file is not correct.
4.937: KB2393802 Setup encountered an error: The update.ver file is not correct.
4.937: KB2393802 Setup encountered an error: The update.ver file is not correct.
4.937: KB2393802 Setup encountered an error: The update.ver file is not correct.
4.937: KB2393802 Setup encountered an error: The update.ver file is not correct.
4.937: KB2393802 Setup encountered an error: The update.ver file is not correct.
4.937: KB2393802 Setup encountered an error: The update.ver file is not correct.
5.390: AnalyzeForBranching used 156 ticks.
5.625: AnalyzePhaseTwo used 235 ticks
5.625: AnalyzePhaseThree used 0 ticks
5.625: AnalyzePhaseFive used 0 ticks
5.625: AnalyzePhaseSix used 0 ticks
5.625: AnalyzeComponents used 2875 ticks
5.625: Downloading 0 files
5.625: bPatchMode = FALSE
5.625: Inventory complete: ReturnStatus=0, 3360 ticks
5.640: Num Ticks for invent : 3421
5.656: VerifyTargetFileSize: Unable to verify size as Source = NULL for file c:\windows\inf\HFX14.tmp
5.672: Copied file: c:\windows\inf\branches.inf
45.359: Allocation size of drive C: is 4096 bytes, free space = 144648044544 bytes
45.406: AnalyzeDiskUsage: Skipping EstimateDiskUsageForUninstall.
45.406: Drive C: free 137947MB req: 32MB w/uninstall: NOT CALCULATED.
45.406: CabinetBuild complete
45.406: Num Ticks for Cabinet build : 39766
45.406: DynamicStrings section not defined or empty.
45.437: FileInUse:: Detection disabled.
46.437: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
46.797: Num Ticks for Backup : 1391
46.984: Num Ticks for creating uninst inf : 187
46.984: Registering Uninstall Program for -> KB2393802, KB2393802 , 0x0
46.984: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
47.031: System Restore Point set.
47.140: Copied file: C:\WINDOWS\system32\spmsg.dll
47.187: PFE2: Not avoiding Per File Exceptions.
47.375: GetCatVersion: Failed to retrieve version information from C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB2393802.cat with error 0x57
47.750: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\f35839bf00bc83543dbda7acaf1e2a3b\update\update_SP3QFE.inf -> c:\windows\$hf_mig$\KB2393802\update\update_SP3QFE.inf.
47.797: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\f35839bf00bc83543dbda7acaf1e2a3b\spuninst.exe -> c:\windows\$hf_mig$\KB2393802\spuninst.exe.
47.844: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\f35839bf00bc83543dbda7acaf1e2a3b\spmsg.dll -> c:\windows\$hf_mig$\KB2393802\spmsg.dll.
48.125: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\f35839bf00bc83543dbda7acaf1e2a3b\update\spcustom.dll -> c:\windows\$hf_mig$\KB2393802\update\spcustom.dll.
48.140: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\f35839bf00bc83543dbda7acaf1e2a3b\update\KB2393802.CAT -> c:\windows\$hf_mig$\KB2393802\update\KB2393802.CAT.
48.203: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\f35839bf00bc83543dbda7acaf1e2a3b\update\update.exe -> c:\windows\$hf_mig$\KB2393802\update\update.exe.
48.297: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\f35839bf00bc83543dbda7acaf1e2a3b\update\updspapi.dll -> c:\windows\$hf_mig$\KB2393802\update\updspapi.dll.
48.453: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\f35839bf00bc83543dbda7acaf1e2a3b\update\update.ver -> c:\windows\$hf_mig$\KB2393802\update\update.ver.
48.578: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\f35839bf00bc83543dbda7acaf1e2a3b\update\updatebr.inf -> c:\windows\$hf_mig$\KB2393802\update\updatebr.inf.
48.609: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\f35839bf00bc83543dbda7acaf1e2a3b\update\eula.txt -> c:\windows\$hf_mig$\KB2393802\update\eula.txt.
48.656: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\windows\softwaredistribution\download\f35839bf00bc83543dbda7acaf1e2a3b\update\branches.inf -> c:\windows\$hf_mig$\KB2393802\update\branches.inf.
49.265: Copied file: C:\WINDOWS\system32\ntoskrnl.exe
49.687: Copied file: C:\WINDOWS\system32\ntkrnlpa.exe
50.015: Copied file: C:\WINDOWS\system32\ntdll.dll
50.015: Copied file: C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
50.390: Copied file: C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
50.672: Copied file: C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
50.922: Copied file: C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
51.515: Copied file: C:\WINDOWS\system32\DllCache\ntoskrnl.exe
51.719: Copied file: C:\WINDOWS\system32\DllCache\ntkrpamp.exe
51.937: Copied file: C:\WINDOWS\system32\DllCache\ntkrnlpa.exe
52.109: Copied file: C:\WINDOWS\system32\DllCache\ntkrnlmp.exe
52.297: Copied file: C:\WINDOWS\system32\DllCache\ntdll.dll
52.547: Copied file: c:\windows\$hf_mig$\KB2393802\update\mpsyschk.dll
52.656: Copied file: c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
52.890: Copied file: c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
53.140: Copied file: c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
53.531: Copied file: c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrpamp.exe
54.031: Copied file: c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlmp.exe
54.515: DoInstallation: Installing assemblies with source root path: c:\windows\softwaredistribution\download\f35839bf00bc83543dbda7acaf1e2a3b\
54.515: Num Ticks for Copying files : 7531
54.547: Num Ticks for Reg update and deleting 0 size files : 32 
54.609: ---- Old Information In The Registry ------
54.640: Source:C:\WINDOWS\system32\_000012_.tmp.dll (5.1.2600.5755)
54.640: Destination: 
54.640: ---- New Information In The Registry ------
54.640: Source:C:\WINDOWS\system32\_000012_.tmp.dll (5.1.2600.5755)
54.640: Destination: 
59.156: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section is empty; nothing to do.
59.156: IsRebootRequiredForFileQueue: c:\windows\system32\ntoskrnl.exe was no-delay replaced; reboot is required.
59.156: IsRebootRequiredForFileQueue: c:\windows\system32\ntkrnlpa.exe was no-delay replaced; reboot is required.
59.156: IsRebootRequiredForFileQueue: c:\windows\system32\ntdll.dll was no-delay replaced; reboot is required.
59.156: DoInstallation: A reboot is required to complete the installation of one or more files.
59.156: In Function SetVolatileFlag, line 11741, RegOpenKeyEx failed with error 0x2
59.156: In Function SetVolatileFlag, line 11758, RegOpenKeyEx failed with error 0x2
59.156: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot.RebootNotRequired] section is empty; nothing to do.
59.187: RebootNecessary = 1,WizardInput = 1 , DontReboot = 1, ForceRestart = 0


----------



## Cookiegal (Aug 27, 2003)

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## sfrisch8 (Feb 6, 2011)

I'm not sure what happened. I went through all the application errors - double click on error to open it up, then I clicked on the 2 pieces of paper. There were very many errors and as I was pasting them into notepad I got into kind of a little rhythm, rh click, paste & enter. Well I finally looked to see how many there were left and I realized they were all the same error. It was the same error & the same time of day on each. I wanted to surprise you and list ALL the errors instead of just a few like last time. Right now, I am just stunned, blurry eyed and feel stupid for not checking the errors earlier. What do you think I did wrong? Sorry for this.


----------



## sfrisch8 (Feb 6, 2011)

I know this doesn't help but the repeated error is below.

Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/16/2011
Time: 12:06:31 AM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1052) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

It may be Trend Micro or your Backup Now EZ that are interfering with the installation.

Please boot to safe mode, Trend may or may not start up in safe mode so if it does, please disable it. Then try running the installation of this update again please:

KB978601


----------



## sfrisch8 (Feb 6, 2011)

Sorry to keep throwing things at you. Yesterday & today, when I opened a msg in Hotmail -live I get this error: Internet Explorer cannot open the Internet site http://bl162w.blu162.mail.live.com/defaultaspx??rru=inbox&wa=wsignin1.0. and the it said the operation was aborted. The page didn't close but over to the RH side I could see a partial veiw of the "IE cannot open this website" page. I was able to go back to the message & open it.
The 1st time it happened is when I clicked on a message that was to verify junk mail. Nothing closed down, I just clicked on the msg again & everything was fine. But, today it happened again & I can't remember if it was a junk mail classification, or a trusted website (Kohls Dept store).
I'm worried that this could lead to something bigger. I ran "malware bites, anti-malware" full scan which detected zero infections.


----------



## sfrisch8 (Feb 6, 2011)

Just got your message (after I sent the last one about IE7 error.)
So, I will now do what you requested.


----------



## sfrisch8 (Feb 6, 2011)

I tried running the installation of KB978601 in safe mode (Trend was disabled) with no luck. All I get is the .exe file that I saved on my desktop. It asks if I want to "run this this file" and when I do a box comes up the "Software update installation wizard". I go through the process, hit "finish" and nothing happens. I searched under add/remove programs and also MS update and it wasn't there. I "Googled" the KB number & it showed that there were a lot of issues with it. Don't worry, I didn't do anything else.
Sorry again - your continued support is unbelievable, thanks again.


----------



## Cookiegal (Aug 27, 2003)

Please open HijackThis.
Click on *Open Misc Tools Section*
Make sure that both boxes beside "Generate StartupList Log" are checked:

*List all minor sections(Full)*
*List Empty Sections(Complete)*
Click *Generate StartupList Log*.
Click *Yes* at the prompt.
It will open a text file. Please copy the entire contents of that page and paste it here.


----------



## sfrisch8 (Feb 6, 2011)

StartupList report, 3/18/2011, 2:13:17 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HiJackThis\HiJackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.17095)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
C:\PROGRA~1\RETROS~1\RETROS~1.5\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Owner\Start Menu\Programs\Startup]
*No files*
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
*No files*
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ehTray = "C:\WINDOWS\ehome\ehtray.exe"
SoundMAXPnP = "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Trend Micro Client Framework = "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
Trend Micro Titanium = "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
swg = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
= 
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\ComFile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
--------------------------------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
--------------------------------------------------
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=*Registry value not found*
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'
Registry check passed
--------------------------------------------------
Enumerating Browser Helper Objects:
AcroIEHelperStub - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
Trend Micro NSC BHO - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll - {1CA1377B-DC1D-4A52-9585-6E06050FAC53}
Trend Micro Toolbar BHO - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll - {43C6D902-A1C5-45c9-91F6-FD9E90337E18}
(no name) - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
TmBpIeBHO - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}
--------------------------------------------------
Enumerating Task Scheduler jobs:
GoogleUpdateTaskMachineCore.job
GoogleUpdateTaskMachineUA.job
--------------------------------------------------
Enumerating Download Program Files:
[Office Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\OGACheckControl.DLL
CODEBASE = http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238543960270
[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
CODEBASE = http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc4.cab
[{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
CODEBASE = http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
[Windows Live Hotmail Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
NameSpace #4: C:\Program Files\Bonjour\mdnsNSP.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\mswsock.dll
Protocol #5: C:\WINDOWS\system32\mswsock.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\rsvpsp.dll
Protocol #11: C:\WINDOWS\system32\rsvpsp.dll
--------------------------------------------------
Enumerating Windows NT/2000/XP services
Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Trend Micro Solution Platform: "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 (autostart)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
Broadcom NetXtreme 57xx Gigabit Controller: system32\DRIVERS\b57xp32.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Bonjour Service: "C:\Program Files\Bonjour\mDNSResponder.exe" (autostart)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
catchme: \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys (manual start)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
CryptSvc: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Wired AutoConfig: %SystemRoot%\System32\svchost.exe -k dot3svc (manual start)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Extensible Authentication Protocol Service: %SystemRoot%\System32\svchost.exe -k eapsvcs (manual start)
Media Center Receiver Service: C:\WINDOWS\eHome\ehRecvr.exe (autostart)
Media Center Scheduler Service: C:\WINDOWS\eHome\ehSched.exe (autostart)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Windows Presentation Foundation Font Cache 3.0.0.0: c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (manual start)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
Google Update Service (gupdate): "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (disabled)
Google Software Updater: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (disabled)
HCF_MSFT: system32\DRIVERS\HCF_MSFT.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
Health Key and Certificate Management Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
Windows CardSpace: "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: %systemroot%\system32\imapi.exe (manual start)
IntelIde: system32\DRIVERS\intelide.sys (system)
Intel Processor Driver: system32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
LexBce Server: C:\WINDOWS\system32\LEXBCES.EXE (autostart)
LightScribeService Direct Disc Labeling Service: "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
MEMSWEEP2: \??\C:\WINDOWS\system32\A.tmp (manual start)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
MHN: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
MHN driver: system32\DRIVERS\mhndrv.sys (manual start)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
Windows Installer: %systemroot%\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
Network Access Protection Agent: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Net.Tcp Port Sharing Service: "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" (disabled)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NMIndexingService: "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" (disabled)
NTI BackupNowEZSvr: C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe (autostart)
NTIDrvr: \??\C:\WINDOWS\system32\drivers\NTIDrvr.sys (manual start)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: system32\DRIVERS\nv4_mini.sys (manual start)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
Parallel port driver: system32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Retrospect Express HD Helper: "C:\PROGRA~1\RETROS~1\RETROS~1.5\rthlpsvc.exe" (autostart)
Retrospect Express HD Launcher: "C:\PROGRA~1\RETROS~1\RETROS~1.5\retrorun.exe" (autostart)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
senfilt: system32\drivers\senfilt.sys (manual start)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Serial port driver: system32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
smwdm: system32\drivers\smwdm.sys (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{C259DEFA-2D5D-4DD7-9105-04D0404935DA} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\system32\tlntsvr.exe (manual start)
tmactmon: system32\DRIVERS\tmactmon.sys (autostart)
tmcomm: system32\DRIVERS\tmcomm.sys (autostart)
tmevtmgr: system32\DRIVERS\tmevtmgr.sys (autostart)
Trend Micro TDI Driver: system32\DRIVERS\tmtdi.sys (system)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
UBHelper: \??\C:\WINDOWS\system32\drivers\UBHelper.sys (manual start)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (manual start)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Apple Mobile USB Driver: System32\Drivers\usbaapl.sys (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\shell32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*No values found*
--------------------------------------------------
End of report, 34,167 bytes
Report generated in 0.094 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## Cookiegal (Aug 27, 2003)

Are you still using this backup program? Because I don't see it listed in the installed programs.

Backup Now EZ


----------



## sfrisch8 (Feb 6, 2011)

I didn't even realize I had it until you mentioned it. I think it was software that went along with a portable hard drive - but it didn't work & I forgot about it.
I just ran a search on it and it listed: Backup Now EZ folder, the BackupNowEZsvr.exe file and NTI Backup Now EZ.msi. I can try to delete these, but I don't know if it will delete all the sub folders.


----------



## Cookiegal (Aug 27, 2003)

OK, leave those for now. What abou SpySweeper? I see entries for that as well but it's not listed either.


----------



## sfrisch8 (Feb 6, 2011)

I uninstalled SpySweeper. I ran a search & it came up with nothing.


----------



## sfrisch8 (Feb 6, 2011)

Sorry to bother you again but when I logged in to my Hotmail acct., I received this same message as I did the other day:

Internet Explorer cannot open the Internet site http://bl162w.blu162.mail.live.com/d...&wa=wsignin1.0. and the it said the operation was aborted.

But, the page never closed & I could continue reading my mail. I don't know if this has anything to do with all the other stuff going on, but I'm afraid it will get worse & I won't be able to open it at all.


----------



## Cookiegal (Aug 27, 2003)

Apparently that's a bug in IE7 as it has a problem viewing something on the page. You should upgrade to IE8 which is supposed to eliminate the problem.

Please run DDS again. If you don't still have it on the computer, I'll post the full instructions for downloading and running it.

Please download DDS by sUBs to your desktop from one of the following locations:

http://www.techsupportforum.com/sectools/sUBs/dds
http://download.bleepingcomputer.com/sUBs/dds.scr
http://www.forospyware.com/sUBs/dds

Disable any script blocker you may have as they may interfere and then double-click the DDS.scr to run the tool.

When DDS has finished scanning, it will open two logs named as follows:

DDS.txt
Attach.txt

Save them both to your desktop. Copy and paste the contents of the DDS.txt and Attach.txt files in your reply please.


----------



## sfrisch8 (Feb 6, 2011)

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/6/2008 3:40:41 PM
System Uptime: 3/19/2011 3:15:00 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0U7077
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 136.218 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP879: 2/28/2011 4:30:30 PM - Installed Microsoft Fix it 50202
RP880: 2/28/2011 5:16:13 PM - System Checkpoint
RP881: 3/1/2011 6:02:56 PM - System Checkpoint
RP882: 3/2/2011 6:37:05 PM - System Checkpoint
RP883: 3/3/2011 7:38:09 PM - System Checkpoint
RP884: 3/4/2011 8:37:03 PM - System Checkpoint
RP885: 3/5/2011 9:12:27 PM - System Checkpoint
RP886: 3/6/2011 1:42:21 PM - TITANUIMRES[0x01001101]
RP887: 3/7/2011 2:38:23 PM - System Checkpoint
RP888: 3/8/2011 3:11:47 PM - System Checkpoint
RP889: 3/8/2011 7:31:21 PM - Installed HiJackThis
RP890: 3/9/2011 8:43:11 AM - Software Distribution Service 3.0
RP891: 3/10/2011 9:16:57 AM - System Checkpoint
RP892: 3/11/2011 10:11:44 AM - System Checkpoint
RP893: 3/12/2011 12:22:14 PM - System Checkpoint
RP894: 3/13/2011 1:44:44 PM - System Checkpoint
RP895: 3/14/2011 2:11:43 PM - System Checkpoint
RP896: 3/14/2011 5:43:38 PM - Installed Windows XP KB978601.
RP897: 3/14/2011 6:05:19 PM - Installed Windows XP KB978601.
RP898: 3/14/2011 6:12:38 PM - Installed Windows XP KB978601.
RP899: 3/14/2011 8:00:10 PM - Installed Windows XP KB978601.
RP900: 3/15/2011 8:05:33 PM - System Checkpoint
RP901: 3/16/2011 9:06:39 PM - System Checkpoint
RP902: 3/17/2011 10:33:58 PM - System Checkpoint
RP903: 3/18/2011 12:41:59 PM - Installed Windows XP KB978601.
RP904: 3/19/2011 1:12:08 PM - System Checkpoint
.
==== Installed Programs ======================
.
ABBYY FineReader 5.0 Sprint Plus
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.1
AnswerWorks 5.0 English Runtime
Apple Software Update
Bonjour
Broadcom Gigabit Integrated Controller
Compatibility Pack for the 2007 Office system
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Lexmark X6100 Series
LightScribe 1.4.136.1
Microsoft .NET Framework 2.0 Service Pack 2

DDS.txt

DDS (Ver_11-03-05.01) - NTFSx86 
Run by Owner at 15:42:04.48 on Sat 03/19/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.609 [GMT -4:00]
.
AV: Trend Micro Titanium Maximum Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
C:\PROGRA~1\RETROS~1\RETROS~1.5\retrorun.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] "c:\windows\ehome\ehtray.exe"
mRun: [SoundMAXPnP] "c:\program files\analog devices\core\smax4pnp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [KernelFaultCheck] "%systemroot%\system32\dumprep" 0 -k
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [Trend Micro Titanium] "c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe" -set Silent "1" SplashURL ""
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: microsoft.com\office
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238543960270
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - c:\program files\trend micro\titanium\uiframework\ProToolbarIMRatingActiveX.dll
LSA: Notification Packages = scecli scecli
.
============= SERVICES / DRIVERS ===============
.
R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\newtech infosystems\backup now ez\BackupNowEZSvr.exe [2009-9-19 45312]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-2-16 64080]
S2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2011-2-16 196320]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\a.tmp --> c:\windows\system32\A.tmp [?]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-31 135664]
.
=============== Created Last 30 ================
.
2011-03-09 00:31:23 388096 ----a-r- c:\docume~1\owner\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-03-06 18:55:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-19 23:46:10 -------- d-----w- c:\program files\Webroot
.
==================== Find3M ====================
.
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:08:45 832512 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:08:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 23:08:45 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:08:45 17408 ------w- c:\windows\system32\corpol.dll
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:25 389120 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 15:42:20.17 ===============


----------



## Cookiegal (Aug 27, 2003)

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*
Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:dir
c:\program files\newtech infosystems\backup now ez
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*

Then please run it a second time with this command and post that report:


```
:service
MEMSWEEP2
```


----------



## sfrisch8 (Feb 6, 2011)

SystemLook 04.09.10 by jpshortstuff
Log created at 18:28 on 19/03/2011 by Owner
Administrator - Elevation successful
========== dir ==========
c:\program files\newtech infosystems\backup now ez - Parameters: "(none)"
---Files---
BackupNowEZSvr.exe --a---- 45312 bytes [12:04 19/09/2009] [12:04 19/09/2009]
ISchedule.dll --a---- 395776 bytes [11:22 18/09/2009] [11:22 18/09/2009]
IShadowS3.dll --a---- 201216 bytes [11:22 18/09/2009] [11:22 18/09/2009]
sqlite3.dll --a---- 460199 bytes [14:37 30/09/2008] [14:37 30/09/2008]
SyncDll.dll --a---- 480768 bytes [11:23 18/09/2009] [11:23 18/09/2009]
---Folders---
Logs d------ [20:17 02/01/2011]
-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

Go to *Start *- *Run * type in *cmd *then click OK. The MSDOS window will be displayed. At the prompt type the following:

*SC Delete MEMSWEEP2*

Then press Enter

Type:

*Exit*

Then press Enter

Now, go to *Start *- *Run *- type in the following and click OK

*services.msc*

Scroll down the list of services until you file this one:

*NTI BackupNowEZSvr*

Double-click on the service to open it up. Under Service Status, click on the button to Stop the service and then beside Startup Type, click on the arrow to get the drop down menu and select: Disabled

Cick Apply and OK.

Then reboot the computer and then try again to install that last Random update please.


----------



## sfrisch8 (Feb 6, 2011)

I followed your instructions exactly, but it did not install. I even disabled Trend anti-virus.
I checked in my add/remove programs & also Windows update. I did a search and copied the log, just in case it helps.

KB978601.log]
2.016: ================================================================================
2.016: 2011/03/14 17:42:42.619 (local)
2.016: c:\24f44d33983e4dc623477dabf2\update\update.exe (version 6.3.13.0)
2.032: Hotfix started with following command line: 
2.032: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
3.141: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
3.141: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
3.141: ---- Old Information In The Registry ------
3.141: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.cfg.1299576009.tmp 
3.141: Destination: 
3.141: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.1299576009.tmp 
3.141: Destination: 
3.141: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.cfg.1299576009.tmp 
3.141: Destination: 
3.141: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.1299576009.tmp 
3.141: Destination: 
3.141: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\tmwhite.637.1299576009.tmp 
3.141: Destination: 
3.141: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00635.001.1299576009.tmp 
3.141: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.cfg.1299597612.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.1299597612.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.885.1299597612.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.cfg.1299662413.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.1299662413.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00636.001.1299662413.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.cfg.1299684015.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.1299684015.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.887.1299684015.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.cfg.1299738014.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.1299738014.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.cfg.1299738014.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.1299738014.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.889.1299738014.tmp 
3.157: Destination: 
3.172: Source:C:\Program Files\Trend Micro\AMSP\Module\10001\1.5.1381\6.2.1028\ssapiptn.da6.1299738014.tmp 
3.172: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.cfg.1299748811.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.1299748811.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00637.001.1299748811.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.cfg.1299846014.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.1299846014.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00638.001.1299846014.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.cfg.1299856818.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.1299856818.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.891.1299856818.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.cfg.1299943219.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.1299943219.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.893.1299943219.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.cfg.1299964822.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.1299964822.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.895.1299964822.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.cfg.1300029621.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.1300029621.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.897.1300029621.tmp 
3.188: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.cfg.1300083628.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.cfg.1300083628.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.1300083628.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.1300083628.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\127300.txt.1300083628.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\tmtd.ptn.1300083628.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.cfg.1300094428.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.1300094428.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00639.001.1300094428.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.cfg.1300116035.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.1300116035.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.899.1300116035.tmp 
3.203: Destination: 
3.203: ---- New Information In The Registry ------
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.cfg.1299576009.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.1299576009.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.cfg.1299576009.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.1299576009.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\tmwhite.637.1299576009.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00635.001.1299576009.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.cfg.1299597612.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.1299597612.tmp 
3.203: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.885.1299597612.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.cfg.1299662413.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.1299662413.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00636.001.1299662413.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.cfg.1299684015.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.1299684015.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.887.1299684015.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.cfg.1299738014.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.1299738014.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.cfg.1299738014.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.1299738014.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.889.1299738014.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Module\10001\1.5.1381\6.2.1028\ssapiptn.da6.1299738014.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.cfg.1299748811.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.1299748811.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00637.001.1299748811.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.cfg.1299846014.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.1299846014.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00638.001.1299846014.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.cfg.1299856818.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.1299856818.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.891.1299856818.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.cfg.1299943219.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.1299943219.tmp 
3.219: Destination: 
3.235: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.893.1299943219.tmp 
3.235: Destination: 
3.235: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.cfg.1299964822.tmp 
3.235: Destination: 
3.235: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.1299964822.tmp 
3.235: Destination: 
3.235: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.895.1299964822.tmp 
3.235: Destination: 
3.235: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.cfg.1300029621.tmp 
3.235: Destination: 
3.235: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.1300029621.tmp 
3.235: Destination: 
3.235: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.897.1300029621.tmp 
3.235: Destination: 
3.235: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.cfg.1300083628.tmp 
3.235: Destination: 
3.250: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.cfg.1300083628.tmp 
3.250: Destination: 
3.250: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.1300083628.tmp 
3.250: Destination: 
3.250: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.1300083628.tmp 
3.250: Destination: 
3.250: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\127300.txt.1300083628.tmp 
3.250: Destination: 
3.250: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\tmtd.ptn.1300083628.tmp 
3.250: Destination: 
3.250: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.cfg.1300094428.tmp 
3.250: Destination: 
3.250: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.1300094428.tmp 
3.250: Destination: 
3.250: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00639.001.1300094428.tmp 
3.250: Destination: 
3.250: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.cfg.1300116035.tmp 
3.250: Destination: 
3.250: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.1300116035.tmp 
3.250: Destination: 
3.250: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.899.1300116035.tmp 
3.250: Destination: 
3.250: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
3.250: SetProductTypes: InfProductBuildType=BuildType.IP
3.250: SetAltOsLoaderPath: No section uses DirId 65701; done.
3.313: DoInstallation: FetchSourceURL for c:\24f44d33983e4dc623477dabf2\update\update_SP3GDR.inf failed
3.313: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
3.344: BuildCabinetManifest: update.url absent
3.344: Starting AnalyzeComponents
3.344: AnalyzePhaseZero used 0 ticks
3.344: No c:\windows\INF\updtblk.inf file.
3.344: OEM file scan used 0 ticks
3.438: AnalyzePhaseOne: used 94 ticks
3.438: AnalyzeComponents: Hotpatch analysis disabled; skipping.
3.438: AnalyzeComponents: Hotpatching is disabled.
3.438: FindFirstFile c:\windows\$hf_mig$\*.*
6.407: AnalyzeForBranching used 0 ticks.
6.407: AnalyzePhaseTwo used 0 ticks
6.407: AnalyzePhaseThree used 0 ticks
6.407: AnalyzePhaseFive used 0 ticks
6.407: AnalyzePhaseSix used 0 ticks
11.953: AnalyzeComponents used 8609 ticks
11.953: Downloading 0 files
11.953: bPatchMode = FALSE
11.953: Inventory complete: ReturnStatus=0, 8640 ticks
13.438: CreateUninstall = 0,Directory = C:\WINDOWS\$NtUninstallKB978601$ 
13.438: Num Ticks for invent : 10125
13.469: VerifyTargetFileSize: Unable to verify size as Source = NULL for file c:\windows\inf\HFXF97.tmp
13.828: Copied file: c:\windows\inf\branches.inf
53.250: Allocation size of drive C: is 4096 bytes, free space = 146696077312 bytes
53.266: Drive C: free 139900MB req: 5MB w/uninstall 0MB
53.266: CabinetBuild complete
53.266: Num Ticks for Cabinet build : 39828
53.266: DynamicStrings section not defined or empty.
53.282: FileInUse:: Detection disabled.
54.282: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
57.719: System Restore Point set.
57.813: Copied file: C:\WINDOWS\system32\spmsg.dll
58.063: PFE2: Not avoiding Per File Exceptions.
58.360: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\24f44d33983e4dc623477dabf2\update\update_SP3QFE.inf -> c:\windows\$hf_mig$\KB978601\update\update_SP3QFE.inf.
58.438: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\24f44d33983e4dc623477dabf2\spuninst.exe -> c:\windows\$hf_mig$\KB978601\spuninst.exe.
58.563: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\24f44d33983e4dc623477dabf2\spmsg.dll -> c:\windows\$hf_mig$\KB978601\spmsg.dll.
58.610: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\24f44d33983e4dc623477dabf2\update\spcustom.dll -> c:\windows\$hf_mig$\KB978601\update\spcustom.dll.
58.703: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\24f44d33983e4dc623477dabf2\update\KB978601.CAT -> c:\windows\$hf_mig$\KB978601\update\KB978601.CAT.
58.907: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\24f44d33983e4dc623477dabf2\update\update.exe -> c:\windows\$hf_mig$\KB978601\update\update.exe.
59.016: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\24f44d33983e4dc623477dabf2\update\updspapi.dll -> c:\windows\$hf_mig$\KB978601\update\updspapi.dll.
59.063: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\24f44d33983e4dc623477dabf2\update\update.ver -> c:\windows\$hf_mig$\KB978601\update\update.ver.
59.078: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\24f44d33983e4dc623477dabf2\update\updatebr.inf -> c:\windows\$hf_mig$\KB978601\update\updatebr.inf.
59.094: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\24f44d33983e4dc623477dabf2\update\eula.txt -> c:\windows\$hf_mig$\KB978601\update\eula.txt.
59.172: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\24f44d33983e4dc623477dabf2\update\branches.inf -> c:\windows\$hf_mig$\KB978601\update\branches.inf.
59.203: DoInstallation: Installing assemblies with source root path: c:\24f44d33983e4dc623477dabf2\
59.203: Num Ticks for Copying files : 5937
59.219: Num Ticks for Reg update and deleting 0 size files : 16 
59.266: ---- Old Information In The Registry ------
59.266: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.cfg.1299576009.tmp 
59.266: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.1299576009.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.cfg.1299576009.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.1299576009.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\tmwhite.637.1299576009.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00635.001.1299576009.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.cfg.1299597612.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.1299597612.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.885.1299597612.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.cfg.1299662413.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.1299662413.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00636.001.1299662413.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.cfg.1299684015.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.1299684015.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.887.1299684015.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.cfg.1299738014.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.1299738014.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.cfg.1299738014.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.1299738014.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.889.1299738014.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Module\10001\1.5.1381\6.2.1028\ssapiptn.da6.1299738014.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.cfg.1299748811.tmp 
59.282: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.1299748811.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00637.001.1299748811.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.cfg.1299846014.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.1299846014.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00638.001.1299846014.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.cfg.1299856818.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.1299856818.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.891.1299856818.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.cfg.1299943219.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.1299943219.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.893.1299943219.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.cfg.1299964822.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.1299964822.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.895.1299964822.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.cfg.1300029621.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.1300029621.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.897.1300029621.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.cfg.1300083628.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.cfg.1300083628.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.1300083628.tmp 
59.297: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.1300083628.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\127300.txt.1300083628.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\tmtd.ptn.1300083628.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.cfg.1300094428.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.1300094428.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00639.001.1300094428.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.cfg.1300116035.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.1300116035.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.899.1300116035.tmp 
59.313: Destination: 
59.313: ---- New Information In The Registry ------
59.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.cfg.1299576009.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.1299576009.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.cfg.1299576009.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.1299576009.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\tmwhite.637.1299576009.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00635.001.1299576009.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.cfg.1299597612.tmp 
59.313: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.1299597612.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.885.1299597612.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.cfg.1299662413.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.1299662413.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00636.001.1299662413.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.cfg.1299684015.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.1299684015.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.887.1299684015.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.cfg.1299738014.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.1299738014.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.cfg.1299738014.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.1299738014.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.889.1299738014.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Module\10001\1.5.1381\6.2.1028\ssapiptn.da6.1299738014.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.cfg.1299748811.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.1299748811.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00637.001.1299748811.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.cfg.1299846014.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.1299846014.tmp 
59.328: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00638.001.1299846014.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.cfg.1299856818.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.1299856818.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.891.1299856818.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.cfg.1299943219.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.1299943219.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.893.1299943219.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.cfg.1299964822.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.1299964822.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.895.1299964822.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.cfg.1300029621.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.1300029621.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.897.1300029621.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.cfg.1300083628.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.cfg.1300083628.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.1300083628.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.1300083628.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\127300.txt.1300083628.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\tmtd.ptn.1300083628.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.cfg.1300094428.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.1300094428.tmp 
59.344: Destination: 
59.360: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00639.001.1300094428.tmp 
59.360: Destination: 
59.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.cfg.1300116035.tmp 
59.360: Destination: 
59.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.1300116035.tmp 
59.360: Destination: 
59.360: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.899.1300116035.tmp 
59.360: Destination: 
59.360: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section is empty; nothing to do.
228.485: RebootNecessary = 0,WizardInput = 0 , DontReboot = 1, ForceRestart = 0
1.313: ================================================================================
1.313: 2011/03/14 17:58:28.713 (local)
1.313: c:\136a15b86cded1cff38164d3\update\update.exe (version 6.3.13.0)
1.329: Hotfix started with following command line: 
1.329: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
2.297: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
2.297: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
2.297: ---- Old Information In The Registry ------
2.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.cfg.1299576009.tmp 
2.297: Destination: 
2.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.1299576009.tmp 
2.297: Destination: 
2.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.cfg.1299576009.tmp 
2.297: Destination: 
2.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.1299576009.tmp 
2.297: Destination: 
2.297: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\tmwhite.637.1299576009.tmp 
2.297: Destination: 
2.297: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00635.001.1299576009.tmp 
2.297: Destination: 
2.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.cfg.1299597612.tmp 
2.297: Destination: 
2.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.1299597612.tmp 
2.313: Destination: 
2.313: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.885.1299597612.tmp 
2.313: Destination: 
2.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.cfg.1299662413.tmp 
2.313: Destination: 
2.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.1299662413.tmp 
2.313: Destination: 
2.313: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00636.001.1299662413.tmp 
2.313: Destination: 
2.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.cfg.1299684015.tmp 
2.313: Destination: 
2.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.1299684015.tmp 
2.313: Destination: 
2.313: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.887.1299684015.tmp 
2.313: Destination: 
2.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.cfg.1299738014.tmp 
2.313: Destination: 
2.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.1299738014.tmp 
2.313: Destination: 
2.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.cfg.1299738014.tmp 
2.313: Destination: 
2.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.1299738014.tmp 
2.313: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.889.1299738014.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Module\10001\1.5.1381\6.2.1028\ssapiptn.da6.1299738014.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.cfg.1299748811.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.1299748811.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00637.001.1299748811.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.cfg.1299846014.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.1299846014.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00638.001.1299846014.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.cfg.1299856818.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.1299856818.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.891.1299856818.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.cfg.1299943219.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.1299943219.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.893.1299943219.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.cfg.1299964822.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.1299964822.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.895.1299964822.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.cfg.1300029621.tmp 
2.329: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.1300029621.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.897.1300029621.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.cfg.1300083628.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.cfg.1300083628.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.1300083628.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.1300083628.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\127300.txt.1300083628.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\tmtd.ptn.1300083628.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.cfg.1300094428.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.1300094428.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00639.001.1300094428.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.cfg.1300116035.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.1300116035.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.899.1300116035.tmp 
2.344: Destination: 
2.344: ---- New Information In The Registry ------
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.cfg.1299576009.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.1299576009.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.cfg.1299576009.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.1299576009.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\tmwhite.637.1299576009.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00635.001.1299576009.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.cfg.1299597612.tmp 
2.344: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.1299597612.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.885.1299597612.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.cfg.1299662413.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.1299662413.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00636.001.1299662413.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.cfg.1299684015.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.1299684015.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.887.1299684015.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.cfg.1299738014.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.1299738014.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.cfg.1299738014.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.1299738014.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.889.1299738014.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Module\10001\1.5.1381\6.2.1028\ssapiptn.da6.1299738014.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.cfg.1299748811.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.1299748811.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00637.001.1299748811.tmp 
2.360: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.cfg.1299846014.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.1299846014.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00638.001.1299846014.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.cfg.1299856818.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.1299856818.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.891.1299856818.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.cfg.1299943219.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.1299943219.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.893.1299943219.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.cfg.1299964822.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.1299964822.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.895.1299964822.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.cfg.1300029621.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.1300029621.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.897.1300029621.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.cfg.1300083628.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.cfg.1300083628.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.1300083628.tmp 
2.375: Destination: 
2.391: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.1300083628.tmp 
2.391: Destination: 
2.391: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\127300.txt.1300083628.tmp 
2.391: Destination: 
2.391: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\tmtd.ptn.1300083628.tmp 
2.391: Destination: 
2.391: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.cfg.1300094428.tmp 
2.391: Destination: 
2.391: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.1300094428.tmp 
2.391: Destination: 
2.391: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00639.001.1300094428.tmp 
2.391: Destination: 
2.391: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.cfg.1300116035.tmp 
2.391: Destination: 
2.391: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.1300116035.tmp 
2.391: Destination: 
2.391: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.899.1300116035.tmp 
2.391: Destination: 
2.391: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
2.391: SetProductTypes: InfProductBuildType=BuildType.IP
2.391: SetAltOsLoaderPath: No section uses DirId 65701; done.
2.422: DoInstallation: FetchSourceURL for c:\136a15b86cded1cff38164d3\update\update_SP3GDR.inf failed
2.438: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
2.454: BuildCabinetManifest: update.url absent
2.454: Starting AnalyzeComponents
2.454: AnalyzePhaseZero used 0 ticks
2.454: No c:\windows\INF\updtblk.inf file.
2.454: OEM file scan used 0 ticks
2.454: AnalyzePhaseOne: used 0 ticks
2.454: AnalyzeComponents: Hotpatch analysis disabled; skipping.
2.454: AnalyzeComponents: Hotpatching is disabled.
2.454: FindFirstFile c:\windows\$hf_mig$\*.*
3.047: AnalyzeForBranching used 0 ticks.
3.047: AnalyzePhaseTwo used 0 ticks
3.047: AnalyzePhaseThree used 0 ticks
3.047: AnalyzePhaseFive used 0 ticks
3.063: AnalyzePhaseSix used 16 ticks
17.407: Message displayed to the user: Are you sure you want to cancel?
17.407: User Input: YES
18.063: AnalyzeComponents: Cancelled
18.063: Inventory complete: ReturnStatus=1223, 15641 ticks
18.094: KB978601 Setup canceled.
22.000: Message displayed to the user: KB978601 Setup canceled.
22.000: User Input: OK
22.000: Update.exe extended error code = 0xf00d
22.000: Update.exe return code was masked to 0x643 for MSI custom action compliance.
1.344: ================================================================================
1.344: 2011/03/14 17:59:51.867 (local)
1.344: c:\cb73b6e207efd0c373e201d4\update\update.exe (version 6.3.13.0)
1.360: Hotfix started with following command line: 
1.360: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.657: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
1.657: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
1.657: ---- Old Information In The Registry ------
1.657: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.cfg.1299576009.tmp 
1.657: Destination: 
1.657: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.1299576009.tmp 
1.657: Destination: 
1.657: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.cfg.1299576009.tmp 
1.657: Destination: 
1.657: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.1299576009.tmp 
1.657: Destination: 
1.657: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\tmwhite.637.1299576009.tmp 
1.657: Destination: 
1.657: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00635.001.1299576009.tmp 
1.657: Destination: 
1.657: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.cfg.1299597612.tmp 
1.657: Destination: 
1.657: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.1299597612.tmp 
1.657: Destination: 
1.657: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.885.1299597612.tmp 
1.657: Destination: 
1.657: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.cfg.1299662413.tmp 
1.657: Destination: 
1.657: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.1299662413.tmp 
1.657: Destination: 
1.657: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00636.001.1299662413.tmp 
1.657: Destination: 
1.657: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.cfg.1299684015.tmp 
1.657: Destination: 
1.672: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.1299684015.tmp 
1.672: Destination: 
1.672: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.887.1299684015.tmp 
1.672: Destination: 
1.672: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.cfg.1299738014.tmp 
1.672: Destination: 
1.672: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.1299738014.tmp 
1.672: Destination: 
1.672: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.cfg.1299738014.tmp 
1.672: Destination: 
1.672: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.1299738014.tmp 
1.672: Destination: 
1.672: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.889.1299738014.tmp 
1.672: Destination: 
1.672: Source:C:\Program Files\Trend Micro\AMSP\Module\10001\1.5.1381\6.2.1028\ssapiptn.da6.1299738014.tmp 
1.672: Destination: 
1.672: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.cfg.1299748811.tmp 
1.672: Destination: 
1.672: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.1299748811.tmp 
1.672: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00637.001.1299748811.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.cfg.1299846014.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.1299846014.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00638.001.1299846014.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.cfg.1299856818.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.1299856818.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.891.1299856818.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.cfg.1299943219.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.1299943219.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.893.1299943219.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.cfg.1299964822.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.1299964822.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.895.1299964822.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.cfg.1300029621.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.1300029621.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.897.1300029621.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.cfg.1300083628.tmp 
1.688: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.cfg.1300083628.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.1300083628.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.1300083628.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\127300.txt.1300083628.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\tmtd.ptn.1300083628.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.cfg.1300094428.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.1300094428.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00639.001.1300094428.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.cfg.1300116035.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.1300116035.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.899.1300116035.tmp 
1.704: Destination: 
1.704: ---- New Information In The Registry ------
1.704: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.cfg.1299576009.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.1299576009.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.cfg.1299576009.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.1299576009.tmp 
1.704: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\tmwhite.637.1299576009.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00635.001.1299576009.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.cfg.1299597612.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.1299597612.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.885.1299597612.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.cfg.1299662413.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.1299662413.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00636.001.1299662413.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.cfg.1299684015.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.1299684015.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.887.1299684015.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.cfg.1299738014.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.1299738014.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.cfg.1299738014.tmp 
1.719: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.1299738014.tmp 
1.735: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.889.1299738014.tmp 
1.735: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Module\10001\1.5.1381\6.2.1028\ssapiptn.da6.1299738014.tmp 
1.735: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.cfg.1299748811.tmp 
1.735: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.1299748811.tmp 
1.735: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00637.001.1299748811.tmp 
1.735: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.cfg.1299846014.tmp 
1.735: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.1299846014.tmp 
1.735: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00638.001.1299846014.tmp 
1.735: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.cfg.1299856818.tmp 
1.735: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.1299856818.tmp 
1.735: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.891.1299856818.tmp 
1.735: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.cfg.1299943219.tmp 
1.735: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.1299943219.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.893.1299943219.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.cfg.1299964822.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.1299964822.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.895.1299964822.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.cfg.1300029621.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.1300029621.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.897.1300029621.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.cfg.1300083628.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.cfg.1300083628.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.1300083628.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.1300083628.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\127300.txt.1300083628.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\tmtd.ptn.1300083628.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.cfg.1300094428.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.1300094428.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00639.001.1300094428.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.cfg.1300116035.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.1300116035.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.899.1300116035.tmp 
1.750: Destination: 
1.766: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.766: SetProductTypes: InfProductBuildType=BuildType.IP
1.766: SetAltOsLoaderPath: No section uses DirId 65701; done.
1.797: DoInstallation: FetchSourceURL for c:\cb73b6e207efd0c373e201d4\update\update_SP3GDR.inf failed
1.797: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
1.813: BuildCabinetManifest: update.url absent
1.813: Starting AnalyzeComponents
1.813: AnalyzePhaseZero used 0 ticks
1.813: No c:\windows\INF\updtblk.inf file.
1.813: OEM file scan used 0 ticks
1.813: AnalyzePhaseOne: used 0 ticks
1.813: AnalyzeComponents: Hotpatch analysis disabled; skipping.
1.813: AnalyzeComponents: Hotpatching is disabled.
1.813: FindFirstFile c:\windows\$hf_mig$\*.*
2.469: AnalyzeForBranching used 0 ticks.
2.469: AnalyzePhaseTwo used 0 ticks
2.469: AnalyzePhaseThree used 0 ticks
2.469: AnalyzePhaseFive used 0 ticks
2.485: AnalyzePhaseSix used 16 ticks
12.907: Message displayed to the user: Are you sure you want to cancel?
12.907: User Input: YES
14.485: AnalyzeComponents: Cancelled
14.485: Inventory complete: ReturnStatus=1223, 12688 ticks
14.485: KB978601 Setup canceled.
16.719: Message displayed to the user: KB978601 Setup canceled.
16.719: User Input: OK
16.719: Update.exe extended error code = 0xf00d
16.719: Update.exe return code was masked to 0x643 for MSI custom action compliance.
1.359: ================================================================================
1.359: 2011/03/14 18:04:30.609 (local)
1.359: c:\60dff07201fa92d9b8\update\update.exe (version 6.3.13.0)
1.375: Hotfix started with following command line: 
1.375: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
2.640: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
2.640: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
2.640: DoInstallation: CleanPFR failed: 0x2 
2.640: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
2.640: SetProductTypes: InfProductBuildType=BuildType.IP
2.640: SetAltOsLoaderPath: No section uses DirId 65701; done.
2.718: DoInstallation: FetchSourceURL for c:\60dff07201fa92d9b8\update\update_SP3GDR.inf failed
2.718: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
2.734: BuildCabinetManifest: update.url absent
2.734: Starting AnalyzeComponents
2.734: AnalyzePhaseZero used 0 ticks
2.734: No c:\windows\INF\updtblk.inf file.
2.734: OEM file scan used 0 ticks
2.796: AnalyzePhaseOne: used 62 ticks
2.796: AnalyzeComponents: Hotpatch analysis disabled; skipping.
2.796: AnalyzeComponents: Hotpatching is disabled.
2.796: FindFirstFile c:\windows\$hf_mig$\*.*
6.875: AnalyzeForBranching used 0 ticks.
6.875: AnalyzePhaseTwo used 0 ticks
6.875: AnalyzePhaseThree used 0 ticks
6.875: AnalyzePhaseFive used 0 ticks
6.875: AnalyzePhaseSix used 0 ticks
6.875: AnalyzeComponents used 4141 ticks
6.875: Downloading 0 files
6.875: bPatchMode = FALSE
6.875: Inventory complete: ReturnStatus=0, 4157 ticks
7.640: CreateUninstall = 0,Directory = C:\WINDOWS\$NtUninstallKB978601$ 
7.640: Num Ticks for invent : 4922
7.687: VerifyTargetFileSize: Unable to verify size as Source = NULL for file c:\windows\inf\HFX6.tmp
7.781: Copied file: c:\windows\inf\branches.inf
45.250: Allocation size of drive C: is 4096 bytes, free space = 146714492928 bytes
45.265: Drive C: free 139917MB req: 5MB w/uninstall 0MB
45.265: CabinetBuild complete
45.265: Num Ticks for Cabinet build : 37625
45.265: DynamicStrings section not defined or empty.
45.281: FileInUse:: Detection disabled.
46.281: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
50.296: System Restore Point set.
50.484: Copied file: C:\WINDOWS\system32\spmsg.dll
50.546: PFE2: Not avoiding Per File Exceptions.
51.062: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\60dff07201fa92d9b8\update\update_SP3QFE.inf -> c:\windows\$hf_mig$\KB978601\update\update_SP3QFE.inf.
51.453: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\60dff07201fa92d9b8\spuninst.exe -> c:\windows\$hf_mig$\KB978601\spuninst.exe.
51.750: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\60dff07201fa92d9b8\spmsg.dll -> c:\windows\$hf_mig$\KB978601\spmsg.dll.
52.140: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\60dff07201fa92d9b8\update\spcustom.dll -> c:\windows\$hf_mig$\KB978601\update\spcustom.dll.
52.312: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\60dff07201fa92d9b8\update\KB978601.CAT -> c:\windows\$hf_mig$\KB978601\update\KB978601.CAT.
52.781: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\60dff07201fa92d9b8\update\update.exe -> c:\windows\$hf_mig$\KB978601\update\update.exe.
53.265: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\60dff07201fa92d9b8\update\updspapi.dll -> c:\windows\$hf_mig$\KB978601\update\updspapi.dll.
53.468: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\60dff07201fa92d9b8\update\update.ver -> c:\windows\$hf_mig$\KB978601\update\update.ver.
53.500: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\60dff07201fa92d9b8\update\updatebr.inf -> c:\windows\$hf_mig$\KB978601\update\updatebr.inf.
53.500: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\60dff07201fa92d9b8\update\eula.txt -> c:\windows\$hf_mig$\KB978601\update\eula.txt.
53.593: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\60dff07201fa92d9b8\update\branches.inf -> c:\windows\$hf_mig$\KB978601\update\branches.inf.
53.609: DoInstallation: Installing assemblies with source root path: c:\60dff07201fa92d9b8\
53.609: Num Ticks for Copying files : 8344
53.625: Num Ticks for Reg update and deleting 0 size files : 16 
53.812: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section is empty; nothing to do.
180.640: RebootNecessary = 0,WizardInput = 0 , DontReboot = 1, ForceRestart = 0
1.063: ================================================================================
1.063: 2011/03/14 18:09:45.125 (local)
1.063: c:\81ba9792c3efcf7f1f75\update\update.exe (version 6.3.13.0)
1.078: Hotfix started with following command line: 
1.078: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.391: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
1.391: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
1.391: DoInstallation: CleanPFR failed: 0x2 
1.391: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.391: SetProductTypes: InfProductBuildType=BuildType.IP
1.391: SetAltOsLoaderPath: No section uses DirId 65701; done.
1.422: DoInstallation: FetchSourceURL for c:\81ba9792c3efcf7f1f75\update\update_SP3GDR.inf failed
1.422: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
1.438: BuildCabinetManifest: update.url absent
1.438: Starting AnalyzeComponents
1.438: AnalyzePhaseZero used 0 ticks
1.438: No c:\windows\INF\updtblk.inf file.
1.438: OEM file scan used 0 ticks
1.438: AnalyzePhaseOne: used 0 ticks
1.438: AnalyzeComponents: Hotpatch analysis disabled; skipping.
1.438: AnalyzeComponents: Hotpatching is disabled.
1.438: FindFirstFile c:\windows\$hf_mig$\*.*
1.844: AnalyzeForBranching used 0 ticks.
1.859: AnalyzePhaseTwo used 15 ticks
1.859: AnalyzePhaseThree used 0 ticks
1.859: AnalyzePhaseFive used 0 ticks
1.859: AnalyzePhaseSix used 0 ticks
15.906: AnalyzeComponents used 14468 ticks
15.906: Downloading 0 files
15.906: bPatchMode = FALSE
15.906: Inventory complete: ReturnStatus=0, 14484 ticks
17.500: CreateUninstall = 0,Directory = C:\WINDOWS\$NtUninstallKB978601$ 
17.500: Num Ticks for invent : 16078
17.531: VerifyTargetFileSize: Unable to verify size as Source = NULL for file c:\windows\inf\HFX32.tmp
17.594: Copied file: c:\windows\inf\branches.inf
40.047: Message displayed to the user: Are you sure you want to cancel?
40.047: User Input: YES
48.781: Error getting disk usage info, GLE=0x4c7
48.781: DoInstallation:AnalyzeDiskUsage failed
48.844: KB978601 Setup canceled.
51.625: Message displayed to the user: KB978601 Setup canceled.
51.625: User Input: OK
51.625: Update.exe extended error code = 0xf00d
51.625: Update.exe return code was masked to 0x643 for MSI custom action compliance.
1.125: ================================================================================
1.125: 2011/03/14 18:11:58.453 (local)
1.125: c:\2099b78fc012a4ebc0\update\update.exe (version 6.3.13.0)
1.140: Hotfix started with following command line: 
1.156: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.515: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
1.515: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
1.515: DoInstallation: CleanPFR failed: 0x2 
1.515: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.515: SetProductTypes: InfProductBuildType=BuildType.IP
1.515: SetAltOsLoaderPath: No section uses DirId 65701; done.
1.547: DoInstallation: FetchSourceURL for c:\2099b78fc012a4ebc0\update\update_SP3GDR.inf failed
1.547: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
1.562: BuildCabinetManifest: update.url absent
1.562: Starting AnalyzeComponents
1.562: AnalyzePhaseZero used 0 ticks
1.562: No c:\windows\INF\updtblk.inf file.
1.562: OEM file scan used 0 ticks
1.562: AnalyzePhaseOne: used 0 ticks
1.562: AnalyzeComponents: Hotpatch analysis disabled; skipping.
1.562: AnalyzeComponents: Hotpatching is disabled.
1.562: FindFirstFile c:\windows\$hf_mig$\*.*
1.953: AnalyzeForBranching used 0 ticks.
1.953: AnalyzePhaseTwo used 0 ticks
1.953: AnalyzePhaseThree used 0 ticks
1.953: AnalyzePhaseFive used 0 ticks
1.968: AnalyzePhaseSix used 15 ticks
25.047: Message displayed to the user: Are you sure you want to cancel?
25.047: User Input: NO
28.906: AnalyzeComponents used 27344 ticks
28.906: Downloading 0 files
28.906: bPatchMode = FALSE
28.906: Inventory complete: ReturnStatus=0, 27359 ticks
31.015: CreateUninstall = 0,Directory = C:\WINDOWS\$NtUninstallKB978601$ 
31.015: Num Ticks for invent : 29468
31.031: VerifyTargetFileSize: Unable to verify size as Source = NULL for file c:\windows\inf\HFX33.tmp
31.062: Copied file: c:\windows\inf\branches.inf
36.265: Allocation size of drive C: is 4096 bytes, free space = 146684612608 bytes
36.281: Drive C: free 139889MB req: 5MB w/uninstall 0MB
36.281: CabinetBuild complete
36.281: Num Ticks for Cabinet build : 5266
36.281: DynamicStrings section not defined or empty.
36.297: FileInUse:: Detection disabled.
37.297: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
41.218: System Restore Point set.
41.265: Copied file: C:\WINDOWS\system32\spmsg.dll
41.281: PFE2: Not avoiding Per File Exceptions.
41.515: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\2099b78fc012a4ebc0\update\update_SP3QFE.inf -> c:\windows\$hf_mig$\KB978601\update\update_SP3QFE.inf.
41.578: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\2099b78fc012a4ebc0\spuninst.exe -> c:\windows\$hf_mig$\KB978601\spuninst.exe.
41.593: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\2099b78fc012a4ebc0\spmsg.dll -> c:\windows\$hf_mig$\KB978601\spmsg.dll.
41.797: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\2099b78fc012a4ebc0\update\spcustom.dll -> c:\windows\$hf_mig$\KB978601\update\spcustom.dll.
41.906: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\2099b78fc012a4ebc0\update\KB978601.CAT -> c:\windows\$hf_mig$\KB978601\update\KB978601.CAT.
42.125: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\2099b78fc012a4ebc0\update\update.exe -> c:\windows\$hf_mig$\KB978601\update\update.exe.
42.390: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\2099b78fc012a4ebc0\update\updspapi.dll -> c:\windows\$hf_mig$\KB978601\update\updspapi.dll.
42.406: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\2099b78fc012a4ebc0\update\update.ver -> c:\windows\$hf_mig$\KB978601\update\update.ver.
42.422: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\2099b78fc012a4ebc0\update\updatebr.inf -> c:\windows\$hf_mig$\KB978601\update\updatebr.inf.
42.422: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\2099b78fc012a4ebc0\update\eula.txt -> c:\windows\$hf_mig$\KB978601\update\eula.txt.
42.453: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\2099b78fc012a4ebc0\update\branches.inf -> c:\windows\$hf_mig$\KB978601\update\branches.inf.
42.484: DoInstallation: Installing assemblies with source root path: c:\2099b78fc012a4ebc0\
42.484: Num Ticks for Copying files : 6203
42.484: Num Ticks for Reg update and deleting 0 size files : 0 
42.593: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section is empty; nothing to do.
53.953: RebootNecessary = 0,WizardInput = 0 , DontReboot = 1, ForceRestart = 0
1.078: ================================================================================
1.078: 2011/03/14 19:59:03.015 (local)
1.078: c:\969a5887ea075430a0a602064eae79\update\update.exe (version 6.3.13.0)
1.109: Hotfix started with following command line: 
1.109: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.609: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
1.609: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
1.609: DoInstallation: CleanPFR failed: 0x2 
1.609: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.609: SetProductTypes: InfProductBuildType=BuildType.IP
1.625: SetAltOsLoaderPath: No section uses DirId 65701; done.
1.656: DoInstallation: FetchSourceURL for c:\969a5887ea075430a0a602064eae79\update\update_SP3GDR.inf failed
1.656: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
1.656: BuildCabinetManifest: update.url absent
1.656: Starting AnalyzeComponents
1.656: AnalyzePhaseZero used 0 ticks
1.656: No c:\windows\INF\updtblk.inf file.
1.656: OEM file scan used 0 ticks
1.672: AnalyzePhaseOne: used 16 ticks
1.672: AnalyzeComponents: Hotpatch analysis disabled; skipping.
1.672: AnalyzeComponents: Hotpatching is disabled.
1.672: FindFirstFile c:\windows\$hf_mig$\*.*
2.078: AnalyzeForBranching used 0 ticks.
2.078: AnalyzePhaseTwo used 0 ticks
2.078: AnalyzePhaseThree used 0 ticks
2.078: AnalyzePhaseFive used 0 ticks
2.094: AnalyzePhaseSix used 16 ticks
32.281: AnalyzeComponents used 30625 ticks
32.297: Downloading 0 files
32.297: bPatchMode = FALSE
32.297: Inventory complete: ReturnStatus=0, 30641 ticks
33.469: CreateUninstall = 0,Directory = C:\WINDOWS\$NtUninstallKB978601$ 
33.469: Num Ticks for invent : 31813
33.500: VerifyTargetFileSize: Unable to verify size as Source = NULL for file c:\windows\inf\HFX5F.tmp
33.563: Copied file: c:\windows\inf\branches.inf
63.422: Allocation size of drive C: is 4096 bytes, free space = 146621075456 bytes
63.453: Drive C: free 139828MB req: 5MB w/uninstall 0MB
63.453: CabinetBuild complete
63.453: Num Ticks for Cabinet build : 29984
63.453: DynamicStrings section not defined or empty.
63.469: FileInUse:: Detection disabled.
64.469: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
68.422: System Restore Point set.
68.469: Copied file: C:\WINDOWS\system32\spmsg.dll
68.484: PFE2: Not avoiding Per File Exceptions.
68.922: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\969a5887ea075430a0a602064eae79\update\update_SP3QFE.inf -> c:\windows\$hf_mig$\KB978601\update\update_SP3QFE.inf.
69.109: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\969a5887ea075430a0a602064eae79\spuninst.exe -> c:\windows\$hf_mig$\KB978601\spuninst.exe.
69.125: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\969a5887ea075430a0a602064eae79\spmsg.dll -> c:\windows\$hf_mig$\KB978601\spmsg.dll.
69.172: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\969a5887ea075430a0a602064eae79\update\spcustom.dll -> c:\windows\$hf_mig$\KB978601\update\spcustom.dll.
69.219: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\969a5887ea075430a0a602064eae79\update\KB978601.CAT -> c:\windows\$hf_mig$\KB978601\update\KB978601.CAT.
69.281: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\969a5887ea075430a0a602064eae79\update\update.exe -> c:\windows\$hf_mig$\KB978601\update\update.exe.
69.313: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\969a5887ea075430a0a602064eae79\update\updspapi.dll -> c:\windows\$hf_mig$\KB978601\update\updspapi.dll.
69.422: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\969a5887ea075430a0a602064eae79\update\update.ver -> c:\windows\$hf_mig$\KB978601\update\update.ver.
69.422: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\969a5887ea075430a0a602064eae79\update\updatebr.inf -> c:\windows\$hf_mig$\KB978601\update\updatebr.inf.
69.422: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\969a5887ea075430a0a602064eae79\update\eula.txt -> c:\windows\$hf_mig$\KB978601\update\eula.txt.
69.453: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\969a5887ea075430a0a602064eae79\update\branches.inf -> c:\windows\$hf_mig$\KB978601\update\branches.inf.
69.469: DoInstallation: Installing assemblies with source root path: c:\969a5887ea075430a0a602064eae79\
69.469: Num Ticks for Copying files : 6016
69.484: Num Ticks for Reg update and deleting 0 size files : 15 
69.609: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section is empty; nothing to do.
80.750: RebootNecessary = 0,WizardInput = 0 , DontReboot = 1, ForceRestart = 0
9.234: ================================================================================
9.250: 2011/03/18 12:13:57.656 (local)
9.250: c:\f2deb304b4c83d80ace7c1\update\update.exe (version 6.3.13.0)
9.281: Hotfix started with following command line: 
9.328: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
12.062: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
12.062: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
12.062: DoInstallation: CleanPFR failed: 0x2 
12.062: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
12.062: SetProductTypes: InfProductBuildType=BuildType.IP
12.062: SetAltOsLoaderPath: No section uses DirId 65701; done.
12.281: DoInstallation: FetchSourceURL for c:\f2deb304b4c83d80ace7c1\update\update_SP3GDR.inf failed
12.281: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
12.328: BuildCabinetManifest: update.url absent
12.328: Starting AnalyzeComponents
12.328: AnalyzePhaseZero used 0 ticks
12.328: No c:\windows\INF\updtblk.inf file.
12.328: OEM file scan used 0 ticks
12.594: AnalyzePhaseOne: used 266 ticks
12.594: AnalyzeComponents: Hotpatch analysis disabled; skipping.
12.594: AnalyzeComponents: Hotpatching is disabled.
12.594: FindFirstFile c:\windows\$hf_mig$\*.*
17.578: AnalyzeForBranching used 0 ticks.
17.594: AnalyzePhaseTwo used 0 ticks
17.594: AnalyzePhaseThree used 0 ticks
17.594: AnalyzePhaseFive used 0 ticks
17.594: AnalyzePhaseSix used 0 ticks
17.594: AnalyzeComponents used 5266 ticks
17.594: Downloading 0 files
17.594: bPatchMode = FALSE
17.594: Inventory complete: ReturnStatus=0, 5313 ticks
17.844: CreateUninstall = 0,Directory = C:\WINDOWS\$NtUninstallKB978601$ 
17.844: Num Ticks for invent : 5563
17.953: VerifyTargetFileSize: Unable to verify size as Source = NULL for file c:\windows\inf\HFX1.tmp
18.078: Copied file: c:\windows\inf\branches.inf
59.422: Allocation size of drive C: is 4096 bytes, free space = 147375321088 bytes
59.422: Drive C: free 140548MB req: 5MB w/uninstall 0MB
59.422: CabinetBuild complete
59.422: Num Ticks for Cabinet build : 41578
59.422: DynamicStrings section not defined or empty.
59.453: FileInUse:: Detection disabled.
60.453: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
60.797: Copied file: C:\WINDOWS\system32\spmsg.dll
63.500: PFE2: Not avoiding Per File Exceptions.
63.765: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\f2deb304b4c83d80ace7c1\update\update_SP3QFE.inf -> c:\windows\$hf_mig$\KB978601\update\update_SP3QFE.inf.
64.000: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\f2deb304b4c83d80ace7c1\spuninst.exe -> c:\windows\$hf_mig$\KB978601\spuninst.exe.
64.031: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\f2deb304b4c83d80ace7c1\spmsg.dll -> c:\windows\$hf_mig$\KB978601\spmsg.dll.
64.500: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\f2deb304b4c83d80ace7c1\update\spcustom.dll -> c:\windows\$hf_mig$\KB978601\update\spcustom.dll.
64.609: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\f2deb304b4c83d80ace7c1\update\KB978601.CAT -> c:\windows\$hf_mig$\KB978601\update\KB978601.CAT.
65.453: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\f2deb304b4c83d80ace7c1\update\update.exe -> c:\windows\$hf_mig$\KB978601\update\update.exe.
65.797: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\f2deb304b4c83d80ace7c1\update\updspapi.dll -> c:\windows\$hf_mig$\KB978601\update\updspapi.dll.
65.828: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\f2deb304b4c83d80ace7c1\update\update.ver -> c:\windows\$hf_mig$\KB978601\update\update.ver.
65.844: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\f2deb304b4c83d80ace7c1\update\updatebr.inf -> c:\windows\$hf_mig$\KB978601\update\updatebr.inf.
65.844: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\f2deb304b4c83d80ace7c1\update\eula.txt -> c:\windows\$hf_mig$\KB978601\update\eula.txt.
66.031: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\f2deb304b4c83d80ace7c1\update\branches.inf -> c:\windows\$hf_mig$\KB978601\update\branches.inf.
66.062: DoInstallation: Installing assemblies with source root path: c:\f2deb304b4c83d80ace7c1\
66.062: Num Ticks for Copying files : 6640
66.094: Num Ticks for Reg update and deleting 0 size files : 32 
66.140: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section is empty; nothing to do.
70.297: RebootNecessary = 0,WizardInput = 0 , DontReboot = 1, ForceRestart = 0
1.094: ================================================================================
1.109: 2011/03/18 12:40:17.095 (local)
1.109: c:\55493ee7dbf77b3140aea09e7b09\update\update.exe (version 6.3.13.0)
1.109: Hotfix started with following command line: 
1.125: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
2.469: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
2.469: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
2.469: DoInstallation: CleanPFR failed: 0x2 
2.469: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
2.469: SetProductTypes: InfProductBuildType=BuildType.IP
2.469: SetAltOsLoaderPath: No section uses DirId 65701; done.
2.531: DoInstallation: FetchSourceURL for c:\55493ee7dbf77b3140aea09e7b09\update\update_SP3GDR.inf failed
2.547: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
2.562: BuildCabinetManifest: update.url absent
2.562: Starting AnalyzeComponents
2.562: AnalyzePhaseZero used 0 ticks
2.562: No c:\windows\INF\updtblk.inf file.
2.562: OEM file scan used 0 ticks
2.625: AnalyzePhaseOne: used 63 ticks
2.625: AnalyzeComponents: Hotpatch analysis disabled; skipping.
2.625: AnalyzeComponents: Hotpatching is disabled.
2.625: FindFirstFile c:\windows\$hf_mig$\*.*
6.781: CreateUninstall = 0,Directory = C:\WINDOWS\$NtUninstallKB978601$ 
9.781: AnalyzeForBranching used 0 ticks.
9.781: AnalyzePhaseTwo used 0 ticks
9.781: AnalyzePhaseThree used 0 ticks
9.781: AnalyzePhaseFive used 0 ticks
9.781: AnalyzePhaseSix used 0 ticks
9.781: AnalyzeComponents used 7219 ticks
9.781: Downloading 0 files
9.781: bPatchMode = FALSE
9.781: Inventory complete: ReturnStatus=0, 7234 ticks
9.781: Num Ticks for invent : 7234
9.828: VerifyTargetFileSize: Unable to verify size as Source = NULL for file c:\windows\inf\HFX4.tmp
9.906: Copied file: c:\windows\inf\branches.inf
91.609: Allocation size of drive C: is 4096 bytes, free space = 146297958400 bytes
91.656: Drive C: free 139520MB req: 5MB w/uninstall 0MB
91.656: CabinetBuild complete
91.656: Num Ticks for Cabinet build : 81875
91.656: DynamicStrings section not defined or empty.
91.687: FileInUse:: Detection disabled.
92.687: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
103.156: System Restore Point set.
103.391: Copied file: C:\WINDOWS\system32\spmsg.dll
103.422: PFE2: Not avoiding Per File Exceptions.
104.484: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\55493ee7dbf77b3140aea09e7b09\update\update_SP3QFE.inf -> c:\windows\$hf_mig$\KB978601\update\update_SP3QFE.inf.
104.672: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\55493ee7dbf77b3140aea09e7b09\spuninst.exe -> c:\windows\$hf_mig$\KB978601\spuninst.exe.
104.719: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\55493ee7dbf77b3140aea09e7b09\spmsg.dll -> c:\windows\$hf_mig$\KB978601\spmsg.dll.
104.937: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\55493ee7dbf77b3140aea09e7b09\update\spcustom.dll -> c:\windows\$hf_mig$\KB978601\update\spcustom.dll.
105.031: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\55493ee7dbf77b3140aea09e7b09\update\KB978601.CAT -> c:\windows\$hf_mig$\KB978601\update\KB978601.CAT.
105.656: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\55493ee7dbf77b3140aea09e7b09\update\update.exe -> c:\windows\$hf_mig$\KB978601\update\update.exe.
105.750: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\55493ee7dbf77b3140aea09e7b09\update\updspapi.dll -> c:\windows\$hf_mig$\KB978601\update\updspapi.dll.
106.156: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\55493ee7dbf77b3140aea09e7b09\update\update.ver -> c:\windows\$hf_mig$\KB978601\update\update.ver.
106.281: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\55493ee7dbf77b3140aea09e7b09\update\updatebr.inf -> c:\windows\$hf_mig$\KB978601\update\updatebr.inf.
106.281: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\55493ee7dbf77b3140aea09e7b09\update\eula.txt -> c:\windows\$hf_mig$\KB978601\update\eula.txt.
106.562: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\55493ee7dbf77b3140aea09e7b09\update\branches.inf -> c:\windows\$hf_mig$\KB978601\update\branches.inf.
106.625: DoInstallation: Installing assemblies with source root path: c:\55493ee7dbf77b3140aea09e7b09\
106.625: Num Ticks for Copying files : 14969
106.625: Num Ticks for Reg update and deleting 0 size files : 0 
106.953: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section is empty; nothing to do.
127.578: RebootNecessary = 0,WizardInput = 0 , DontReboot = 1, ForceRestart = 0
1.719: ================================================================================
1.719: 2011/03/18 13:04:28.517 (local)
1.719: c:\2b6142075cb0d6e3d3306d3c\update\update.exe (version 6.3.13.0)
1.719: Hotfix started with following command line: 
1.750: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
2.672: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
2.672: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
2.672: DoInstallation: CleanPFR failed: 0x2 
2.672: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
2.672: SetProductTypes: InfProductBuildType=BuildType.IP
2.672: SetAltOsLoaderPath: No section uses DirId 65701; done.
2.750: DoInstallation: FetchSourceURL for c:\2b6142075cb0d6e3d3306d3c\update\update_SP3GDR.inf failed
2.750: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
2.766: BuildCabinetManifest: update.url absent
2.766: Starting AnalyzeComponents
2.766: AnalyzePhaseZero used 0 ticks
2.766: No c:\windows\INF\updtblk.inf file.
2.766: OEM file scan used 0 ticks
2.875: AnalyzePhaseOne: used 109 ticks
2.875: AnalyzeComponents: Hotpatch analysis disabled; skipping.
2.875: AnalyzeComponents: Hotpatching is disabled.
2.875: FindFirstFile c:\windows\$hf_mig$\*.*
3.719: AnalyzeForBranching used 0 ticks.
3.719: AnalyzePhaseTwo used 0 ticks
3.719: AnalyzePhaseThree used 0 ticks
3.719: AnalyzePhaseFive used 0 ticks
3.719: AnalyzePhaseSix used 0 ticks
37.125: Message displayed to the user: Are you sure you want to cancel?
37.125: User Input: YES
39.719: AnalyzeComponents: Cancelled
39.719: Inventory complete: ReturnStatus=1223, 36969 ticks
40.000: KB978601 Setup canceled.
42.797: Message displayed to the user: KB978601 Setup canceled.
42.797: User Input: OK
42.797: Update.exe extended error code = 0xf00d
42.797: Update.exe return code was masked to 0x643 for MSI custom action compliance.
1.375: ================================================================================
1.375: 2011/03/20 15:21:07.312 (local)
1.375: c:\8122d8e37e73d269c01b\update\update.exe (version 6.3.13.0)
1.391: Hotfix started with following command line: 
1.407: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
2.235: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
2.235: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
2.235: DoInstallation: CleanPFR failed: 0x2 
2.235: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
2.235: SetProductTypes: InfProductBuildType=BuildType.IP
2.250: SetAltOsLoaderPath: No section uses DirId 65701; done.
2.297: DoInstallation: FetchSourceURL for c:\8122d8e37e73d269c01b\update\update_SP3GDR.inf failed
2.297: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
2.313: BuildCabinetManifest: update.url absent
2.329: Starting AnalyzeComponents
2.329: AnalyzePhaseZero used 0 ticks
2.329: No c:\windows\INF\updtblk.inf file.
2.329: OEM file scan used 0 ticks
2.375: AnalyzePhaseOne: used 46 ticks
2.375: AnalyzeComponents: Hotpatch analysis disabled; skipping.
2.375: AnalyzeComponents: Hotpatching is disabled.
2.375: FindFirstFile c:\windows\$hf_mig$\*.*
4.329: AnalyzeForBranching used 0 ticks.
4.329: AnalyzePhaseTwo used 0 ticks
4.329: AnalyzePhaseThree used 0 ticks
4.329: AnalyzePhaseFive used 0 ticks
4.329: AnalyzePhaseSix used 0 ticks
43.641: AnalyzeComponents used 41312 ticks
43.641: Downloading 0 files
43.641: bPatchMode = FALSE
43.641: Inventory complete: ReturnStatus=0, 41344 ticks
44.735: CreateUninstall = 0,Directory = C:\WINDOWS\$NtUninstallKB978601$ 
44.735: Num Ticks for invent : 42438
44.735: VerifyTargetFileSize: Unable to verify size as Source = NULL for file c:\windows\inf\HFX8F.tmp
44.766: Copied file: c:\windows\inf\branches.inf
55.875: Allocation size of drive C: is 4096 bytes, free space = 146306711552 bytes
55.891: Drive C: free 139528MB req: 5MB w/uninstall 0MB
55.891: CabinetBuild complete
55.891: Num Ticks for Cabinet build : 11156
55.891: DynamicStrings section not defined or empty.
55.907: FileInUse:: Detection disabled.
56.907: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
61.110: System Restore Point set.
61.188: Copied file: C:\WINDOWS\system32\spmsg.dll
61.219: PFE2: Not avoiding Per File Exceptions.
61.547: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\8122d8e37e73d269c01b\update\update_SP3QFE.inf -> c:\windows\$hf_mig$\KB978601\update\update_SP3QFE.inf.
61.766: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\8122d8e37e73d269c01b\spuninst.exe -> c:\windows\$hf_mig$\KB978601\spuninst.exe.
61.813: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\8122d8e37e73d269c01b\spmsg.dll -> c:\windows\$hf_mig$\KB978601\spmsg.dll.
62.047: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\8122d8e37e73d269c01b\update\spcustom.dll -> c:\windows\$hf_mig$\KB978601\update\spcustom.dll.
62.188: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\8122d8e37e73d269c01b\update\KB978601.CAT -> c:\windows\$hf_mig$\KB978601\update\KB978601.CAT.
62.610: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\8122d8e37e73d269c01b\update\update.exe -> c:\windows\$hf_mig$\KB978601\update\update.exe.
62.844: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\8122d8e37e73d269c01b\update\updspapi.dll -> c:\windows\$hf_mig$\KB978601\update\updspapi.dll.
62.844: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\8122d8e37e73d269c01b\update\update.ver -> c:\windows\$hf_mig$\KB978601\update\update.ver.
62.860: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\8122d8e37e73d269c01b\update\updatebr.inf -> c:\windows\$hf_mig$\KB978601\update\updatebr.inf.
62.860: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\8122d8e37e73d269c01b\update\eula.txt -> c:\windows\$hf_mig$\KB978601\update\eula.txt.
62.985: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\8122d8e37e73d269c01b\update\branches.inf -> c:\windows\$hf_mig$\KB978601\update\branches.inf.
63.000: DoInstallation: Installing assemblies with source root path: c:\8122d8e37e73d269c01b\
63.000: Num Ticks for Copying files : 7109
63.000: Num Ticks for Reg update and deleting 0 size files : 0 
63.016: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section is empty; nothing to do.
115.719: RebootNecessary = 0,WizardInput = 0 , DontReboot = 1, ForceRestart = 0


----------



## sfrisch8 (Feb 6, 2011)

I know this isn't what you're looking for, but there were 3 security updates for IE8 that were installed today. There was the yellow notification symbol on the bottom task bar, as usual. I clicked to install, rebooted & that was it.


----------



## Cookiegal (Aug 27, 2003)

OK, thanks.

Go to *Start *- *Run *and type the following and then click OK.

*services.msc *

Double-click on the *Automatic Updates* service and then click the *Stop *button to stop the service. Minimize the Services window.

Now, navigate to the following folder:

C:\Windows\*SoftwareDistribution*

Open the SoftwareDistribution folder then open the *Download* folder. Select all of the contents of the Download folder and delete them (but don't delete the Download folder itself, just its contents).

Maximize the Services window again and double-click on the *Automatic Updates* service and then click on the *Start *button to restart the service.

Now restart the computer.

Then visit Windows Updates again and let me know if any critical updates are detected (if they are then allow them to install).


----------



## sfrisch8 (Feb 6, 2011)

There were no critical updates.


----------



## Cookiegal (Aug 27, 2003)

Have you run any registry cleaners or optimizers before seeking help here? If so, that might have messed up something. We don't advise using them.

I've conferred with a colleague and the only thing we can suggest at this point is to reinstall Service Pack 3 to see if that triggers the updates to be installed. Otherwise, you'd be better off doing a reformat as these updates are important for plugging vulnerabilties that will leave you open for infection.

Of course, you should always back up everything that you wouldn't want to lose, such as documents, photos, music, etc. even before reinstalling SP3 in case something goes wrong.


----------



## sfrisch8 (Feb 6, 2011)

I've used registry cleaners in the past, but I can't remember exactly when. I can't believe this, but yesterday I ran the "Windows Live OneCare Safety Scanner". I can't remember exactly how many registry errors it came up with, but I think it was around 200. I did let it clean them out.

I did this because I was concerned about how many errors it showed when we ran the event viewer.

Should I be concerned about those?

I remember that Service pack 3 was installed automatically. I didn't even realize I had it until I was looking in my add/remove programs list.

Can you tell me how to uninstall & re-install it?

Should I be concerned about not being able to install that particular update? How many do you think I could have missed?

I really don't want to do a re-format because in the past it's really messed up my financial files with Quicken & my bank.

I hate asking more from you after everything you've done for me. I still cannot believe the amount of time that you dedicated to this. Seriously, I almost feel sad. I can never thank you enough.


----------



## Cookiegal (Aug 27, 2003)

Can you post the latest errors from the Event Viewer? Some may have been fixed.


----------



## sfrisch8 (Feb 6, 2011)

On the 2 dates that I copied application errors I only did a few. All of them were errors and there were very many - 62 for just one day. There were only 3 system errors, but I don't remember how many we had previously.

Application Errors
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/21/2011
Time: 6:32:12 PM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1056) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/21/2011
Time: 6:32:10 PM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1056) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/21/2011
Time: 5:56:40 PM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1056) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/21/2011
Time: 5:16:12 PM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1056) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/21/2011
Time: 5:16:09 PM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1056) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/21/2011
Time: 2:49:10 PM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1056) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/21/2011
Time: 2:13:42 PM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1056) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/21/2011
Time: 12:45:53 PM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1052) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/21/2011
Time: 12:11:02 PM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1052) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/21/2011
Time: 11:46:59 AM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1052) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/21/2011
Time: 10:29:18 AM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1052) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/21/2011
Time: 6:55:58 AM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1052) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/21/2011
Time: 4:59:26 AM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1052) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/21/2011
Time: 3:29:29 AM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1052) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/21/2011
Time: 2:13:29 AM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1052) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/21/2011
Time: 12:46:49 AM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1052) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/20/2011
Time: 11:54:07 PM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1064) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/20/2011
Time: 10:53:06 PM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1064) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/20/2011
Time: 9:01:33 PM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1064) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/20/2011
Time: 8:05:36 PM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1064) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/20/2011
Time: 7:09:34 PM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1064) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/20/2011
Time: 6:03:34 PM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1064) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/20/2011
Time: 3:51:19 PM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1064) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/20/2011
Time: 2:44:24 PM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1056) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/20/2011
Time: 2:03:22 PM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1056) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/20/2011
Time: 1:02:22 PM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1056) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/20/2011
Time: 10:45:22 AM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1056) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/20/2011
Time: 8:38:22 AM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1056) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/20/2011
Time: 3:22:52 AM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1056) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/20/2011
Time: 1:36:24 AM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1056) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ESENT
Event Category: General 
Event ID: 490
Date: 3/20/2011
Time: 12:35:23 AM
User: N/A
Computer: DELL-OWNER
Description:
svchost (1056) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Here is a warning:
Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1524
Date: 3/20/2011
Time: 3:39:34 PM
User: DELL-OWNER\Owner
Computer: DELL-OWNER
Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
System errors - ONLY 3
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 3/21/2011
Time: 4:20:35 PM
User: DELL-OWNER\Owner
Computer: DELL-OWNER
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service gusvc with arguments "" in order to run the server:
{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 3/20/2011
Time: 3:54:04 PM
User: DELL-OWNER\Owner
Computer: DELL-OWNER
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service gusvc with arguments "" in order to run the server:
{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 3/19/2011
Time: 3:53:06 PM
User: DELL-OWNER\Owner
Computer: DELL-OWNER
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service gusvc with arguments "" in order to run the server:
{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

Are you using the Google Toolbar?

What version of Trend Micro are you running and how long have you had it installed?


----------



## sfrisch8 (Feb 6, 2011)

When I upgraded (2 days ago) to IE8, it installed the Google toolbar and offered all of these Google options that I didn't have before. I clicked on "view" in IE and it listed the Google toolbar as an option, but I don't use it. I ran a search and the google toolbar is listed in my program files and a lot of components, installers, notifier, etc. I've always used Google as my search engine - but I don't think that's the toolbar is it?

I installed "Trend Micro Titanium Maximum Security 2011" on 2/9/11. This was after I uninstalled AVG, because of the original rootkit issue.


----------



## Cookiegal (Aug 27, 2003)

No, the Google Toolbar has nothing to do with using Google as your home page or search engine.

Uninstall these via Add or Remove Programs in the Control Panel:

*Google Toolbar for Internet Explorer
Google Update Helper*

Do you have the media the uninstall and reinstall Trend Micro Titanium? I assume you purchased it and it's not the 30-day trial?


----------



## sfrisch8 (Feb 6, 2011)

I uninstalled Google Toolbar for IE, but the Google Update Helper was not listed.
I restarted, just in case. Then I ran a search and the Google Toolbar Notifier & subfolders were still listed in program files.

Yes, I purchased Trend.


----------



## sfrisch8 (Feb 6, 2011)

I forgot to mention that sometime today a security update for Windows XP KB2524375 was installed - I guess via auto-update.


----------



## Cookiegal (Aug 27, 2003)

I believe that Trend Micro Titanium is responsible for those errors in the Event Viewer. There is supposed to be a hotfix for it but I can't seem to find it. I see someone else has asked about it today and I'm watching that post for a reply which I will post back here.

Once that problem is fixed, it may release the missing updates.


----------



## sfrisch8 (Feb 6, 2011)

Thanks for checking into it. 

Sorry, to have to ask you about another issue, but my computer screen went totally black on me this morning, for just a few seconds. 

The computer was running real slow - I probably had too many internet sites open. I wanted to check them out first, before I shut them down. This is when the screen went black. I tried to close out the open int sites, and it wouldn't let me on a couple. I opened task manager & it wouldn't let me close them out either. I checked the processes and iexplore.exe was at 501584K. This alarmed me, but I didn't mess with it. There were also several iexplore.exe's running. At that point I cleaned my browsing history and it got stuck on cleaning my temporary int files and it wouldn't let me stop it. 

Then I rebooted and everything seems fine now. There are still several iexplore.exe's running, but the largest one was back down to 45,492K and the other was at 79,896K.

I leave my computer on all the time and had left all those web sites open overnight. I realize now that I shouldn't have. 

Do you think this has anything to do with the installation IE8, or could it be a windows related problem? 

I searched Google on what iexplore.exe was. Many of the responses said it contained a virus. But, Trend showed no issues on the scan from last night.

Also, in my browsing, somewhere it said that the security updates could also have viruses. Is all that stuff a bunch of garbage?

What could the black screen mean?


----------



## Cookiegal (Aug 27, 2003)

iexplore.exe is your browser (Internet Explorer) so if you had many windows open then it's normal to have many instances of it running.

How much RAM does your computer have?

Please run this TSG Sysinfo Utility and post the log it produces.

http://static.techguy.org/download/SysInfo.exe


----------



## sfrisch8 (Feb 6, 2011)

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz, x86 Family 15 Model 4 Stepping 3
Processor Count: 1
RAM: 1022 Mb
Graphics Card: NVIDIA GeForce2 MX/MX 400 (Microsoft Corporation), 32 Mb
Hard Drives: C: Total - 152617 MB, Free - 138357 MB; 
Motherboard: Dell Inc. , 0U7077, , ..CN4811154501DF.
Antivirus: Trend Micro Titanium Maximum Security, Updated: Yes, On-Demand Scanner: Enabled


----------



## Cookiegal (Aug 27, 2003)

What is the size of the paging file? To find that information, do this:

Go to the Control Panel.

If yu're in Category view, click on Click Performance and Maintenance and then click System (if you're in Classic view just click System). 

On the Advanced tab, under Performance, click Settings.

On the Advanced tab, under Virtual memory, click Change. 

Don't change anything but let me know what it says the size of the initial file is please.


----------



## Cookiegal (Aug 27, 2003)

Also, would you check the Event Viewer and see if any errors were generated under Application and System around the time of the black screen please.


----------



## sfrisch8 (Feb 6, 2011)

The initial file size is 2046MB - 4092MB (maxium size) - these were custom settings.

Event viewer Application - nothing but ESENT errors, all days
System - NO ERRORS, since 3/24/11


----------



## sfrisch8 (Feb 6, 2011)

Something interesting happened. I was trying to download my transactions from my bank into Quicken. I tried a couple of times with no luck. I know this isn't safe at all, but this time when I tried, I turned off my Trend Anti-virus. It worked! Then I tried again w/Trend back on and it worked - so maybe Trend wasn't the culprit. I have never had this issue with Trend before, but I thought I would mention it.


----------



## Cookiegal (Aug 27, 2003)

I think you're going to have to contact Trend's support to obtain the hotfix. There has been no reply to the thread I've been watching in their forums.

http://community.trendmicro.com/t5/...fter-installed-Trend-Micro-Titanium/m-p/32302

Let me know once you hear back from them and we will pursue the updates problem. Hopefully the hotfix may fix that too.


----------



## sfrisch8 (Feb 6, 2011)

Thanks, I might even call them too.


----------



## sfrisch8 (Feb 6, 2011)

Hi again, they just provided the Hotfix.


----------



## Cookiegal (Aug 27, 2003)

Have you applied it and rebooted the machine?


----------



## sfrisch8 (Feb 6, 2011)

Yes, I just now rebooted. It said it installed successfully. Do you want me to run the event viewer?


----------



## Cookiegal (Aug 27, 2003)

First, I'd like you to visit Windows Updates and see if any are detected.

If not, please try installing that update we tried before again and see if it will install.

Then, if it doesn't install, attach a new WindowsUpdate log.

Then check the Event Viewer and post any new errors since you installed the Hotfix please.


----------



## sfrisch8 (Feb 6, 2011)

Nothing in windows updates. The update didn't install.

Only one error since the hotfix:

Event Type: Error
Event Source: crypt32
Event Category: None
Event ID: 8
Date: 3/29/2011
Time: 3:52:22 PM
User: N/A
Computer: DELL-OWNER
Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

Sorry, please post the KB log from the update you tried to install.


----------



## sfrisch8 (Feb 6, 2011)

I am so sorry - I must be crazy, but I can't remember what a KB log is, or where to find it.


----------



## Cookiegal (Aug 27, 2003)

In C:\Windows there should be a log file for the update called KB followed by the number of the update). You should be able to copy and paste it rather than attaching it.


----------



## sfrisch8 (Feb 6, 2011)

[KB978601.log]
2.016: ================================================================================
2.016: 2011/03/14 17:42:42.619 (local)
2.016: c:\24f44d33983e4dc623477dabf2\update\update.exe (version 6.3.13.0)
2.032: Hotfix started with following command line: 
2.032: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
3.141: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
3.141: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
3.141: ---- Old Information In The Registry ------
3.141: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.cfg.1299576009.tmp 
3.141: Destination: 
3.141: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.1299576009.tmp 
3.141: Destination: 
3.141: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.cfg.1299576009.tmp 
3.141: Destination: 
3.141: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.1299576009.tmp 
3.141: Destination: 
3.141: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\tmwhite.637.1299576009.tmp 
3.141: Destination: 
3.141: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00635.001.1299576009.tmp 
3.141: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.cfg.1299597612.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.1299597612.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.885.1299597612.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.cfg.1299662413.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.1299662413.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00636.001.1299662413.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.cfg.1299684015.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.1299684015.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.887.1299684015.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.cfg.1299738014.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.1299738014.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.cfg.1299738014.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.1299738014.tmp 
3.157: Destination: 
3.157: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.889.1299738014.tmp 
3.157: Destination: 
3.172: Source:C:\Program Files\Trend Micro\AMSP\Module\10001\1.5.1381\6.2.1028\ssapiptn.da6.1299738014.tmp 
3.172: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.cfg.1299748811.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.1299748811.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00637.001.1299748811.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.cfg.1299846014.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.1299846014.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00638.001.1299846014.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.cfg.1299856818.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.1299856818.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.891.1299856818.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.cfg.1299943219.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.1299943219.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.893.1299943219.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.cfg.1299964822.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.1299964822.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.895.1299964822.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.cfg.1300029621.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.1300029621.tmp 
3.188: Destination: 
3.188: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.897.1300029621.tmp 
3.188: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.cfg.1300083628.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.cfg.1300083628.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.1300083628.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.1300083628.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\127300.txt.1300083628.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\tmtd.ptn.1300083628.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.cfg.1300094428.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.1300094428.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00639.001.1300094428.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.cfg.1300116035.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.1300116035.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.899.1300116035.tmp 
3.203: Destination: 
3.203: ---- New Information In The Registry ------
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.cfg.1299576009.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.1299576009.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.cfg.1299576009.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.1299576009.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\tmwhite.637.1299576009.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00635.001.1299576009.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.cfg.1299597612.tmp 
3.203: Destination: 
3.203: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.1299597612.tmp 
3.203: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.885.1299597612.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.cfg.1299662413.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.1299662413.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00636.001.1299662413.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.cfg.1299684015.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.1299684015.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.887.1299684015.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.cfg.1299738014.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.1299738014.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.cfg.1299738014.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.1299738014.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.889.1299738014.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Module\10001\1.5.1381\6.2.1028\ssapiptn.da6.1299738014.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.cfg.1299748811.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.1299748811.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00637.001.1299748811.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.cfg.1299846014.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.1299846014.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00638.001.1299846014.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.cfg.1299856818.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.1299856818.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.891.1299856818.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.cfg.1299943219.tmp 
3.219: Destination: 
3.219: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.1299943219.tmp 
3.219: Destination: 
3.235: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.893.1299943219.tmp 
3.235: Destination: 
3.235: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.cfg.1299964822.tmp 
3.235: Destination: 
3.235: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.1299964822.tmp 
3.235: Destination: 
3.235: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.895.1299964822.tmp 
3.235: Destination: 
3.235: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.cfg.1300029621.tmp 
3.235: Destination: 
3.235: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.1300029621.tmp 
3.235: Destination: 
3.235: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.897.1300029621.tmp 
3.235: Destination: 
3.235: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.cfg.1300083628.tmp 
3.235: Destination: 
3.250: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.cfg.1300083628.tmp 
3.250: Destination: 
3.250: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.1300083628.tmp 
3.250: Destination: 
3.250: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.1300083628.tmp 
3.250: Destination: 
3.250: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\127300.txt.1300083628.tmp 
3.250: Destination: 
3.250: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\tmtd.ptn.1300083628.tmp 
3.250: Destination: 
3.250: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.cfg.1300094428.tmp 
3.250: Destination: 
3.250: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.1300094428.tmp 
3.250: Destination: 
3.250: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00639.001.1300094428.tmp 
3.250: Destination: 
3.250: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.cfg.1300116035.tmp 
3.250: Destination: 
3.250: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.1300116035.tmp 
3.250: Destination: 
3.250: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.899.1300116035.tmp 
3.250: Destination: 
3.250: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
3.250: SetProductTypes: InfProductBuildType=BuildType.IP
3.250: SetAltOsLoaderPath: No section uses DirId 65701; done.
3.313: DoInstallation: FetchSourceURL for c:\24f44d33983e4dc623477dabf2\update\update_SP3GDR.inf failed
3.313: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
3.344: BuildCabinetManifest: update.url absent
3.344: Starting AnalyzeComponents
3.344: AnalyzePhaseZero used 0 ticks
3.344: No c:\windows\INF\updtblk.inf file.
3.344: OEM file scan used 0 ticks
3.438: AnalyzePhaseOne: used 94 ticks
3.438: AnalyzeComponents: Hotpatch analysis disabled; skipping.
3.438: AnalyzeComponents: Hotpatching is disabled.
3.438: FindFirstFile c:\windows\$hf_mig$\*.*
6.407: AnalyzeForBranching used 0 ticks.
6.407: AnalyzePhaseTwo used 0 ticks
6.407: AnalyzePhaseThree used 0 ticks
6.407: AnalyzePhaseFive used 0 ticks
6.407: AnalyzePhaseSix used 0 ticks
11.953: AnalyzeComponents used 8609 ticks
11.953: Downloading 0 files
11.953: bPatchMode = FALSE
11.953: Inventory complete: ReturnStatus=0, 8640 ticks
13.438: CreateUninstall = 0,Directory = C:\WINDOWS\$NtUninstallKB978601$ 
13.438: Num Ticks for invent : 10125
13.469: VerifyTargetFileSize: Unable to verify size as Source = NULL for file c:\windows\inf\HFXF97.tmp
13.828: Copied file: c:\windows\inf\branches.inf
53.250: Allocation size of drive C: is 4096 bytes, free space = 146696077312 bytes
53.266: Drive C: free 139900MB req: 5MB w/uninstall 0MB
53.266: CabinetBuild complete
53.266: Num Ticks for Cabinet build : 39828
53.266: DynamicStrings section not defined or empty.
53.282: FileInUse:: Detection disabled.
54.282: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
57.719: System Restore Point set.
57.813: Copied file: C:\WINDOWS\system32\spmsg.dll
58.063: PFE2: Not avoiding Per File Exceptions.
58.360: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\24f44d33983e4dc623477dabf2\update\update_SP3QFE.inf -> c:\windows\$hf_mig$\KB978601\update\update_SP3QFE.inf.
58.438: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\24f44d33983e4dc623477dabf2\spuninst.exe -> c:\windows\$hf_mig$\KB978601\spuninst.exe.
58.563: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\24f44d33983e4dc623477dabf2\spmsg.dll -> c:\windows\$hf_mig$\KB978601\spmsg.dll.
58.610: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\24f44d33983e4dc623477dabf2\update\spcustom.dll -> c:\windows\$hf_mig$\KB978601\update\spcustom.dll.
58.703: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\24f44d33983e4dc623477dabf2\update\KB978601.CAT -> c:\windows\$hf_mig$\KB978601\update\KB978601.CAT.
58.907: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\24f44d33983e4dc623477dabf2\update\update.exe -> c:\windows\$hf_mig$\KB978601\update\update.exe.
59.016: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\24f44d33983e4dc623477dabf2\update\updspapi.dll -> c:\windows\$hf_mig$\KB978601\update\updspapi.dll.
59.063: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\24f44d33983e4dc623477dabf2\update\update.ver -> c:\windows\$hf_mig$\KB978601\update\update.ver.
59.078: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\24f44d33983e4dc623477dabf2\update\updatebr.inf -> c:\windows\$hf_mig$\KB978601\update\updatebr.inf.
59.094: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\24f44d33983e4dc623477dabf2\update\eula.txt -> c:\windows\$hf_mig$\KB978601\update\eula.txt.
59.172: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\24f44d33983e4dc623477dabf2\update\branches.inf -> c:\windows\$hf_mig$\KB978601\update\branches.inf.
59.203: DoInstallation: Installing assemblies with source root path: c:\24f44d33983e4dc623477dabf2\
59.203: Num Ticks for Copying files : 5937
59.219: Num Ticks for Reg update and deleting 0 size files : 16 
59.266: ---- Old Information In The Registry ------
59.266: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.cfg.1299576009.tmp 
59.266: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.1299576009.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.cfg.1299576009.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.1299576009.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\tmwhite.637.1299576009.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00635.001.1299576009.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.cfg.1299597612.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.1299597612.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.885.1299597612.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.cfg.1299662413.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.1299662413.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00636.001.1299662413.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.cfg.1299684015.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.1299684015.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.887.1299684015.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.cfg.1299738014.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.1299738014.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.cfg.1299738014.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.1299738014.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.889.1299738014.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Module\10001\1.5.1381\6.2.1028\ssapiptn.da6.1299738014.tmp 
59.282: Destination: 
59.282: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.cfg.1299748811.tmp 
59.282: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.1299748811.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00637.001.1299748811.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.cfg.1299846014.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.1299846014.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00638.001.1299846014.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.cfg.1299856818.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.1299856818.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.891.1299856818.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.cfg.1299943219.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.1299943219.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.893.1299943219.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.cfg.1299964822.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.1299964822.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.895.1299964822.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.cfg.1300029621.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.1300029621.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.897.1300029621.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.cfg.1300083628.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.cfg.1300083628.tmp 
59.297: Destination: 
59.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.1300083628.tmp 
59.297: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.1300083628.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\127300.txt.1300083628.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\tmtd.ptn.1300083628.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.cfg.1300094428.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.1300094428.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00639.001.1300094428.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.cfg.1300116035.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.1300116035.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.899.1300116035.tmp 
59.313: Destination: 
59.313: ---- New Information In The Registry ------
59.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.cfg.1299576009.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.1299576009.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.cfg.1299576009.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.1299576009.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\tmwhite.637.1299576009.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00635.001.1299576009.tmp 
59.313: Destination: 
59.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.cfg.1299597612.tmp 
59.313: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.1299597612.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.885.1299597612.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.cfg.1299662413.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.1299662413.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00636.001.1299662413.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.cfg.1299684015.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.1299684015.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.887.1299684015.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.cfg.1299738014.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.1299738014.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.cfg.1299738014.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.1299738014.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.889.1299738014.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Module\10001\1.5.1381\6.2.1028\ssapiptn.da6.1299738014.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.cfg.1299748811.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.1299748811.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00637.001.1299748811.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.cfg.1299846014.tmp 
59.328: Destination: 
59.328: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.1299846014.tmp 
59.328: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00638.001.1299846014.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.cfg.1299856818.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.1299856818.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.891.1299856818.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.cfg.1299943219.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.1299943219.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.893.1299943219.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.cfg.1299964822.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.1299964822.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.895.1299964822.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.cfg.1300029621.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.1300029621.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.897.1300029621.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.cfg.1300083628.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.cfg.1300083628.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.1300083628.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.1300083628.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\127300.txt.1300083628.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\tmtd.ptn.1300083628.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.cfg.1300094428.tmp 
59.344: Destination: 
59.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.1300094428.tmp 
59.344: Destination: 
59.360: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00639.001.1300094428.tmp 
59.360: Destination: 
59.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.cfg.1300116035.tmp 
59.360: Destination: 
59.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.1300116035.tmp 
59.360: Destination: 
59.360: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.899.1300116035.tmp 
59.360: Destination: 
59.360: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section is empty; nothing to do.
228.485: RebootNecessary = 0,WizardInput = 0 , DontReboot = 1, ForceRestart = 0
1.313: ================================================================================
1.313: 2011/03/14 17:58:28.713 (local)
1.313: c:\136a15b86cded1cff38164d3\update\update.exe (version 6.3.13.0)
1.329: Hotfix started with following command line: 
1.329: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
2.297: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
2.297: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
2.297: ---- Old Information In The Registry ------
2.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.cfg.1299576009.tmp 
2.297: Destination: 
2.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.1299576009.tmp 
2.297: Destination: 
2.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.cfg.1299576009.tmp 
2.297: Destination: 
2.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.1299576009.tmp 
2.297: Destination: 
2.297: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\tmwhite.637.1299576009.tmp 
2.297: Destination: 
2.297: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00635.001.1299576009.tmp 
2.297: Destination: 
2.297: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.cfg.1299597612.tmp 
2.297: Destination: 
2.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.1299597612.tmp 
2.313: Destination: 
2.313: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.885.1299597612.tmp 
2.313: Destination: 
2.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.cfg.1299662413.tmp 
2.313: Destination: 
2.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.1299662413.tmp 
2.313: Destination: 
2.313: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00636.001.1299662413.tmp 
2.313: Destination: 
2.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.cfg.1299684015.tmp 
2.313: Destination: 
2.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.1299684015.tmp 
2.313: Destination: 
2.313: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.887.1299684015.tmp 
2.313: Destination: 
2.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.cfg.1299738014.tmp 
2.313: Destination: 
2.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.1299738014.tmp 
2.313: Destination: 
2.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.cfg.1299738014.tmp 
2.313: Destination: 
2.313: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.1299738014.tmp 
2.313: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.889.1299738014.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Module\10001\1.5.1381\6.2.1028\ssapiptn.da6.1299738014.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.cfg.1299748811.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.1299748811.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00637.001.1299748811.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.cfg.1299846014.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.1299846014.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00638.001.1299846014.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.cfg.1299856818.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.1299856818.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.891.1299856818.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.cfg.1299943219.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.1299943219.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.893.1299943219.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.cfg.1299964822.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.1299964822.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.895.1299964822.tmp 
2.329: Destination: 
2.329: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.cfg.1300029621.tmp 
2.329: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.1300029621.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.897.1300029621.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.cfg.1300083628.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.cfg.1300083628.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.1300083628.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.1300083628.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\127300.txt.1300083628.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\tmtd.ptn.1300083628.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.cfg.1300094428.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.1300094428.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00639.001.1300094428.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.cfg.1300116035.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.1300116035.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.899.1300116035.tmp 
2.344: Destination: 
2.344: ---- New Information In The Registry ------
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.cfg.1299576009.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.1299576009.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.cfg.1299576009.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.1299576009.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\tmwhite.637.1299576009.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00635.001.1299576009.tmp 
2.344: Destination: 
2.344: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.cfg.1299597612.tmp 
2.344: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.1299597612.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.885.1299597612.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.cfg.1299662413.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.1299662413.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00636.001.1299662413.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.cfg.1299684015.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.1299684015.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.887.1299684015.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.cfg.1299738014.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.1299738014.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.cfg.1299738014.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.1299738014.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.889.1299738014.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Module\10001\1.5.1381\6.2.1028\ssapiptn.da6.1299738014.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.cfg.1299748811.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.1299748811.tmp 
2.360: Destination: 
2.360: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00637.001.1299748811.tmp 
2.360: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.cfg.1299846014.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.1299846014.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00638.001.1299846014.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.cfg.1299856818.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.1299856818.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.891.1299856818.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.cfg.1299943219.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.1299943219.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.893.1299943219.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.cfg.1299964822.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.1299964822.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.895.1299964822.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.cfg.1300029621.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.1300029621.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.897.1300029621.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.cfg.1300083628.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.cfg.1300083628.tmp 
2.375: Destination: 
2.375: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.1300083628.tmp 
2.375: Destination: 
2.391: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.1300083628.tmp 
2.391: Destination: 
2.391: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\127300.txt.1300083628.tmp 
2.391: Destination: 
2.391: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\tmtd.ptn.1300083628.tmp 
2.391: Destination: 
2.391: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.cfg.1300094428.tmp 
2.391: Destination: 
2.391: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.1300094428.tmp 
2.391: Destination: 
2.391: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00639.001.1300094428.tmp 
2.391: Destination: 
2.391: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.cfg.1300116035.tmp 
2.391: Destination: 
2.391: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.1300116035.tmp 
2.391: Destination: 
2.391: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.899.1300116035.tmp 
2.391: Destination: 
2.391: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
2.391: SetProductTypes: InfProductBuildType=BuildType.IP
2.391: SetAltOsLoaderPath: No section uses DirId 65701; done.
2.422: DoInstallation: FetchSourceURL for c:\136a15b86cded1cff38164d3\update\update_SP3GDR.inf failed
2.438: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
2.454: BuildCabinetManifest: update.url absent
2.454: Starting AnalyzeComponents
2.454: AnalyzePhaseZero used 0 ticks
2.454: No c:\windows\INF\updtblk.inf file.
2.454: OEM file scan used 0 ticks
2.454: AnalyzePhaseOne: used 0 ticks
2.454: AnalyzeComponents: Hotpatch analysis disabled; skipping.
2.454: AnalyzeComponents: Hotpatching is disabled.
2.454: FindFirstFile c:\windows\$hf_mig$\*.*
3.047: AnalyzeForBranching used 0 ticks.
3.047: AnalyzePhaseTwo used 0 ticks
3.047: AnalyzePhaseThree used 0 ticks
3.047: AnalyzePhaseFive used 0 ticks
3.063: AnalyzePhaseSix used 16 ticks
17.407: Message displayed to the user: Are you sure you want to cancel?
17.407: User Input: YES
18.063: AnalyzeComponents: Cancelled
18.063: Inventory complete: ReturnStatus=1223, 15641 ticks
18.094: KB978601 Setup canceled.
22.000: Message displayed to the user: KB978601 Setup canceled.
22.000: User Input: OK
22.000: Update.exe extended error code = 0xf00d
22.000: Update.exe return code was masked to 0x643 for MSI custom action compliance.
1.344: ================================================================================
1.344: 2011/03/14 17:59:51.867 (local)
1.344: c:\cb73b6e207efd0c373e201d4\update\update.exe (version 6.3.13.0)
1.360: Hotfix started with following command line: 
1.360: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.657: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
1.657: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
1.657: ---- Old Information In The Registry ------
1.657: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.cfg.1299576009.tmp 
1.657: Destination: 
1.657: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.1299576009.tmp 
1.657: Destination: 
1.657: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.cfg.1299576009.tmp 
1.657: Destination: 
1.657: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.1299576009.tmp 
1.657: Destination: 
1.657: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\tmwhite.637.1299576009.tmp 
1.657: Destination: 
1.657: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00635.001.1299576009.tmp 
1.657: Destination: 
1.657: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.cfg.1299597612.tmp 
1.657: Destination: 
1.657: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.1299597612.tmp 
1.657: Destination: 
1.657: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.885.1299597612.tmp 
1.657: Destination: 
1.657: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.cfg.1299662413.tmp 
1.657: Destination: 
1.657: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.1299662413.tmp 
1.657: Destination: 
1.657: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00636.001.1299662413.tmp 
1.657: Destination: 
1.657: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.cfg.1299684015.tmp 
1.657: Destination: 
1.672: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.1299684015.tmp 
1.672: Destination: 
1.672: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.887.1299684015.tmp 
1.672: Destination: 
1.672: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.cfg.1299738014.tmp 
1.672: Destination: 
1.672: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.1299738014.tmp 
1.672: Destination: 
1.672: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.cfg.1299738014.tmp 
1.672: Destination: 
1.672: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.1299738014.tmp 
1.672: Destination: 
1.672: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.889.1299738014.tmp 
1.672: Destination: 
1.672: Source:C:\Program Files\Trend Micro\AMSP\Module\10001\1.5.1381\6.2.1028\ssapiptn.da6.1299738014.tmp 
1.672: Destination: 
1.672: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.cfg.1299748811.tmp 
1.672: Destination: 
1.672: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.1299748811.tmp 
1.672: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00637.001.1299748811.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.cfg.1299846014.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.1299846014.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00638.001.1299846014.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.cfg.1299856818.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.1299856818.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.891.1299856818.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.cfg.1299943219.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.1299943219.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.893.1299943219.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.cfg.1299964822.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.1299964822.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.895.1299964822.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.cfg.1300029621.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.1300029621.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.897.1300029621.tmp 
1.688: Destination: 
1.688: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.cfg.1300083628.tmp 
1.688: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.cfg.1300083628.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.1300083628.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.1300083628.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\127300.txt.1300083628.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\tmtd.ptn.1300083628.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.cfg.1300094428.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.1300094428.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00639.001.1300094428.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.cfg.1300116035.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.1300116035.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.899.1300116035.tmp 
1.704: Destination: 
1.704: ---- New Information In The Registry ------
1.704: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.cfg.1299576009.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100635\Ctx00635.001.1299576009.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.cfg.1299576009.tmp 
1.704: Destination: 
1.704: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t536870944l-1p-1r-1o-1\63700\tmwhite.637.1299576009.tmp 
1.704: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\tmwhite.637.1299576009.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00635.001.1299576009.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.cfg.1299597612.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788595\icrc$oth.885.1299597612.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.885.1299597612.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.cfg.1299662413.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100636\Ctx00636.001.1299662413.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00636.001.1299662413.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.cfg.1299684015.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788795\icrc$oth.887.1299684015.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.887.1299684015.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.cfg.1299738014.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1073741840l-1p-1r-1o-1\1157\ssapiptn.da6.1299738014.tmp 
1.719: Destination: 
1.719: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.cfg.1299738014.tmp 
1.719: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\788995\icrc$oth.889.1299738014.tmp 
1.735: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.889.1299738014.tmp 
1.735: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Module\10001\1.5.1381\6.2.1028\ssapiptn.da6.1299738014.tmp 
1.735: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.cfg.1299748811.tmp 
1.735: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100637\Ctx00637.001.1299748811.tmp 
1.735: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00637.001.1299748811.tmp 
1.735: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.cfg.1299846014.tmp 
1.735: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100638\Ctx00638.001.1299846014.tmp 
1.735: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00638.001.1299846014.tmp 
1.735: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.cfg.1299856818.tmp 
1.735: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789195\icrc$oth.891.1299856818.tmp 
1.735: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.891.1299856818.tmp 
1.735: Destination: 
1.735: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.cfg.1299943219.tmp 
1.735: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789395\icrc$oth.893.1299943219.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.893.1299943219.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.cfg.1299964822.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789595\icrc$oth.895.1299964822.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.895.1299964822.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.cfg.1300029621.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789795\icrc$oth.897.1300029621.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.897.1300029621.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.cfg.1300083628.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.cfg.1300083628.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\127300.txt.1300083628.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127300\tmtd.ptn.1300083628.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\127300.txt.1300083628.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\tmtd.ptn.1300083628.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.cfg.1300094428.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1207959808l-1p-1r-1o-1\100639\Ctx00639.001.1300094428.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Module\10005\1.5.1381\3.5.1032\Ctx00639.001.1300094428.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.cfg.1300116035.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208090624l1p-1r-1o-1\789995\icrc$oth.899.1300116035.tmp 
1.750: Destination: 
1.750: Source:C:\Program Files\Trend Micro\AMSP\Module\10000\1.5.1381\9.200.1007\icrc$oth.899.1300116035.tmp 
1.750: Destination: 
1.766: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.766: SetProductTypes: InfProductBuildType=BuildType.IP
1.766: SetAltOsLoaderPath: No section uses DirId 65701; done.
1.797: DoInstallation: FetchSourceURL for c:\cb73b6e207efd0c373e201d4\update\update_SP3GDR.inf failed
1.797: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
1.813: BuildCabinetManifest: update.url absent
1.813: Starting AnalyzeComponents
1.813: AnalyzePhaseZero used 0 ticks
1.813: No c:\windows\INF\updtblk.inf file.
1.813: OEM file scan used 0 ticks
1.813: AnalyzePhaseOne: used 0 ticks
1.813: AnalyzeComponents: Hotpatch analysis disabled; skipping.
1.813: AnalyzeComponents: Hotpatching is disabled.
1.813: FindFirstFile c:\windows\$hf_mig$\*.*
2.469: AnalyzeForBranching used 0 ticks.
2.469: AnalyzePhaseTwo used 0 ticks
2.469: AnalyzePhaseThree used 0 ticks
2.469: AnalyzePhaseFive used 0 ticks
2.485: AnalyzePhaseSix used 16 ticks
12.907: Message displayed to the user: Are you sure you want to cancel?
12.907: User Input: YES
14.485: AnalyzeComponents: Cancelled
14.485: Inventory complete: ReturnStatus=1223, 12688 ticks
14.485: KB978601 Setup canceled.
16.719: Message displayed to the user: KB978601 Setup canceled.
16.719: User Input: OK
16.719: Update.exe extended error code = 0xf00d
16.719: Update.exe return code was masked to 0x643 for MSI custom action compliance.
1.359: ================================================================================
1.359: 2011/03/14 18:04:30.609 (local)
1.359: c:\60dff07201fa92d9b8\update\update.exe (version 6.3.13.0)
1.375: Hotfix started with following command line: 
1.375: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
2.640: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
2.640: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
2.640: DoInstallation: CleanPFR failed: 0x2 
2.640: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
2.640: SetProductTypes: InfProductBuildType=BuildType.IP
2.640: SetAltOsLoaderPath: No section uses DirId 65701; done.
2.718: DoInstallation: FetchSourceURL for c:\60dff07201fa92d9b8\update\update_SP3GDR.inf failed
2.718: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
2.734: BuildCabinetManifest: update.url absent
2.734: Starting AnalyzeComponents
2.734: AnalyzePhaseZero used 0 ticks
2.734: No c:\windows\INF\updtblk.inf file.
2.734: OEM file scan used 0 ticks
2.796: AnalyzePhaseOne: used 62 ticks
2.796: AnalyzeComponents: Hotpatch analysis disabled; skipping.
2.796: AnalyzeComponents: Hotpatching is disabled.
2.796: FindFirstFile c:\windows\$hf_mig$\*.*
6.875: AnalyzeForBranching used 0 ticks.
6.875: AnalyzePhaseTwo used 0 ticks
6.875: AnalyzePhaseThree used 0 ticks
6.875: AnalyzePhaseFive used 0 ticks
6.875: AnalyzePhaseSix used 0 ticks
6.875: AnalyzeComponents used 4141 ticks
6.875: Downloading 0 files
6.875: bPatchMode = FALSE
6.875: Inventory complete: ReturnStatus=0, 4157 ticks
7.640: CreateUninstall = 0,Directory = C:\WINDOWS\$NtUninstallKB978601$ 
7.640: Num Ticks for invent : 4922
7.687: VerifyTargetFileSize: Unable to verify size as Source = NULL for file c:\windows\inf\HFX6.tmp
7.781: Copied file: c:\windows\inf\branches.inf
45.250: Allocation size of drive C: is 4096 bytes, free space = 146714492928 bytes
45.265: Drive C: free 139917MB req: 5MB w/uninstall 0MB
45.265: CabinetBuild complete
45.265: Num Ticks for Cabinet build : 37625
45.265: DynamicStrings section not defined or empty.
45.281: FileInUse:: Detection disabled.
46.281: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
50.296: System Restore Point set.
50.484: Copied file: C:\WINDOWS\system32\spmsg.dll
50.546: PFE2: Not avoiding Per File Exceptions.
51.062: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\60dff07201fa92d9b8\update\update_SP3QFE.inf -> c:\windows\$hf_mig$\KB978601\update\update_SP3QFE.inf.
51.453: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\60dff07201fa92d9b8\spuninst.exe -> c:\windows\$hf_mig$\KB978601\spuninst.exe.
51.750: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\60dff07201fa92d9b8\spmsg.dll -> c:\windows\$hf_mig$\KB978601\spmsg.dll.
52.140: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\60dff07201fa92d9b8\update\spcustom.dll -> c:\windows\$hf_mig$\KB978601\update\spcustom.dll.
52.312: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\60dff07201fa92d9b8\update\KB978601.CAT -> c:\windows\$hf_mig$\KB978601\update\KB978601.CAT.
52.781: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\60dff07201fa92d9b8\update\update.exe -> c:\windows\$hf_mig$\KB978601\update\update.exe.
53.265: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\60dff07201fa92d9b8\update\updspapi.dll -> c:\windows\$hf_mig$\KB978601\update\updspapi.dll.
53.468: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\60dff07201fa92d9b8\update\update.ver -> c:\windows\$hf_mig$\KB978601\update\update.ver.
53.500: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\60dff07201fa92d9b8\update\updatebr.inf -> c:\windows\$hf_mig$\KB978601\update\updatebr.inf.
53.500: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\60dff07201fa92d9b8\update\eula.txt -> c:\windows\$hf_mig$\KB978601\update\eula.txt.
53.593: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\60dff07201fa92d9b8\update\branches.inf -> c:\windows\$hf_mig$\KB978601\update\branches.inf.
53.609: DoInstallation: Installing assemblies with source root path: c:\60dff07201fa92d9b8\
53.609: Num Ticks for Copying files : 8344
53.625: Num Ticks for Reg update and deleting 0 size files : 16 
53.812: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section is empty; nothing to do.
180.640: RebootNecessary = 0,WizardInput = 0 , DontReboot = 1, ForceRestart = 0
1.063: ================================================================================
1.063: 2011/03/14 18:09:45.125 (local)
1.063: c:\81ba9792c3efcf7f1f75\update\update.exe (version 6.3.13.0)
1.078: Hotfix started with following command line: 
1.078: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.391: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
1.391: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
1.391: DoInstallation: CleanPFR failed: 0x2 
1.391: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.391: SetProductTypes: InfProductBuildType=BuildType.IP
1.391: SetAltOsLoaderPath: No section uses DirId 65701; done.
1.422: DoInstallation: FetchSourceURL for c:\81ba9792c3efcf7f1f75\update\update_SP3GDR.inf failed
1.422: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
1.438: BuildCabinetManifest: update.url absent
1.438: Starting AnalyzeComponents
1.438: AnalyzePhaseZero used 0 ticks
1.438: No c:\windows\INF\updtblk.inf file.
1.438: OEM file scan used 0 ticks
1.438: AnalyzePhaseOne: used 0 ticks
1.438: AnalyzeComponents: Hotpatch analysis disabled; skipping.
1.438: AnalyzeComponents: Hotpatching is disabled.
1.438: FindFirstFile c:\windows\$hf_mig$\*.*
1.844: AnalyzeForBranching used 0 ticks.
1.859: AnalyzePhaseTwo used 15 ticks
1.859: AnalyzePhaseThree used 0 ticks
1.859: AnalyzePhaseFive used 0 ticks
1.859: AnalyzePhaseSix used 0 ticks
15.906: AnalyzeComponents used 14468 ticks
15.906: Downloading 0 files
15.906: bPatchMode = FALSE
15.906: Inventory complete: ReturnStatus=0, 14484 ticks
17.500: CreateUninstall = 0,Directory = C:\WINDOWS\$NtUninstallKB978601$ 
17.500: Num Ticks for invent : 16078
17.531: VerifyTargetFileSize: Unable to verify size as Source = NULL for file c:\windows\inf\HFX32.tmp
17.594: Copied file: c:\windows\inf\branches.inf
40.047: Message displayed to the user: Are you sure you want to cancel?
40.047: User Input: YES
48.781: Error getting disk usage info, GLE=0x4c7
48.781: DoInstallation:AnalyzeDiskUsage failed
48.844: KB978601 Setup canceled.
51.625: Message displayed to the user: KB978601 Setup canceled.
51.625: User Input: OK
51.625: Update.exe extended error code = 0xf00d
51.625: Update.exe return code was masked to 0x643 for MSI custom action compliance.
1.125: ================================================================================
1.125: 2011/03/14 18:11:58.453 (local)
1.125: c:\2099b78fc012a4ebc0\update\update.exe (version 6.3.13.0)
1.140: Hotfix started with following command line: 
1.156: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.515: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
1.515: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
1.515: DoInstallation: CleanPFR failed: 0x2 
1.515: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.515: SetProductTypes: InfProductBuildType=BuildType.IP
1.515: SetAltOsLoaderPath: No section uses DirId 65701; done.
1.547: DoInstallation: FetchSourceURL for c:\2099b78fc012a4ebc0\update\update_SP3GDR.inf failed
1.547: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
1.562: BuildCabinetManifest: update.url absent
1.562: Starting AnalyzeComponents
1.562: AnalyzePhaseZero used 0 ticks
1.562: No c:\windows\INF\updtblk.inf file.
1.562: OEM file scan used 0 ticks
1.562: AnalyzePhaseOne: used 0 ticks
1.562: AnalyzeComponents: Hotpatch analysis disabled; skipping.
1.562: AnalyzeComponents: Hotpatching is disabled.
1.562: FindFirstFile c:\windows\$hf_mig$\*.*
1.953: AnalyzeForBranching used 0 ticks.
1.953: AnalyzePhaseTwo used 0 ticks
1.953: AnalyzePhaseThree used 0 ticks
1.953: AnalyzePhaseFive used 0 ticks
1.968: AnalyzePhaseSix used 15 ticks
25.047: Message displayed to the user: Are you sure you want to cancel?
25.047: User Input: NO
28.906: AnalyzeComponents used 27344 ticks
28.906: Downloading 0 files
28.906: bPatchMode = FALSE
28.906: Inventory complete: ReturnStatus=0, 27359 ticks
31.015: CreateUninstall = 0,Directory = C:\WINDOWS\$NtUninstallKB978601$ 
31.015: Num Ticks for invent : 29468
31.031: VerifyTargetFileSize: Unable to verify size as Source = NULL for file c:\windows\inf\HFX33.tmp
31.062: Copied file: c:\windows\inf\branches.inf
36.265: Allocation size of drive C: is 4096 bytes, free space = 146684612608 bytes
36.281: Drive C: free 139889MB req: 5MB w/uninstall 0MB
36.281: CabinetBuild complete
36.281: Num Ticks for Cabinet build : 5266
36.281: DynamicStrings section not defined or empty.
36.297: FileInUse:: Detection disabled.
37.297: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
41.218: System Restore Point set.
41.265: Copied file: C:\WINDOWS\system32\spmsg.dll
41.281: PFE2: Not avoiding Per File Exceptions.
41.515: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\2099b78fc012a4ebc0\update\update_SP3QFE.inf -> c:\windows\$hf_mig$\KB978601\update\update_SP3QFE.inf.
41.578: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\2099b78fc012a4ebc0\spuninst.exe -> c:\windows\$hf_mig$\KB978601\spuninst.exe.
41.593: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\2099b78fc012a4ebc0\spmsg.dll -> c:\windows\$hf_mig$\KB978601\spmsg.dll.
41.797: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\2099b78fc012a4ebc0\update\spcustom.dll -> c:\windows\$hf_mig$\KB978601\update\spcustom.dll.
41.906: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\2099b78fc012a4ebc0\update\KB978601.CAT -> c:\windows\$hf_mig$\KB978601\update\KB978601.CAT.
42.125: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\2099b78fc012a4ebc0\update\update.exe -> c:\windows\$hf_mig$\KB978601\update\update.exe.
42.390: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\2099b78fc012a4ebc0\update\updspapi.dll -> c:\windows\$hf_mig$\KB978601\update\updspapi.dll.
42.406: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\2099b78fc012a4ebc0\update\update.ver -> c:\windows\$hf_mig$\KB978601\update\update.ver.
42.422: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\2099b78fc012a4ebc0\update\updatebr.inf -> c:\windows\$hf_mig$\KB978601\update\updatebr.inf.
42.422: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\2099b78fc012a4ebc0\update\eula.txt -> c:\windows\$hf_mig$\KB978601\update\eula.txt.
42.453: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\2099b78fc012a4ebc0\update\branches.inf -> c:\windows\$hf_mig$\KB978601\update\branches.inf.
42.484: DoInstallation: Installing assemblies with source root path: c:\2099b78fc012a4ebc0\
42.484: Num Ticks for Copying files : 6203
42.484: Num Ticks for Reg update and deleting 0 size files : 0 
42.593: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section is empty; nothing to do.
53.953: RebootNecessary = 0,WizardInput = 0 , DontReboot = 1, ForceRestart = 0
1.078: ================================================================================
1.078: 2011/03/14 19:59:03.015 (local)
1.078: c:\969a5887ea075430a0a602064eae79\update\update.exe (version 6.3.13.0)
1.109: Hotfix started with following command line: 
1.109: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.609: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
1.609: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
1.609: DoInstallation: CleanPFR failed: 0x2 
1.609: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.609: SetProductTypes: InfProductBuildType=BuildType.IP
1.625: SetAltOsLoaderPath: No section uses DirId 65701; done.
1.656: DoInstallation: FetchSourceURL for c:\969a5887ea075430a0a602064eae79\update\update_SP3GDR.inf failed
1.656: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
1.656: BuildCabinetManifest: update.url absent
1.656: Starting AnalyzeComponents
1.656: AnalyzePhaseZero used 0 ticks
1.656: No c:\windows\INF\updtblk.inf file.
1.656: OEM file scan used 0 ticks
1.672: AnalyzePhaseOne: used 16 ticks
1.672: AnalyzeComponents: Hotpatch analysis disabled; skipping.
1.672: AnalyzeComponents: Hotpatching is disabled.
1.672: FindFirstFile c:\windows\$hf_mig$\*.*
2.078: AnalyzeForBranching used 0 ticks.
2.078: AnalyzePhaseTwo used 0 ticks
2.078: AnalyzePhaseThree used 0 ticks
2.078: AnalyzePhaseFive used 0 ticks
2.094: AnalyzePhaseSix used 16 ticks
32.281: AnalyzeComponents used 30625 ticks
32.297: Downloading 0 files
32.297: bPatchMode = FALSE
32.297: Inventory complete: ReturnStatus=0, 30641 ticks
33.469: CreateUninstall = 0,Directory = C:\WINDOWS\$NtUninstallKB978601$ 
33.469: Num Ticks for invent : 31813
33.500: VerifyTargetFileSize: Unable to verify size as Source = NULL for file c:\windows\inf\HFX5F.tmp
33.563: Copied file: c:\windows\inf\branches.inf
63.422: Allocation size of drive C: is 4096 bytes, free space = 146621075456 bytes
63.453: Drive C: free 139828MB req: 5MB w/uninstall 0MB
63.453: CabinetBuild complete
63.453: Num Ticks for Cabinet build : 29984
63.453: DynamicStrings section not defined or empty.
63.469: FileInUse:: Detection disabled.
64.469: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
68.422: System Restore Point set.
68.469: Copied file: C:\WINDOWS\system32\spmsg.dll
68.484: PFE2: Not avoiding Per File Exceptions.
68.922: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\969a5887ea075430a0a602064eae79\update\update_SP3QFE.inf -> c:\windows\$hf_mig$\KB978601\update\update_SP3QFE.inf.
69.109: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\969a5887ea075430a0a602064eae79\spuninst.exe -> c:\windows\$hf_mig$\KB978601\spuninst.exe.
69.125: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\969a5887ea075430a0a602064eae79\spmsg.dll -> c:\windows\$hf_mig$\KB978601\spmsg.dll.
69.172: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\969a5887ea075430a0a602064eae79\update\spcustom.dll -> c:\windows\$hf_mig$\KB978601\update\spcustom.dll.
69.219: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\969a5887ea075430a0a602064eae79\update\KB978601.CAT -> c:\windows\$hf_mig$\KB978601\update\KB978601.CAT.
69.281: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\969a5887ea075430a0a602064eae79\update\update.exe -> c:\windows\$hf_mig$\KB978601\update\update.exe.
69.313: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\969a5887ea075430a0a602064eae79\update\updspapi.dll -> c:\windows\$hf_mig$\KB978601\update\updspapi.dll.
69.422: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\969a5887ea075430a0a602064eae79\update\update.ver -> c:\windows\$hf_mig$\KB978601\update\update.ver.
69.422: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\969a5887ea075430a0a602064eae79\update\updatebr.inf -> c:\windows\$hf_mig$\KB978601\update\updatebr.inf.
69.422: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\969a5887ea075430a0a602064eae79\update\eula.txt -> c:\windows\$hf_mig$\KB978601\update\eula.txt.
69.453: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\969a5887ea075430a0a602064eae79\update\branches.inf -> c:\windows\$hf_mig$\KB978601\update\branches.inf.
69.469: DoInstallation: Installing assemblies with source root path: c:\969a5887ea075430a0a602064eae79\
69.469: Num Ticks for Copying files : 6016
69.484: Num Ticks for Reg update and deleting 0 size files : 15 
69.609: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section is empty; nothing to do.
80.750: RebootNecessary = 0,WizardInput = 0 , DontReboot = 1, ForceRestart = 0
9.234: ================================================================================
9.250: 2011/03/18 12:13:57.656 (local)
9.250: c:\f2deb304b4c83d80ace7c1\update\update.exe (version 6.3.13.0)
9.281: Hotfix started with following command line: 
9.328: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
12.062: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
12.062: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
12.062: DoInstallation: CleanPFR failed: 0x2 
12.062: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
12.062: SetProductTypes: InfProductBuildType=BuildType.IP
12.062: SetAltOsLoaderPath: No section uses DirId 65701; done.
12.281: DoInstallation: FetchSourceURL for c:\f2deb304b4c83d80ace7c1\update\update_SP3GDR.inf failed
12.281: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
12.328: BuildCabinetManifest: update.url absent
12.328: Starting AnalyzeComponents
12.328: AnalyzePhaseZero used 0 ticks
12.328: No c:\windows\INF\updtblk.inf file.
12.328: OEM file scan used 0 ticks
12.594: AnalyzePhaseOne: used 266 ticks
12.594: AnalyzeComponents: Hotpatch analysis disabled; skipping.
12.594: AnalyzeComponents: Hotpatching is disabled.
12.594: FindFirstFile c:\windows\$hf_mig$\*.*
17.578: AnalyzeForBranching used 0 ticks.
17.594: AnalyzePhaseTwo used 0 ticks
17.594: AnalyzePhaseThree used 0 ticks
17.594: AnalyzePhaseFive used 0 ticks
17.594: AnalyzePhaseSix used 0 ticks
17.594: AnalyzeComponents used 5266 ticks
17.594: Downloading 0 files
17.594: bPatchMode = FALSE
17.594: Inventory complete: ReturnStatus=0, 5313 ticks
17.844: CreateUninstall = 0,Directory = C:\WINDOWS\$NtUninstallKB978601$ 
17.844: Num Ticks for invent : 5563
17.953: VerifyTargetFileSize: Unable to verify size as Source = NULL for file c:\windows\inf\HFX1.tmp
18.078: Copied file: c:\windows\inf\branches.inf
59.422: Allocation size of drive C: is 4096 bytes, free space = 147375321088 bytes
59.422: Drive C: free 140548MB req: 5MB w/uninstall 0MB
59.422: CabinetBuild complete
59.422: Num Ticks for Cabinet build : 41578
59.422: DynamicStrings section not defined or empty.
59.453: FileInUse:: Detection disabled.
60.453: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
60.797: Copied file: C:\WINDOWS\system32\spmsg.dll
63.500: PFE2: Not avoiding Per File Exceptions.
63.765: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\f2deb304b4c83d80ace7c1\update\update_SP3QFE.inf -> c:\windows\$hf_mig$\KB978601\update\update_SP3QFE.inf.
64.000: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\f2deb304b4c83d80ace7c1\spuninst.exe -> c:\windows\$hf_mig$\KB978601\spuninst.exe.
64.031: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\f2deb304b4c83d80ace7c1\spmsg.dll -> c:\windows\$hf_mig$\KB978601\spmsg.dll.
64.500: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\f2deb304b4c83d80ace7c1\update\spcustom.dll -> c:\windows\$hf_mig$\KB978601\update\spcustom.dll.
64.609: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\f2deb304b4c83d80ace7c1\update\KB978601.CAT -> c:\windows\$hf_mig$\KB978601\update\KB978601.CAT.
65.453: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\f2deb304b4c83d80ace7c1\update\update.exe -> c:\windows\$hf_mig$\KB978601\update\update.exe.
65.797: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\f2deb304b4c83d80ace7c1\update\updspapi.dll -> c:\windows\$hf_mig$\KB978601\update\updspapi.dll.
65.828: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\f2deb304b4c83d80ace7c1\update\update.ver -> c:\windows\$hf_mig$\KB978601\update\update.ver.
65.844: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\f2deb304b4c83d80ace7c1\update\updatebr.inf -> c:\windows\$hf_mig$\KB978601\update\updatebr.inf.
65.844: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\f2deb304b4c83d80ace7c1\update\eula.txt -> c:\windows\$hf_mig$\KB978601\update\eula.txt.
66.031: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\f2deb304b4c83d80ace7c1\update\branches.inf -> c:\windows\$hf_mig$\KB978601\update\branches.inf.
66.062: DoInstallation: Installing assemblies with source root path: c:\f2deb304b4c83d80ace7c1\
66.062: Num Ticks for Copying files : 6640
66.094: Num Ticks for Reg update and deleting 0 size files : 32 
66.140: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section is empty; nothing to do.
70.297: RebootNecessary = 0,WizardInput = 0 , DontReboot = 1, ForceRestart = 0
1.094: ================================================================================
1.109: 2011/03/18 12:40:17.095 (local)
1.109: c:\55493ee7dbf77b3140aea09e7b09\update\update.exe (version 6.3.13.0)
1.109: Hotfix started with following command line: 
1.125: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
2.469: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
2.469: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
2.469: DoInstallation: CleanPFR failed: 0x2 
2.469: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
2.469: SetProductTypes: InfProductBuildType=BuildType.IP
2.469: SetAltOsLoaderPath: No section uses DirId 65701; done.
2.531: DoInstallation: FetchSourceURL for c:\55493ee7dbf77b3140aea09e7b09\update\update_SP3GDR.inf failed
2.547: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
2.562: BuildCabinetManifest: update.url absent
2.562: Starting AnalyzeComponents
2.562: AnalyzePhaseZero used 0 ticks
2.562: No c:\windows\INF\updtblk.inf file.
2.562: OEM file scan used 0 ticks
2.625: AnalyzePhaseOne: used 63 ticks
2.625: AnalyzeComponents: Hotpatch analysis disabled; skipping.
2.625: AnalyzeComponents: Hotpatching is disabled.
2.625: FindFirstFile c:\windows\$hf_mig$\*.*
6.781: CreateUninstall = 0,Directory = C:\WINDOWS\$NtUninstallKB978601$ 
9.781: AnalyzeForBranching used 0 ticks.
9.781: AnalyzePhaseTwo used 0 ticks
9.781: AnalyzePhaseThree used 0 ticks
9.781: AnalyzePhaseFive used 0 ticks
9.781: AnalyzePhaseSix used 0 ticks
9.781: AnalyzeComponents used 7219 ticks
9.781: Downloading 0 files
9.781: bPatchMode = FALSE
9.781: Inventory complete: ReturnStatus=0, 7234 ticks
9.781: Num Ticks for invent : 7234
9.828: VerifyTargetFileSize: Unable to verify size as Source = NULL for file c:\windows\inf\HFX4.tmp
9.906: Copied file: c:\windows\inf\branches.inf
91.609: Allocation size of drive C: is 4096 bytes, free space = 146297958400 bytes
91.656: Drive C: free 139520MB req: 5MB w/uninstall 0MB
91.656: CabinetBuild complete
91.656: Num Ticks for Cabinet build : 81875
91.656: DynamicStrings section not defined or empty.
91.687: FileInUse:: Detection disabled.
92.687: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
103.156: System Restore Point set.
103.391: Copied file: C:\WINDOWS\system32\spmsg.dll
103.422: PFE2: Not avoiding Per File Exceptions.
104.484: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\55493ee7dbf77b3140aea09e7b09\update\update_SP3QFE.inf -> c:\windows\$hf_mig$\KB978601\update\update_SP3QFE.inf.
104.672: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\55493ee7dbf77b3140aea09e7b09\spuninst.exe -> c:\windows\$hf_mig$\KB978601\spuninst.exe.
104.719: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\55493ee7dbf77b3140aea09e7b09\spmsg.dll -> c:\windows\$hf_mig$\KB978601\spmsg.dll.
104.937: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\55493ee7dbf77b3140aea09e7b09\update\spcustom.dll -> c:\windows\$hf_mig$\KB978601\update\spcustom.dll.
105.031: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\55493ee7dbf77b3140aea09e7b09\update\KB978601.CAT -> c:\windows\$hf_mig$\KB978601\update\KB978601.CAT.
105.656: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\55493ee7dbf77b3140aea09e7b09\update\update.exe -> c:\windows\$hf_mig$\KB978601\update\update.exe.
105.750: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\55493ee7dbf77b3140aea09e7b09\update\updspapi.dll -> c:\windows\$hf_mig$\KB978601\update\updspapi.dll.
106.156: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\55493ee7dbf77b3140aea09e7b09\update\update.ver -> c:\windows\$hf_mig$\KB978601\update\update.ver.
106.281: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\55493ee7dbf77b3140aea09e7b09\update\updatebr.inf -> c:\windows\$hf_mig$\KB978601\update\updatebr.inf.
106.281: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\55493ee7dbf77b3140aea09e7b09\update\eula.txt -> c:\windows\$hf_mig$\KB978601\update\eula.txt.
106.562: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\55493ee7dbf77b3140aea09e7b09\update\branches.inf -> c:\windows\$hf_mig$\KB978601\update\branches.inf.
106.625: DoInstallation: Installing assemblies with source root path: c:\55493ee7dbf77b3140aea09e7b09\
106.625: Num Ticks for Copying files : 14969
106.625: Num Ticks for Reg update and deleting 0 size files : 0 
106.953: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section is empty; nothing to do.
127.578: RebootNecessary = 0,WizardInput = 0 , DontReboot = 1, ForceRestart = 0
1.719: ================================================================================
1.719: 2011/03/18 13:04:28.517 (local)
1.719: c:\2b6142075cb0d6e3d3306d3c\update\update.exe (version 6.3.13.0)
1.719: Hotfix started with following command line: 
1.750: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
2.672: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
2.672: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
2.672: DoInstallation: CleanPFR failed: 0x2 
2.672: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
2.672: SetProductTypes: InfProductBuildType=BuildType.IP
2.672: SetAltOsLoaderPath: No section uses DirId 65701; done.
2.750: DoInstallation: FetchSourceURL for c:\2b6142075cb0d6e3d3306d3c\update\update_SP3GDR.inf failed
2.750: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
2.766: BuildCabinetManifest: update.url absent
2.766: Starting AnalyzeComponents
2.766: AnalyzePhaseZero used 0 ticks
2.766: No c:\windows\INF\updtblk.inf file.
2.766: OEM file scan used 0 ticks
2.875: AnalyzePhaseOne: used 109 ticks
2.875: AnalyzeComponents: Hotpatch analysis disabled; skipping.
2.875: AnalyzeComponents: Hotpatching is disabled.
2.875: FindFirstFile c:\windows\$hf_mig$\*.*
3.719: AnalyzeForBranching used 0 ticks.
3.719: AnalyzePhaseTwo used 0 ticks
3.719: AnalyzePhaseThree used 0 ticks
3.719: AnalyzePhaseFive used 0 ticks
3.719: AnalyzePhaseSix used 0 ticks
37.125: Message displayed to the user: Are you sure you want to cancel?
37.125: User Input: YES
39.719: AnalyzeComponents: Cancelled
39.719: Inventory complete: ReturnStatus=1223, 36969 ticks
40.000: KB978601 Setup canceled.
42.797: Message displayed to the user: KB978601 Setup canceled.
42.797: User Input: OK
42.797: Update.exe extended error code = 0xf00d
42.797: Update.exe return code was masked to 0x643 for MSI custom action compliance.
1.375: ================================================================================
1.375: 2011/03/20 15:21:07.312 (local)
1.375: c:\8122d8e37e73d269c01b\update\update.exe (version 6.3.13.0)
1.391: Hotfix started with following command line: 
1.407: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
2.235: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
2.235: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
2.235: DoInstallation: CleanPFR failed: 0x2 
2.235: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
2.235: SetProductTypes: InfProductBuildType=BuildType.IP
2.250: SetAltOsLoaderPath: No section uses DirId 65701; done.
2.297: DoInstallation: FetchSourceURL for c:\8122d8e37e73d269c01b\update\update_SP3GDR.inf failed
2.297: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
2.313: BuildCabinetManifest: update.url absent
2.329: Starting AnalyzeComponents
2.329: AnalyzePhaseZero used 0 ticks
2.329: No c:\windows\INF\updtblk.inf file.
2.329: OEM file scan used 0 ticks
2.375: AnalyzePhaseOne: used 46 ticks
2.375: AnalyzeComponents: Hotpatch analysis disabled; skipping.
2.375: AnalyzeComponents: Hotpatching is disabled.
2.375: FindFirstFile c:\windows\$hf_mig$\*.*
4.329: AnalyzeForBranching used 0 ticks.
4.329: AnalyzePhaseTwo used 0 ticks
4.329: AnalyzePhaseThree used 0 ticks
4.329: AnalyzePhaseFive used 0 ticks
4.329: AnalyzePhaseSix used 0 ticks
43.641: AnalyzeComponents used 41312 ticks
43.641: Downloading 0 files
43.641: bPatchMode = FALSE
43.641: Inventory complete: ReturnStatus=0, 41344 ticks
44.735: CreateUninstall = 0,Directory = C:\WINDOWS\$NtUninstallKB978601$ 
44.735: Num Ticks for invent : 42438
44.735: VerifyTargetFileSize: Unable to verify size as Source = NULL for file c:\windows\inf\HFX8F.tmp
44.766: Copied file: c:\windows\inf\branches.inf
55.875: Allocation size of drive C: is 4096 bytes, free space = 146306711552 bytes
55.891: Drive C: free 139528MB req: 5MB w/uninstall 0MB
55.891: CabinetBuild complete
55.891: Num Ticks for Cabinet build : 11156
55.891: DynamicStrings section not defined or empty.
55.907: FileInUse:: Detection disabled.
56.907: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
61.110: System Restore Point set.
61.188: Copied file: C:\WINDOWS\system32\spmsg.dll
61.219: PFE2: Not avoiding Per File Exceptions.
61.547: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\8122d8e37e73d269c01b\update\update_SP3QFE.inf -> c:\windows\$hf_mig$\KB978601\update\update_SP3QFE.inf.
61.766: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\8122d8e37e73d269c01b\spuninst.exe -> c:\windows\$hf_mig$\KB978601\spuninst.exe.
61.813: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\8122d8e37e73d269c01b\spmsg.dll -> c:\windows\$hf_mig$\KB978601\spmsg.dll.
62.047: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\8122d8e37e73d269c01b\update\spcustom.dll -> c:\windows\$hf_mig$\KB978601\update\spcustom.dll.
62.188: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\8122d8e37e73d269c01b\update\KB978601.CAT -> c:\windows\$hf_mig$\KB978601\update\KB978601.CAT.
62.610: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\8122d8e37e73d269c01b\update\update.exe -> c:\windows\$hf_mig$\KB978601\update\update.exe.
62.844: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\8122d8e37e73d269c01b\update\updspapi.dll -> c:\windows\$hf_mig$\KB978601\update\updspapi.dll.
62.844: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\8122d8e37e73d269c01b\update\update.ver -> c:\windows\$hf_mig$\KB978601\update\update.ver.
62.860: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\8122d8e37e73d269c01b\update\updatebr.inf -> c:\windows\$hf_mig$\KB978601\update\updatebr.inf.
62.860: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\8122d8e37e73d269c01b\update\eula.txt -> c:\windows\$hf_mig$\KB978601\update\eula.txt.
62.985: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\8122d8e37e73d269c01b\update\branches.inf -> c:\windows\$hf_mig$\KB978601\update\branches.inf.
63.000: DoInstallation: Installing assemblies with source root path: c:\8122d8e37e73d269c01b\
63.000: Num Ticks for Copying files : 7109
63.000: Num Ticks for Reg update and deleting 0 size files : 0 
63.016: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section is empty; nothing to do.
115.719: RebootNecessary = 0,WizardInput = 0 , DontReboot = 1, ForceRestart = 0
1.984: ================================================================================
1.984: 2011/03/21 00:06:09.578 (local)
1.984: c:\fbde2657387597d2db0b38ba\update\update.exe (version 6.3.13.0)
2.000: Hotfix started with following command line: 
2.000: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
2.890: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
2.890: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
2.890: ---- Old Information In The Registry ------
2.890: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127500\127500.txt.cfg.1300678677.tmp 
2.890: Destination: 
2.890: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127500\tmtd.ptn.cfg.1300678677.tmp 
2.890: Destination: 
2.890: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127500\127500.txt.1300678677.tmp 
2.890: Destination: 
2.890: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127500\tmtd.ptn.1300678677.tmp 
2.890: Destination: 
2.890: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\127500.txt.1300678677.tmp 
2.890: Destination: 
2.890: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\tmtd.ptn.1300678677.tmp 
2.890: Destination: 
2.890: ---- New Information In The Registry ------
2.890: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127500\127500.txt.cfg.1300678677.tmp 
2.890: Destination: 
2.890: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127500\tmtd.ptn.cfg.1300678677.tmp 
2.890: Destination: 
2.890: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127500\127500.txt.1300678677.tmp 
2.890: Destination: 
2.890: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127500\tmtd.ptn.1300678677.tmp 
2.890: Destination: 
2.890: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\127500.txt.1300678677.tmp 
2.890: Destination: 
2.890: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\tmtd.ptn.1300678677.tmp 
2.890: Destination: 
2.890: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
2.890: SetProductTypes: InfProductBuildType=BuildType.IP
2.890: SetAltOsLoaderPath: No section uses DirId 65701; done.
2.968: DoInstallation: FetchSourceURL for c:\fbde2657387597d2db0b38ba\update\update_SP3GDR.inf failed
2.984: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
2.984: BuildCabinetManifest: update.url absent
2.984: Starting AnalyzeComponents
2.984: AnalyzePhaseZero used 0 ticks
2.984: No c:\windows\INF\updtblk.inf file.
2.984: OEM file scan used 0 ticks
3.093: AnalyzePhaseOne: used 109 ticks
3.093: AnalyzeComponents: Hotpatch analysis disabled; skipping.
3.093: AnalyzeComponents: Hotpatching is disabled.
3.093: FindFirstFile c:\windows\$hf_mig$\*.*
6.375: AnalyzeForBranching used 0 ticks.
6.375: AnalyzePhaseTwo used 0 ticks
6.375: AnalyzePhaseThree used 0 ticks
6.375: AnalyzePhaseFive used 0 ticks
6.375: AnalyzePhaseSix used 0 ticks
6.375: AnalyzeComponents used 3391 ticks
6.375: Downloading 0 files
6.375: bPatchMode = FALSE
6.375: Inventory complete: ReturnStatus=0, 3407 ticks
10.812: CreateUninstall = 0,Directory = C:\WINDOWS\$NtUninstallKB978601$ 
10.812: Num Ticks for invent : 7844
10.828: VerifyTargetFileSize: Unable to verify size as Source = NULL for file c:\windows\inf\HFX35F.tmp
10.906: Copied file: c:\windows\inf\branches.inf
58.859: Allocation size of drive C: is 4096 bytes, free space = 146040176640 bytes
58.875: Drive C: free 139274MB req: 5MB w/uninstall 0MB
58.875: CabinetBuild complete
58.875: Num Ticks for Cabinet build : 48063
58.875: DynamicStrings section not defined or empty.
58.890: FileInUse:: Detection disabled.
59.890: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
64.078: System Restore Point set.
64.156: Copied file: C:\WINDOWS\system32\spmsg.dll
64.218: PFE2: Not avoiding Per File Exceptions.
64.781: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\fbde2657387597d2db0b38ba\update\update_SP3QFE.inf -> c:\windows\$hf_mig$\KB978601\update\update_SP3QFE.inf.
64.843: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\fbde2657387597d2db0b38ba\spuninst.exe -> c:\windows\$hf_mig$\KB978601\spuninst.exe.
64.953: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\fbde2657387597d2db0b38ba\spmsg.dll -> c:\windows\$hf_mig$\KB978601\spmsg.dll.
65.015: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\fbde2657387597d2db0b38ba\update\spcustom.dll -> c:\windows\$hf_mig$\KB978601\update\spcustom.dll.
65.062: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\fbde2657387597d2db0b38ba\update\KB978601.CAT -> c:\windows\$hf_mig$\KB978601\update\KB978601.CAT.
65.125: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\fbde2657387597d2db0b38ba\update\update.exe -> c:\windows\$hf_mig$\KB978601\update\update.exe.
65.422: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\fbde2657387597d2db0b38ba\update\updspapi.dll -> c:\windows\$hf_mig$\KB978601\update\updspapi.dll.
65.672: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\fbde2657387597d2db0b38ba\update\update.ver -> c:\windows\$hf_mig$\KB978601\update\update.ver.
65.718: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\fbde2657387597d2db0b38ba\update\updatebr.inf -> c:\windows\$hf_mig$\KB978601\update\updatebr.inf.
65.718: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\fbde2657387597d2db0b38ba\update\eula.txt -> c:\windows\$hf_mig$\KB978601\update\eula.txt.
65.812: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\fbde2657387597d2db0b38ba\update\branches.inf -> c:\windows\$hf_mig$\KB978601\update\branches.inf.
65.828: DoInstallation: Installing assemblies with source root path: c:\fbde2657387597d2db0b38ba\
65.828: Num Ticks for Copying files : 6953
65.875: Num Ticks for Reg update and deleting 0 size files : 47 
65.906: ---- Old Information In The Registry ------
65.906: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127500\127500.txt.cfg.1300678677.tmp 
65.906: Destination: 
65.906: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127500\tmtd.ptn.cfg.1300678677.tmp 
65.906: Destination: 
65.906: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127500\127500.txt.1300678677.tmp 
65.906: Destination: 
65.906: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127500\tmtd.ptn.1300678677.tmp 
65.906: Destination: 
65.906: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\127500.txt.1300678677.tmp 
65.906: Destination: 
65.906: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\tmtd.ptn.1300678677.tmp 
65.906: Destination: 
65.906: ---- New Information In The Registry ------
65.906: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127500\127500.txt.cfg.1300678677.tmp 
65.906: Destination: 
65.906: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127500\tmtd.ptn.cfg.1300678677.tmp 
65.906: Destination: 
65.906: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127500\127500.txt.1300678677.tmp 
65.906: Destination: 
65.906: Source:C:\Program Files\Trend Micro\AMSP\Resource\pattern\c3t1208221733l1p1r-1o-1\127500\tmtd.ptn.1300678677.tmp 
65.906: Destination: 
65.906: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\127500.txt.1300678677.tmp 
65.906: Destination: 
65.906: Source:C:\Program Files\Trend Micro\AMSP\Module\10004\1.5.1381\3.50.1169\update\tmtd.ptn.1300678677.tmp 
65.906: Destination: 
65.906: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section is empty; nothing to do.
73.140: RebootNecessary = 0,WizardInput = 0 , DontReboot = 1, ForceRestart = 0
2.093: ================================================================================
2.093: 2011/03/21 00:39:37.468 (local)
2.093: c:\f80176295d2cec24e8\update\update.exe (version 6.3.13.0)
2.125: Hotfix started with following command line: 
2.140: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
3.203: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
3.203: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
3.203: DoInstallation: CleanPFR failed: 0x2 
3.203: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
3.203: SetProductTypes: InfProductBuildType=BuildType.IP
3.203: SetAltOsLoaderPath: No section uses DirId 65701; done.
3.265: DoInstallation: FetchSourceURL for c:\f80176295d2cec24e8\update\update_SP3GDR.inf failed
3.265: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
3.265: BuildCabinetManifest: update.url absent
3.265: Starting AnalyzeComponents
3.265: AnalyzePhaseZero used 0 ticks
3.265: No c:\windows\INF\updtblk.inf file.
3.265: OEM file scan used 0 ticks
3.375: AnalyzePhaseOne: used 110 ticks
3.375: AnalyzeComponents: Hotpatch analysis disabled; skipping.
3.375: AnalyzeComponents: Hotpatching is disabled.
3.375: FindFirstFile c:\windows\$hf_mig$\*.*
4.843: AnalyzeForBranching used 0 ticks.
4.843: AnalyzePhaseTwo used 0 ticks
4.843: AnalyzePhaseThree used 0 ticks
4.843: AnalyzePhaseFive used 0 ticks
4.843: AnalyzePhaseSix used 0 ticks
23.718: AnalyzeComponents used 20453 ticks
23.718: Downloading 0 files
23.718: bPatchMode = FALSE
23.718: Inventory complete: ReturnStatus=0, 20453 ticks
25.078: CreateUninstall = 0,Directory = C:\WINDOWS\$NtUninstallKB978601$ 
25.078: Num Ticks for invent : 21813
25.109: VerifyTargetFileSize: Unable to verify size as Source = NULL for file c:\windows\inf\HFX5E.tmp
25.156: Copied file: c:\windows\inf\branches.inf
62.500: Allocation size of drive C: is 4096 bytes, free space = 145736241152 bytes
62.515: Drive C: free 138984MB req: 5MB w/uninstall 0MB
62.515: CabinetBuild complete
62.515: Num Ticks for Cabinet build : 37437
62.515: DynamicStrings section not defined or empty.
62.546: FileInUse:: Detection disabled.
63.546: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
67.484: System Restore Point set.
67.625: PFE2: Not avoiding Per File Exceptions.
68.140: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\f80176295d2cec24e8\update\update_SP3QFE.inf -> c:\windows\$hf_mig$\KB978601\update\update_SP3QFE.inf.
68.453: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\f80176295d2cec24e8\spuninst.exe -> c:\windows\$hf_mig$\KB978601\spuninst.exe.
68.593: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\f80176295d2cec24e8\spmsg.dll -> c:\windows\$hf_mig$\KB978601\spmsg.dll.
68.781: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\f80176295d2cec24e8\update\spcustom.dll -> c:\windows\$hf_mig$\KB978601\update\spcustom.dll.
69.125: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\f80176295d2cec24e8\update\KB978601.CAT -> c:\windows\$hf_mig$\KB978601\update\KB978601.CAT.
69.562: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\f80176295d2cec24e8\update\update.exe -> c:\windows\$hf_mig$\KB978601\update\update.exe.
69.781: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\f80176295d2cec24e8\update\updspapi.dll -> c:\windows\$hf_mig$\KB978601\update\updspapi.dll.
70.000: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\f80176295d2cec24e8\update\update.ver -> c:\windows\$hf_mig$\KB978601\update\update.ver.
70.031: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\f80176295d2cec24e8\update\updatebr.inf -> c:\windows\$hf_mig$\KB978601\update\updatebr.inf.
70.031: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\f80176295d2cec24e8\update\eula.txt -> c:\windows\$hf_mig$\KB978601\update\eula.txt.
70.093: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\f80176295d2cec24e8\update\branches.inf -> c:\windows\$hf_mig$\KB978601\update\branches.inf.
70.109: DoInstallation: Installing assemblies with source root path: c:\f80176295d2cec24e8\
70.109: Num Ticks for Copying files : 7594
70.109: Num Ticks for Reg update and deleting 0 size files : 0 
70.171: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section is empty; nothing to do.
76.750: RebootNecessary = 0,WizardInput = 0 , DontReboot = 1, ForceRestart = 0
2.563: ================================================================================
2.563: 2011/03/26 15:49:50.921 (local)
2.563: c:\512a05b0296c799fdaaa\update\update.exe (version 6.3.13.0)
2.578: Hotfix started with following command line: 
2.610: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
3.969: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
3.969: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
3.969: DoInstallation: CleanPFR failed: 0x2 
3.969: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
3.969: SetProductTypes: InfProductBuildType=BuildType.IP
4.000: SetAltOsLoaderPath: No section uses DirId 65701; done.
4.016: DoInstallation: FetchSourceURL for c:\512a05b0296c799fdaaa\update\update_SP3GDR.inf failed
4.032: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
4.032: BuildCabinetManifest: update.url absent
4.032: Starting AnalyzeComponents
4.032: AnalyzePhaseZero used 0 ticks
4.032: No c:\windows\INF\updtblk.inf file.
4.032: OEM file scan used 0 ticks
4.172: AnalyzePhaseOne: used 140 ticks
4.172: AnalyzeComponents: Hotpatch analysis disabled; skipping.
4.172: AnalyzeComponents: Hotpatching is disabled.
4.172: FindFirstFile c:\windows\$hf_mig$\*.*
9.453: AnalyzeForBranching used 0 ticks.
9.453: AnalyzePhaseTwo used 0 ticks
9.453: AnalyzePhaseThree used 0 ticks
9.453: AnalyzePhaseFive used 0 ticks
9.453: AnalyzePhaseSix used 0 ticks
33.485: AnalyzeComponents used 29453 ticks
33.485: Downloading 0 files
33.485: bPatchMode = FALSE
33.485: Inventory complete: ReturnStatus=0, 29469 ticks
36.016: CreateUninstall = 0,Directory = C:\WINDOWS\$NtUninstallKB978601$ 
36.016: Num Ticks for invent : 32000
36.047: VerifyTargetFileSize: Unable to verify size as Source = NULL for file c:\windows\inf\HFX282.tmp
36.110: Copied file: c:\windows\inf\branches.inf
53.000: Allocation size of drive C: is 4096 bytes, free space = 145059823616 bytes
53.016: Drive C: free 138339MB req: 5MB w/uninstall 0MB
53.016: CabinetBuild complete
53.016: Num Ticks for Cabinet build : 17000
53.016: DynamicStrings section not defined or empty.
53.032: FileInUse:: Detection disabled.
54.032: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
58.860: System Restore Point set.
59.000: PFE2: Not avoiding Per File Exceptions.
59.485: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\512a05b0296c799fdaaa\update\update_SP3QFE.inf -> c:\windows\$hf_mig$\KB978601\update\update_SP3QFE.inf.
60.157: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\512a05b0296c799fdaaa\spuninst.exe -> c:\windows\$hf_mig$\KB978601\spuninst.exe.
60.547: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\512a05b0296c799fdaaa\spmsg.dll -> c:\windows\$hf_mig$\KB978601\spmsg.dll.
60.750: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\512a05b0296c799fdaaa\update\spcustom.dll -> c:\windows\$hf_mig$\KB978601\update\spcustom.dll.
60.860: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\512a05b0296c799fdaaa\update\KB978601.CAT -> c:\windows\$hf_mig$\KB978601\update\KB978601.CAT.
61.266: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\512a05b0296c799fdaaa\update\update.exe -> c:\windows\$hf_mig$\KB978601\update\update.exe.
62.078: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\512a05b0296c799fdaaa\update\updspapi.dll -> c:\windows\$hf_mig$\KB978601\update\updspapi.dll.
62.344: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\512a05b0296c799fdaaa\update\update.ver -> c:\windows\$hf_mig$\KB978601\update\update.ver.
62.453: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\512a05b0296c799fdaaa\update\updatebr.inf -> c:\windows\$hf_mig$\KB978601\update\updatebr.inf.
62.485: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\512a05b0296c799fdaaa\update\eula.txt -> c:\windows\$hf_mig$\KB978601\update\eula.txt.
62.688: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\512a05b0296c799fdaaa\update\branches.inf -> c:\windows\$hf_mig$\KB978601\update\branches.inf.
62.735: DoInstallation: Installing assemblies with source root path: c:\512a05b0296c799fdaaa\
62.735: Num Ticks for Copying files : 9719
62.782: Num Ticks for Reg update and deleting 0 size files : 47 
62.938: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section is empty; nothing to do.
67.703: RebootNecessary = 0,WizardInput = 0 , DontReboot = 1, ForceRestart = 0
1.110: ================================================================================
1.110: 2011/03/26 15:51:17.296 (local)
1.110: c:\f1995fa400809a2a803b\update\update.exe (version 6.3.13.0)
1.125: Hotfix started with following command line: 
1.125: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.360: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
1.360: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
1.360: DoInstallation: CleanPFR failed: 0x2 
1.360: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.375: SetProductTypes: InfProductBuildType=BuildType.IP
1.375: SetAltOsLoaderPath: No section uses DirId 65701; done.
1.407: DoInstallation: FetchSourceURL for c:\f1995fa400809a2a803b\update\update_SP3GDR.inf failed
1.407: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
1.407: BuildCabinetManifest: update.url absent
1.407: Starting AnalyzeComponents
1.407: AnalyzePhaseZero used 0 ticks
1.407: No c:\windows\INF\updtblk.inf file.
1.407: OEM file scan used 0 ticks
1.422: AnalyzePhaseOne: used 15 ticks
1.422: AnalyzeComponents: Hotpatch analysis disabled; skipping.
1.422: AnalyzeComponents: Hotpatching is disabled.
1.422: FindFirstFile c:\windows\$hf_mig$\*.*
1.829: AnalyzeForBranching used 0 ticks.
1.829: AnalyzePhaseTwo used 0 ticks
1.829: AnalyzePhaseThree used 0 ticks
1.829: AnalyzePhaseFive used 0 ticks
1.844: AnalyzePhaseSix used 15 ticks
5.813: Message displayed to the user: Are you sure you want to cancel?
5.813: User Input: YES
7.844: AnalyzeComponents: Cancelled
7.844: Inventory complete: ReturnStatus=1223, 6437 ticks
7.844: KB978601 Setup canceled.
11.157: Message displayed to the user: KB978601 Setup canceled.
11.157: User Input: OK
11.157: Update.exe extended error code = 0xf00d
11.157: Update.exe return code was masked to 0x643 for MSI custom action compliance.
1.156: ================================================================================
1.156: 2011/03/26 15:55:52.921 (local)
1.156: c:\74466966d3a45081c644686072\update\update.exe (version 6.3.13.0)
1.171: Hotfix started with following command line: 
1.171: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.734: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
1.734: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
1.734: DoInstallation: CleanPFR failed: 0x2 
1.734: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.734: SetProductTypes: InfProductBuildType=BuildType.IP
1.734: SetAltOsLoaderPath: No section uses DirId 65701; done.
1.765: DoInstallation: FetchSourceURL for c:\74466966d3a45081c644686072\update\update_SP3GDR.inf failed
1.765: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
1.781: BuildCabinetManifest: update.url absent
1.781: Starting AnalyzeComponents
1.781: AnalyzePhaseZero used 0 ticks
1.781: No c:\windows\INF\updtblk.inf file.
1.781: OEM file scan used 0 ticks
1.781: AnalyzePhaseOne: used 0 ticks
1.781: AnalyzeComponents: Hotpatch analysis disabled; skipping.
1.781: AnalyzeComponents: Hotpatching is disabled.
1.781: FindFirstFile c:\windows\$hf_mig$\*.*
2.093: AnalyzeForBranching used 0 ticks.
2.093: AnalyzePhaseTwo used 0 ticks
2.093: AnalyzePhaseThree used 0 ticks
2.093: AnalyzePhaseFive used 0 ticks
2.093: AnalyzePhaseSix used 0 ticks
5.484: AnalyzeComponents used 3703 ticks
5.484: Downloading 0 files
5.484: bPatchMode = FALSE
5.484: Inventory complete: ReturnStatus=0, 3719 ticks
6.718: CreateUninstall = 0,Directory = C:\WINDOWS\$NtUninstallKB978601$ 
6.718: Num Ticks for invent : 4953
6.734: VerifyTargetFileSize: Unable to verify size as Source = NULL for file c:\windows\inf\HFX2C6.tmp
6.750: Copied file: c:\windows\inf\branches.inf
18.156: Allocation size of drive C: is 4096 bytes, free space = 145031077888 bytes
18.156: Drive C: free 138312MB req: 5MB w/uninstall 0MB
18.156: CabinetBuild complete
18.156: Num Ticks for Cabinet build : 11438
18.156: DynamicStrings section not defined or empty.
18.203: FileInUse:: Detection disabled.
19.203: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
23.203: System Restore Point set.
23.234: PFE2: Not avoiding Per File Exceptions.
23.343: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\74466966d3a45081c644686072\update\update_SP3QFE.inf -> c:\windows\$hf_mig$\KB978601\update\update_SP3QFE.inf.
23.375: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\74466966d3a45081c644686072\spuninst.exe -> c:\windows\$hf_mig$\KB978601\spuninst.exe.
23.531: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\74466966d3a45081c644686072\spmsg.dll -> c:\windows\$hf_mig$\KB978601\spmsg.dll.
23.578: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\74466966d3a45081c644686072\update\spcustom.dll -> c:\windows\$hf_mig$\KB978601\update\spcustom.dll.
23.703: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\74466966d3a45081c644686072\update\KB978601.CAT -> c:\windows\$hf_mig$\KB978601\update\KB978601.CAT.
24.046: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\74466966d3a45081c644686072\update\update.exe -> c:\windows\$hf_mig$\KB978601\update\update.exe.
24.078: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\74466966d3a45081c644686072\update\updspapi.dll -> c:\windows\$hf_mig$\KB978601\update\updspapi.dll.
24.078: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\74466966d3a45081c644686072\update\update.ver -> c:\windows\$hf_mig$\KB978601\update\update.ver.
24.093: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\74466966d3a45081c644686072\update\updatebr.inf -> c:\windows\$hf_mig$\KB978601\update\updatebr.inf.
24.093: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\74466966d3a45081c644686072\update\eula.txt -> c:\windows\$hf_mig$\KB978601\update\eula.txt.
24.187: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\74466966d3a45081c644686072\update\branches.inf -> c:\windows\$hf_mig$\KB978601\update\branches.inf.
24.203: DoInstallation: Installing assemblies with source root path: c:\74466966d3a45081c644686072\
24.203: Num Ticks for Copying files : 6047
24.203: Num Ticks for Reg update and deleting 0 size files : 0 
24.218: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section is empty; nothing to do.
28.625: RebootNecessary = 0,WizardInput = 0 , DontReboot = 1, ForceRestart = 0
1.453: ================================================================================
1.453: 2011/03/29 16:30:46.781 (local)
1.453: c:\4b5d4b3a4f3f7f787ada0ad4\update\update.exe (version 6.3.13.0)
1.468: Hotfix started with following command line: 
1.468: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
2.343: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
2.359: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
2.359: DoInstallation: CleanPFR failed: 0x2 
2.359: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
2.359: SetProductTypes: InfProductBuildType=BuildType.IP
2.359: SetAltOsLoaderPath: No section uses DirId 65701; done.
2.390: DoInstallation: FetchSourceURL for c:\4b5d4b3a4f3f7f787ada0ad4\update\update_SP3GDR.inf failed
2.422: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
2.453: BuildCabinetManifest: update.url absent
2.453: Starting AnalyzeComponents
2.453: AnalyzePhaseZero used 0 ticks
2.453: No c:\windows\INF\updtblk.inf file.
2.453: OEM file scan used 0 ticks
2.515: AnalyzePhaseOne: used 62 ticks
2.515: AnalyzeComponents: Hotpatch analysis disabled; skipping.
2.515: AnalyzeComponents: Hotpatching is disabled.
2.515: FindFirstFile c:\windows\$hf_mig$\*.*
4.468: AnalyzeForBranching used 0 ticks.
4.484: AnalyzePhaseTwo used 16 ticks
4.484: AnalyzePhaseThree used 0 ticks
4.484: AnalyzePhaseFive used 0 ticks
4.484: AnalyzePhaseSix used 0 ticks
5.922: AnalyzeComponents used 3469 ticks
5.922: Downloading 0 files
5.922: bPatchMode = FALSE
5.922: Inventory complete: ReturnStatus=0, 3516 ticks
7.953: CreateUninstall = 0,Directory = C:\WINDOWS\$NtUninstallKB978601$ 
7.953: Num Ticks for invent : 5563
7.984: VerifyTargetFileSize: Unable to verify size as Source = NULL for file c:\windows\inf\HFXC0.tmp
8.031: Copied file: c:\windows\inf\branches.inf
68.156: Allocation size of drive C: is 4096 bytes, free space = 144963010560 bytes
68.172: Drive C: free 138247MB req: 5MB w/uninstall 0MB
68.172: CabinetBuild complete
68.172: Num Ticks for Cabinet build : 60219
68.172: DynamicStrings section not defined or empty.
68.187: FileInUse:: Detection disabled.
69.187: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
73.625: System Restore Point set.
73.750: PFE2: Not avoiding Per File Exceptions.
74.109: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\4b5d4b3a4f3f7f787ada0ad4\update\update_SP3QFE.inf -> c:\windows\$hf_mig$\KB978601\update\update_SP3QFE.inf.
74.343: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\4b5d4b3a4f3f7f787ada0ad4\spuninst.exe -> c:\windows\$hf_mig$\KB978601\spuninst.exe.
74.562: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\4b5d4b3a4f3f7f787ada0ad4\spmsg.dll -> c:\windows\$hf_mig$\KB978601\spmsg.dll.
74.687: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\4b5d4b3a4f3f7f787ada0ad4\update\spcustom.dll -> c:\windows\$hf_mig$\KB978601\update\spcustom.dll.
74.906: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\4b5d4b3a4f3f7f787ada0ad4\update\KB978601.CAT -> c:\windows\$hf_mig$\KB978601\update\KB978601.CAT.
75.359: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\4b5d4b3a4f3f7f787ada0ad4\update\update.exe -> c:\windows\$hf_mig$\KB978601\update\update.exe.
75.578: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\4b5d4b3a4f3f7f787ada0ad4\update\updspapi.dll -> c:\windows\$hf_mig$\KB978601\update\updspapi.dll.
75.843: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\4b5d4b3a4f3f7f787ada0ad4\update\update.ver -> c:\windows\$hf_mig$\KB978601\update\update.ver.
76.109: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\4b5d4b3a4f3f7f787ada0ad4\update\updatebr.inf -> c:\windows\$hf_mig$\KB978601\update\updatebr.inf.
76.109: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\4b5d4b3a4f3f7f787ada0ad4\update\eula.txt -> c:\windows\$hf_mig$\KB978601\update\eula.txt.
76.328: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\4b5d4b3a4f3f7f787ada0ad4\update\branches.inf -> c:\windows\$hf_mig$\KB978601\update\branches.inf.
76.375: DoInstallation: Installing assemblies with source root path: c:\4b5d4b3a4f3f7f787ada0ad4\
76.375: Num Ticks for Copying files : 8203
76.390: Num Ticks for Reg update and deleting 0 size files : 15 
76.422: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section is empty; nothing to do.
82.172: RebootNecessary = 0,WizardInput = 0 , DontReboot = 1, ForceRestart = 0
0.938: ================================================================================
0.938: 2011/03/29 16:35:30.734 (local)
0.938: c:\614bb0cdfb817fe95a81\update\update.exe (version 6.3.13.0)
1.000: Hotfix started with following command line: 
1.000: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.188: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
1.188: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
1.188: DoInstallation: CleanPFR failed: 0x2 
1.188: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
1.188: SetProductTypes: InfProductBuildType=BuildType.IP
1.188: SetAltOsLoaderPath: No section uses DirId 65701; done.
1.204: DoInstallation: FetchSourceURL for c:\614bb0cdfb817fe95a81\update\update_SP3GDR.inf failed
1.204: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
1.204: BuildCabinetManifest: update.url absent
1.204: Starting AnalyzeComponents
1.204: AnalyzePhaseZero used 0 ticks
1.204: No c:\windows\INF\updtblk.inf file.
1.204: OEM file scan used 0 ticks
1.219: AnalyzePhaseOne: used 15 ticks
1.219: AnalyzeComponents: Hotpatch analysis disabled; skipping.
1.219: AnalyzeComponents: Hotpatching is disabled.
1.219: FindFirstFile c:\windows\$hf_mig$\*.*
1.547: AnalyzeForBranching used 0 ticks.
1.547: AnalyzePhaseTwo used 0 ticks
1.547: AnalyzePhaseThree used 0 ticks
1.547: AnalyzePhaseFive used 0 ticks
1.547: AnalyzePhaseSix used 0 ticks
5.016: AnalyzeComponents used 3812 ticks
5.016: Downloading 0 files
5.016: bPatchMode = FALSE
5.016: Inventory complete: ReturnStatus=0, 3812 ticks
5.782: CreateUninstall = 0,Directory = C:\WINDOWS\$NtUninstallKB978601$ 
5.782: Num Ticks for invent : 4578
5.782: VerifyTargetFileSize: Unable to verify size as Source = NULL for file c:\windows\inf\HFXEC.tmp
5.797: Copied file: c:\windows\inf\branches.inf
17.360: Allocation size of drive C: is 4096 bytes, free space = 144933801984 bytes
17.375: Drive C: free 138219MB req: 5MB w/uninstall 0MB
17.375: CabinetBuild complete
17.375: Num Ticks for Cabinet build : 11593
17.375: DynamicStrings section not defined or empty.
17.391: FileInUse:: Detection disabled.
18.391: LoadFileQueues: UpdSpGetSourceFileLocation for halaacpi.dll failed: 0xe0000102
22.188: System Restore Point set.
22.219: PFE2: Not avoiding Per File Exceptions.
22.313: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\614bb0cdfb817fe95a81\update\update_SP3QFE.inf -> c:\windows\$hf_mig$\KB978601\update\update_SP3QFE.inf.
22.329: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\614bb0cdfb817fe95a81\spuninst.exe -> c:\windows\$hf_mig$\KB978601\spuninst.exe.
22.485: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\614bb0cdfb817fe95a81\spmsg.dll -> c:\windows\$hf_mig$\KB978601\spmsg.dll.
22.500: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\614bb0cdfb817fe95a81\update\spcustom.dll -> c:\windows\$hf_mig$\KB978601\update\spcustom.dll.
22.516: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\614bb0cdfb817fe95a81\update\KB978601.CAT -> c:\windows\$hf_mig$\KB978601\update\KB978601.CAT.
22.969: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\614bb0cdfb817fe95a81\update\update.exe -> c:\windows\$hf_mig$\KB978601\update\update.exe.
23.079: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\614bb0cdfb817fe95a81\update\updspapi.dll -> c:\windows\$hf_mig$\KB978601\update\updspapi.dll.
23.094: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\614bb0cdfb817fe95a81\update\update.ver -> c:\windows\$hf_mig$\KB978601\update\update.ver.
23.094: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\614bb0cdfb817fe95a81\update\updatebr.inf -> c:\windows\$hf_mig$\KB978601\update\updatebr.inf.
23.094: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\614bb0cdfb817fe95a81\update\eula.txt -> c:\windows\$hf_mig$\KB978601\update\eula.txt.
23.266: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL: Copied c:\614bb0cdfb817fe95a81\update\branches.inf -> c:\windows\$hf_mig$\KB978601\update\branches.inf.
23.282: DoInstallation: Installing assemblies with source root path: c:\614bb0cdfb817fe95a81\
23.282: Num Ticks for Copying files : 5907
23.282: Num Ticks for Reg update and deleting 0 size files : 0 
23.297: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section is empty; nothing to do.
30.954: RebootNecessary = 0,WizardInput = 0 , DontReboot = 1, ForceRestart = 0


----------



## Cookiegal (Aug 27, 2003)

Please go to the following link and run Secunia and then post the log here.

http://secunia.com/vulnerability_scanning/online/


----------



## sfrisch8 (Feb 6, 2011)

*I'm sorry this took so long (and I can't get this out of bold type, even though I've tried to click the bold option off). Anyway, at first I couldn't scan because I didn't have Java installed - so I installed it. *

*The major problem was that it didn't provide the usual scan log. I've been working on this forever. At first I couldn't copy & paste it. Then I got it to work by doing it in sections, as you'll see below. I couldn't paste all the KB articles for some reason. I wrote them down in case you want them.*

*There were 2 scan options, and I ran the 1st scan option - Display only insecure programs. Then I decided to run both options - Enable thorough system inspection. This is what is shown below.*

*Detection Statistics:*

8 Applications Detected in Total
2 Insecure Versions Detected
6 Patched Versions Detected
---------------------------------------------------------------------------
*This installation of Adobe Flash Player 10.x is insecure and potentially exposes your system to security threats!

*The detected version installed on your system is *10.0.45.2 (ActiveX)*, however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is *10.2.153.1 (ActiveX)*.

*Update Instructions:*
*Installed on Your System in:
*C:\WINDOWS\SYSTEM32\Macromed\Flash\Flash10e.ocx
I uninstalled this today, after the 1st scan - don't know why it's still there.
----------------------------------------------------------------------------
Microsoft Internet Explorer 7.x7.0.6000.17095















*This installation of Microsoft Internet Explorer 7.x is insecure and potentially exposes your system to security threats!*

Your system does not have all security related patches from Microsoft installed. Please see list below for details about the missing patches.

*Update Instructions:*
Download via Microsoft Windows Update

Microsoft Internet Explorer 7.x7.0.6000.17095















*This installation of Microsoft Internet Explorer 7.x is insecure and potentially exposes your system to security threats!*

Your system does not have all security related patches from Microsoft installed. Please see list below for details about the missing patches.

*Update Instructions:*
Download via Microsoft Windows Update

*This installation of Microsoft Internet Explorer 7.x is insecure and potentially exposes your system to security threats!

*Your system does not have all security related patches from Microsoft installed. Please see list below for details about the missing patches.

*Update Instructions:*
Download via Microsoft Windows Update.
I already installed *IE8* on 3/21/11
----------------------------------------------------------------------------
Missing KB Articles: There were 16, plus 1 that was repeated. Each KB article was listed 17 and up to 32 times each. I tried to copy this list (before I realized that they were repeating) and it wouldn't let me paste them. I guess these are all IE updates, and not the one we've been looking for.
*Installed on Your System in:
*C:\WINDOWS\ERDNT\cache\iexplore.exe

So, that's it. Let me know if I did something wrong about not getting a scan log.


----------



## sfrisch8 (Feb 6, 2011)

I just looked at my previous response and I guess I got carried away about the IE7 information & posted it around 3 times. Sorry, I know it was confusing enough, anyway.

Do you know why it didn't recognize my install of IE8 - or show a program that I had uninstalled?

Should I follow any of the instructions, such as the KB article downloads?

Thanks again


----------



## Cookiegal (Aug 27, 2003)

I would like to see the full report including the list of updates that are missing.


----------



## sfrisch8 (Feb 6, 2011)

I started over and ran a new scan this morning.

I finally found out the way to copy just the text from a webpage. Now I've learned something new!

Scan results
Detection Statistics:
8 Applications Detected in Total
2 Insecure Versions Detected
6 Patched Versions Detected

Running For:
29 Minutes, 45 Seconds

Errors with the scan:
0 Errors Detected, scan result should be correct 
Scan Options:
Enable thorough system inspection
Display only insecure programs 
Status / Currently Processing:
Detection completed successfully

Programs / Result Version Detected Status 
Adobe Flash Player 10.x 10.0.45.2 (ActiveX) 
This installation of Adobe Flash Player 10.x is insecure and potentially exposes your system to security threats!
The detected version installed on your system is 10.0.45.2 (ActiveX), however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is 10.2.153.1 (ActiveX).
Update Instructions:
Download

Installed on Your System in:
C:\WINDOWS\SYSTEM32\Macromed\Flash\Flash10e.ocx 
Microsoft Internet Explorer 7.x 7.0.6000.17095 
This installation of Microsoft Internet Explorer 7.x is insecure and potentially exposes your system to security threats!
Your system does not have all security related patches from Microsoft installed. Please see list below for details about the missing patches.
Update Instructions:
Download via Microsoft Windows Update.
Missing KB Articles:
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB960714
KB960714
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB938127
KB938127
KB938127
KB938127
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB982381
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB980182
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB978207
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB976325
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB974455
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB972260
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB969897
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB963027
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB961260
KB960714
KB960714
KB960714
KB960714
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB958215
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB956390
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB953838
KB951066
KB951066
KB951066
KB951066
KB951066
KB951066
KB938127
KB938127
KB938127
KB938127
KB938127
KB938127
KB938127
KB938127
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2482017
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2416400
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2360131
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461
KB2183461

Installed on Your System in:
C:\WINDOWS\ERDNT\cache\iexplore.exe

I don't understand why the scan showed the following as being issues:

I uninstalled Adobe Flash Player 10.x 10.0.45.2 (ActiveX) yesterday. I also ran a advanced search (showing hidden files and folders) on this with no results.

IE7 problems
I upgraded to IE8 several days ago.

I hope this is what you need. And if so, should I uninstall Java now?


----------



## Cookiegal (Aug 27, 2003)

That is very strange that it repeats the names of the updates several times.

Do you have your installation CD?


----------



## sfrisch8 (Feb 6, 2011)

Oh no, you're scaring me!

Yes, I have the Windows XP, 2002 version CD. At some point it got upgraded to the Media Center edition.


----------



## Cookiegal (Aug 27, 2003)

Try running chkdsk.

Click Start and My Computer. Right-click the hard drive you want to check, and click Properties. Select the Tools tab and click Check Now. Check both boxes. Click Start. You'll get a message that the computer must be rebooted to run a complete check. Click Yes and reboot. Chkdsk will take a while, so run it when you don't need to use the computer for something else.

To view results log:

Go to *Start *- *Run *and type in *eventvwr.msc*, and hit enter.
When Event Viewer opens, click on "Application", then scroll
down to "Winlogon" and double-click on it to open it up. This is the log
created after running chkdsk. Click on the icon that looks like two pieces of paper to copy it and then paste it here please.


----------



## sfrisch8 (Feb 6, 2011)

Event Type: Information
Event Source: Winlogon
Event Category: None
Event ID: 1001
Date: 4/3/2011
Time: 9:27:03 AM
User: N/A
Computer: DELL-OWNER
Description:
Checking file system on C:
The type of the file system is NTFS.
A disk check has been scheduled.
Windows will now check the disk. 
Cleaning up minor inconsistencies on the drive.
Cleaning up 20 unused index entries from index $SII of file 0x9.
Cleaning up 20 unused index entries from index $SDH of file 0x9.
Cleaning up 20 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.
156280288 KB total disk space.
15011108 KB in 53886 files.
21416 KB in 6253 indexes.
0 KB in bad sectors.
171708 KB in use by the system.
65536 KB occupied by the log file.
141076056 KB available on disk.
4096 bytes in each allocation unit.
39070072 total allocation units on disk.
35269014 allocation units available on disk.
Internal Info:
60 3a 01 00 f6 ea 00 00 a6 43 01 00 00 00 00 00 `:.......C......
9a 12 00 00 02 00 00 00 bd 04 00 00 00 00 00 00 ................
aa 38 df 01 00 00 00 00 e4 b9 a0 2f 00 00 00 00 .8........./....
6a 82 4d 0c 00 00 00 00 66 67 2f d4 01 00 00 00 j.M.....fg/.....
6c 9c b3 60 06 00 00 00 be 96 28 7a 08 00 00 00 l..`......(z....
99 9e 36 00 00 00 00 00 88 38 07 00 7e d2 00 00 ..6......8..~...
00 00 00 00 00 90 34 94 03 00 00 00 6d 18 00 00 ......4.....m...
Windows has finished checking your disk.
Please wait while your computer restarts.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## sfrisch8 (Feb 6, 2011)

Aslo, when checking the event viewer I noticed that there was only 1 application error since the hotfix (from Trend) was installed on 3/29/11 - none under system. I guess it must have worked.
Here it is, in case you're interested:

Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 4/2/2011
Time: 4:38:02 PM
User: N/A
Computer: DELL-OWNER
Description:
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19019, fault address 0x000ec525.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 69 65 78 ure iex
0018: 70 6c 6f 72 65 2e 65 78 plore.ex
0020: 65 20 38 2e 30 2e 36 30 e 8.0.60
0028: 30 31 2e 31 38 37 30 32 01.18702
0030: 20 69 6e 20 6d 73 68 74 in msht
0038: 6d 6c 2e 64 6c 6c 20 38 ml.dll 8
0040: 2e 30 2e 36 30 30 31 2e .0.6001.
0048: 31 39 30 31 39 20 61 74 19019 at
0050: 20 6f 66 66 73 65 74 20 offset 
0058: 30 30 30 65 63 35 32 35 000ec525
0060: 0d 0a ..


----------



## Cookiegal (Aug 27, 2003)

That's a common error and is insignificant if it only occurs once in a while.

Please remove the current version of ComboFix that you have by dragging it to the recycle bin and grab the latest version, run a new scan and post the new log.

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.


----------



## sfrisch8 (Feb 6, 2011)

ComboFix 11-04-03.01 - Owner 04/03/2011 17:46:18.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.662 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Puppyfix.exe
AV: Trend Micro Titanium Maximum Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-03 to 2011-04-03 )))))))))))))))))))))))))))))))
.
.
2011-03-31 19:54 . 2011-03-31 19:54 -------- d-----w- c:\windows\Sun
2011-03-31 19:51 . 2011-03-31 19:51 -------- d-----w- c:\program files\Common Files\Java
2011-03-31 19:51 . 2011-03-31 19:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-31 19:51 . 2011-03-31 19:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-31 19:50 . 2011-03-31 19:50 -------- d-----w- c:\program files\Java
2011-03-22 08:00 . 2011-03-22 08:00 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-03-21 04:37 . 2011-03-21 04:37 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2011-03-21 04:23 . 2011-03-21 04:23 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2011-03-21 04:20 . 2011-03-21 04:20 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2011-03-21 04:18 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-03-21 04:17 . 2010-12-20 23:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-03-21 04:17 . 2010-12-20 23:59 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-03-21 04:17 . 2010-12-20 23:59 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-03-21 04:16 . 2011-03-21 04:17 -------- dc-h--w- c:\windows\ie8
2011-03-20 20:29 . 2011-03-20 20:32 -------- d-----w- c:\program files\Windows Live Safety Center
2011-03-12 16:28 . 2011-03-12 16:28 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-03-09 00:31 . 2011-03-09 00:31 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-06 18:55 . 2011-03-19 19:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-03 12:20 . 2009-08-18 15:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2011-04-03 12:20 . 2009-08-18 15:24 18328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-16 21:58 . 2011-02-16 22:12 92112 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2011-02-16 21:58 . 2011-02-16 22:12 80464 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2011-02-16 21:58 . 2011-02-16 22:12 64080 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2011-02-16 21:58 . 2011-02-16 22:12 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-02-02 07:58 . 2008-11-06 19:44 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2008-11-06 19:44 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2006-03-15 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2006-03-15 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-16 112632]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-02-16 1062224]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 04:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X6100 Series]
2003-09-23 06:01 57344 ----a-w- c:\program files\Lexmark X6100 Series\lxbfbmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"wwEngineSvc"=2 (0x2)
"gusvc"=2 (0x2)
"gupdate"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
.
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [2/16/2011 6:09 PM 196320]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2/16/2011 6:12 PM 64080]
S4 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [9/19/2009 8:04 AM 45312]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: microsoft.com\office
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-03 17:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3196)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Trend Micro\AMSP\coreFrameworkHost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\RETROS~1\RETROS~1.5\retrorun.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2011-04-03 17:54:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-03 21:54
.
Pre-Run: 144,402,788,352 bytes free
Post-Run: 144,492,457,984 bytes free
.
- - End Of File - - 3AE058CD07FAC6001A2764BCEB85759E


----------



## Cookiegal (Aug 27, 2003)

Did you just download something from PlaySushi.com? Because that site has a very poor reputation.


----------



## sfrisch8 (Feb 6, 2011)

I just sent a text to my husband b/c he was on my computer yesterday. He said no. He thinks it was my 24 yr old son, which is typical. I ran a search just to see if would show anything & it didn't - but I guess everything leaves a trail. Is it a porn site or something?


----------



## Cookiegal (Aug 27, 2003)

It looks like something to do with games that has bit of everything dubious but mainly it seems to be serving malware.

http://www.mywot.com/en/scorecard/playsushi.com

How many user accounts are there on this computer?


----------



## sfrisch8 (Feb 6, 2011)

Just Owner. I used to also have a guest account, but I deleted it.

As far as that PlaySushi, I googled it & there were replys saying that it could contain a virus or malware.

As far as the ComboFix, were there many issues or viruses that it fixed?


----------



## Cookiegal (Aug 27, 2003)

ComboFix never deleted anything.

I don't really know what to suggest at this point. Something is amiss. The updates Secunia said you needed are mostly for IE6 yet you have IE8 installed and it doesn't indicate any are missing for Windows yet many are missing from the list in Add or Remove programs. I really think that if it's an option for you, the best solution would be to back up anything important and then reformat the computer and start fresh.


----------



## sfrisch8 (Feb 6, 2011)

I wouldn't mind reformatting, and I backup my entire computer on a separate hard drive weekly.

But it would mess up all my financial data. I back that up on 2 different removable flash drives everytime I make any changes to the Quicken files. My bank downloads my transactions into Quicken, etc. But, in the past even when I restore the data from the flash drive it's a huge mess. I don't know which bills have been paid and which have not. We really live paycheck to paycheck, so I have to keep a close eye on it.

I know you gave me your best opinion, and not without merit, considering how hard and how long you've tried to fix this for me. My husband still can't believe how much support you've provided on your own time - you've never given up. I can't express enough gratitude.

I'm trying to avoid reformatting at all costs. But to sum it all up, Could you answer a couple questions?

As far as I understand, we started out with rootkit problems and now it's boiled down to the missing older Windows updates. As long as I'm getting the current ones, how much does it matter? Does it increase the risk of getting a virus, and if so, wouldn't my new Trend anti-vius protection catch it? It tries to block every webpage I go to. 

I know you think I should reformat & I know you're right - but, what would be the risk, if I don't? Could my computer crash?

Thanks


----------



## Cookiegal (Aug 27, 2003)

We never did detect any rootkits and we couldn't verify any were ever found since you couldn't produce the logs. I wonder if you might still have the Sophos one. Is there anything that looks like a log in the C:\Programs File\Sophos folder if it still exists?

When did you change to XP Media Center and how did you do that? There may be some rollups regarding Windows Updates that should have been applied.

Yes, you need the Windows Updates as they plug vulnerabilities in Windows that could get by Trend or any other anti-virus/firewall.

Let's try running this tool:

Please go to the following link and run TDSSKiller:

http://support.kaspersky.com/viruses/solutions?qid=208280684

Allow it cure anything if prompted.

Please post the log back here.


----------



## sfrisch8 (Feb 6, 2011)

I checked everywhere for Sophos and found nothing. I think I remember deleting it. But, when I was looking for it in the Windows folder, I noticed it still showed the IE7 folder, with many files in it. I can let you know what they are, if you want). There was also an IE7 update folder, which also had many files in it too. Maybe that is why this showed up in the last scan. It also add the IE8 folders.
---------------------------------------------------------------------------------------------------
XP Media Center Edition - I remember just noticing it in the last few months & thought it was an auto update w/SP3. Today, I did notice a lot of media-wave sound files fm 11/2008. 

As I was checking on this, I remembered that in 11/2008 my computer crashed & I bought this used one. The computer clinic said they had wiped it clean. (I wonder if they accidently left some stuff on here?).

They loaded all new programs & the operating system. Initially I had XP Home - and btw, that is the only disc I have. They must have installed XP Pro - with media center, the dates all coincide. They also installed the AVG anti-virus at the same time, which they told me about. I had also given them my flash drive with all my financial info fm Quicken. When they loaded it, it was a total mess & took me forever to get fixed. That was all I was concerned with at the time & didn't even pay attn to what they said they did. This is why I'm scared to reformat.

What a big dummy I am, I should have told you this in the beginning.
-----------------------------------------------------------------------------------------------
Below is the scan: (when it finished it said no infections)

2011/04/07 15:25:27.0803 2212 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/07 15:25:28.0037 2212 ================================================================================
2011/04/07 15:25:28.0037 2212 SystemInfo:
2011/04/07 15:25:28.0037 2212 
2011/04/07 15:25:28.0037 2212 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/07 15:25:28.0037 2212 Product type: Workstation
2011/04/07 15:25:28.0037 2212 ComputerName: DELL-OWNER
2011/04/07 15:25:28.0037 2212 UserName: Owner
2011/04/07 15:25:28.0037 2212 Windows directory: C:\WINDOWS
2011/04/07 15:25:28.0037 2212 System windows directory: C:\WINDOWS
2011/04/07 15:25:28.0037 2212 Processor architecture: Intel x86
2011/04/07 15:25:28.0037 2212 Number of processors: 1
2011/04/07 15:25:28.0037 2212 Page size: 0x1000
2011/04/07 15:25:28.0037 2212 Boot type: Normal boot
2011/04/07 15:25:28.0037 2212 ================================================================================
2011/04/07 15:25:28.0678 2212 Initialize success
2011/04/07 15:25:46.0725 3452 ================================================================================
2011/04/07 15:25:46.0725 3452 Scan started
2011/04/07 15:25:46.0725 3452 Mode: Manual; 
2011/04/07 15:25:46.0725 3452 ================================================================================
2011/04/07 15:25:48.0006 3452 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/07 15:25:48.0084 3452 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/07 15:25:48.0131 3452 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/07 15:25:48.0194 3452 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/04/07 15:25:48.0537 3452 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/07 15:25:48.0600 3452 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/07 15:25:48.0694 3452 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/07 15:25:48.0787 3452 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/07 15:25:48.0881 3452 b57w2k (2acf06176b9d011567d7f25b83ddd066) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/04/07 15:25:48.0959 3452 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/07 15:25:49.0053 3452 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/07 15:25:49.0131 3452 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/07 15:25:49.0194 3452 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/07 15:25:49.0225 3452 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/07 15:25:49.0490 3452 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/07 15:25:49.0553 3452 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/07 15:25:49.0600 3452 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/07 15:25:49.0631 3452 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/07 15:25:49.0678 3452 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/07 15:25:49.0834 3452 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/07 15:25:49.0959 3452 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/07 15:25:50.0037 3452 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/07 15:25:50.0053 3452 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/07 15:25:50.0115 3452 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/07 15:25:50.0162 3452 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/07 15:25:50.0209 3452 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/07 15:25:50.0225 3452 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/07 15:25:50.0287 3452 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/07 15:25:50.0365 3452 HCF_MSFT (4236e014632f4163f53ebb717f41594c) C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys
2011/04/07 15:25:50.0490 3452 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/07 15:25:50.0615 3452 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/07 15:25:50.0787 3452 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/07 15:25:50.0803 3452 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/07 15:25:50.0944 3452 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/04/07 15:25:50.0975 3452 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/07 15:25:51.0022 3452 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/07 15:25:51.0069 3452 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/07 15:25:51.0147 3452 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/07 15:25:51.0194 3452 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/07 15:25:51.0225 3452 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/07 15:25:51.0287 3452 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/07 15:25:51.0334 3452 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/07 15:25:51.0397 3452 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/07 15:25:51.0459 3452 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/07 15:25:51.0569 3452 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/07 15:25:51.0756 3452 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/04/07 15:25:51.0881 3452 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/07 15:25:51.0990 3452 Modem  (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/07 15:25:52.0069 3452 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/07 15:25:52.0147 3452 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/07 15:25:52.0194 3452 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/07 15:25:52.0272 3452 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/07 15:25:52.0350 3452 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/07 15:25:52.0397 3452 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/07 15:25:52.0459 3452 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/07 15:25:52.0506 3452 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/07 15:25:52.0553 3452 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/07 15:25:52.0600 3452 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/07 15:25:52.0647 3452 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/07 15:25:52.0678 3452 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/07 15:25:52.0725 3452 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/07 15:25:52.0772 3452 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/07 15:25:52.0819 3452 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/07 15:25:52.0881 3452 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/07 15:25:52.0912 3452 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/07 15:25:53.0053 3452 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/07 15:25:53.0100 3452 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/07 15:25:53.0209 3452 NTIDrvr (8055859b87ac3e504ece0c1e9353cc4e) C:\WINDOWS\system32\drivers\NTIDrvr.sys
2011/04/07 15:25:53.0319 3452 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/07 15:25:53.0444 3452 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/07 15:25:53.0553 3452 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/07 15:25:53.0584 3452 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/07 15:25:53.0647 3452 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/07 15:25:53.0678 3452 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/07 15:25:53.0740 3452 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/07 15:25:53.0772 3452 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/07 15:25:53.0819 3452 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/07 15:25:53.0850 3452 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/07 15:25:54.0303 3452 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/07 15:25:54.0319 3452 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/07 15:25:54.0350 3452 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/07 15:25:54.0412 3452 PxHelp20 (40f2031bd9148d3194353ea7dec97a07) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/07 15:25:54.0631 3452 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/07 15:25:54.0756 3452 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/07 15:25:54.0772 3452 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/07 15:25:54.0819 3452 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/07 15:25:54.0850 3452 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/07 15:25:54.0865 3452 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/07 15:25:54.0944 3452 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/07 15:25:54.0990 3452 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/07 15:25:55.0037 3452 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/07 15:25:55.0194 3452 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/07 15:25:55.0287 3452 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2011/04/07 15:25:55.0334 3452 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/07 15:25:55.0350 3452 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/07 15:25:55.0397 3452 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/07 15:25:55.0553 3452 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
2011/04/07 15:25:55.0647 3452 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/07 15:25:55.0678 3452 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/07 15:25:55.0772 3452 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/07 15:25:55.0819 3452 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/07 15:25:55.0850 3452 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/07 15:25:56.0069 3452 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/07 15:25:56.0147 3452 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/07 15:25:56.0209 3452 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/07 15:25:56.0240 3452 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/07 15:25:56.0272 3452 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/07 15:25:56.0350 3452 tmactmon (de87a23d2ddc7378d1c7ab681e20de47) C:\WINDOWS\system32\DRIVERS\tmactmon.sys
2011/04/07 15:25:56.0412 3452 tmcomm (540c2b5dc47651c572c2804dc72fdda8) C:\WINDOWS\system32\DRIVERS\tmcomm.sys
2011/04/07 15:25:56.0459 3452 tmevtmgr (2de1fa64ebaff376f2c038f64492f62c) C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys
2011/04/07 15:25:56.0522 3452 tmtdi (5a61679b2277b9ad550e30479a69503b) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
2011/04/07 15:25:56.0615 3452 UBHelper (9e39dc3022e6d84bf974678011a1ea4c) C:\WINDOWS\system32\drivers\UBHelper.sys
2011/04/07 15:25:56.0740 3452 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/07 15:25:56.0865 3452 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/07 15:25:57.0006 3452 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/07 15:25:57.0053 3452 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/07 15:25:57.0084 3452 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/07 15:25:57.0147 3452 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/07 15:25:57.0178 3452 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/07 15:25:57.0209 3452 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/07 15:25:57.0256 3452 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/07 15:25:57.0287 3452 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/07 15:25:57.0365 3452 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/07 15:25:57.0475 3452 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/07 15:25:57.0522 3452 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/07 15:25:57.0819 3452 ================================================================================
2011/04/07 15:25:57.0819 3452 Scan finished
2011/04/07 15:25:57.0819 3452 ================================================================================


----------



## Cookiegal (Aug 27, 2003)

As I'm out of ideas, all I can suggest at this point is to post for assistance on the Microsoft Answers forums regarding the missing updates. They may be able to help you with that.

http://answers.microsoft.com/en-us/windows/forum/windows_update


----------



## sfrisch8 (Feb 6, 2011)

I just have a couple of other questions. Since I don't have the disc that installed XP Pro -Media center, only my original XP Home disc, how could I refomat, if I have to?

I know the way I explain the rest is confusing, and I apologize.
Rather than go thru a big hassle with all that, would it be easier to get Windows 7? Would it automaticly install the updates - the older ones & the ones currently installed?

I also could do a final backup on my external drive of my entire computer, and wouldn't it upload my current operating system and all of my programs? Then, when I install Windows 7, would it overwrite my XP and then install all of the Windows 7 components? I would also have all of my other programs without having to reinstall?


----------



## Cookiegal (Aug 27, 2003)

sfrisch8 said:


> I just have a couple of other questions. Since I don't have the disc that installed XP Pro -Media center, only my original XP Home disc, how could I refomat, if I have to?


You would have to either reinstall XP Home (but you would have to have the original key to activate) or borrow an XP Media Center installation CD from someone but if you do that you would have to also find your Media Center key to activate it. I'm not sure if when the system was changed from XP Home to XP Media Center there was a new key needed. As I said, this is not really my area and others can advise you better on this type of thing. 


> I know the way I explain the rest is confusing, and I apologize.
> Rather than go thru a big hassle with all that, would it be easier to get Windows 7? Would it automaticly install the updates - the older ones & the ones currently installed?


You would have to purchase Windows 7 and install it and then go to MS Udates and install SP1 and the rest of the updates for Windows 7, this is not done automatically when you install the operating system because they are not on the CD. 


> I also could do a final backup on my external drive of my entire computer, and wouldn't it upload my current operating system and all of my programs? Then, when I install Windows 7, would it overwrite my XP and then install all of the Windows 7 components? I would also have all of my other programs without having to reinstall?


The only way you can back up the entire operating system for reloading that I'm aware of is to use imaging software such as Acronis True Image. But doing that would restore your system to the exact way it was when the image was taken with the exact same problems.

Reformatting with Windows 7 will overwrite your XP installation and you will have to reinstall all programs using their installation media. But you could install Windows 7 on a separate partition (so you'd have a dual boot system with both XP Media Center and Windows 7 but you have to be sure you have enough resources to support that) and then transfer some things over but again, this is out of my element and others could advise you better. If you wish, you can start a new thread with those questions to be sure you're getting the best advice on what your options are.


----------



## sfrisch8 (Feb 6, 2011)

Thanks so much! 

I think I will use the link you sent for the MS answers forum first. Although, I'm sure you've already tried that, maybe there's something new!

By, Cookiegal - I sure will miss our "trials & errors"!


----------



## Cookiegal (Aug 27, 2003)

You're welcome and good luck to you.


----------



## sfrisch8 (Feb 6, 2011)

FM: Me to PA Bear (I think I sent you this info too)

Guess what? *I found all of the updates you listed*, plus the one KB978601 that Cookiegal had been looking for. Only a few showed up in add/remove programs. The list only includes Windows updates from 2/11 and on. That's an issue I know.
Anyway, I found them all in the MS Update history for my computer, with the installation dates.
So, do you think the computer's okay?
-------------------------------------------------------------------------------------------------
PA Bear's reply:

Please confirm that ALL of the following updates are listed in Add/Remove Programs _and that_ a CUSTOM scan at Windows Update does NOT offer ANY updates: *KB2497640, KB2508272, KB2412687, KB2509553, KB2507618, KB2506223 & KB2393802*.
-------------------------------------------------------------------------------------------------
MY reply: (long as usual)

All of the above updates are listed in Add/Remove Programs.
The Custom Scan did list optional updates (see below), but no high priority updates.

Windows XP optional software updates:
Microsoft .NET Framework 4 Client Profile for Windows XP x86 (KB982670)
Update for Root Certificates [October 2010] (KB931125)

Windows PowerShell 2.0 and WinRM 2.0 for Windows XP and Windows Embedded (KB968930)
Update for Windows XP (KB971513)
Microsoft Base Smart Card Cryptographic Service Provider Package: x86 (KB909520)
Update Rollup 2 for Windows XP Media Center Edition 2005 (KB900325)
Windows Search 4.0 for Windows XP (KB940157)
Microsoft .NET Framework version 1.1
---------------------------------------------------------------------
Other optional software updates:
Microsoft Silverlight (KB2495644)
Windows Live Essentials
---------------------------------------------------------------------
I checked all of the original list of updates (the missing ones I said I'd found in my update history), to make sure they were not just downloaded, but really installed by doing the following:
I did some research and found that the "Belkin Advisor, Computer Program Summary" would list all installed MS Hotfixes, plus everything else about the state of my computer. The reviews said it was a really safe and good thing to run. I realize that I wasn't asked to do this, I hope it was ok.
After checking, *all of the updates were listed as installed*. There were many other updates listed also, to my surprise. If you're interested, here's the link: 
file:///C:/Program%20Files/Belarc/Advisor/System/tmp/(dell-owner).html#missing_hotfixes
BTW - I didn't mention that when I purchased this computer, *I was told* that it was previously owned, but wiped clean. They formatted it and did a clean install.
--------------------------------------------------------------------------------------------------
PA Bear's reply:

1. Install the Root Certificates update (it's actually a March 2011, not October 2010, update) to take full advantage of IE's enhanced security.
2. Post a new reply to your techguy.org thread and tell my colleague Cookiegal about these latest developments. Include a link to your thread here in your post.
Do what Cookiegal recommends, please
---------------------------------------------------------------------------------------------------
So, back to our posts, Cookiegal.

I did the install of the Root Certificates update KB931125. I'ts not showing in add/remove programs though. I didn't restart maybe that's it, I'll let you know.


----------



## sfrisch8 (Feb 6, 2011)

It did install. I had to PA Bear know also, but he gave an explanation, I'm sure you already know.

Root Certificate updates won't be listed in Add/Remove Programs.
Note: Root Certificates updates are usually released every 3-4 months. While Root Certificates updates are automatically installed in Vista & Win7, WinXP users must install them manually via Windows Update website [_what were they thinking?_] so make sure you run a CUSTOM scan every few months so see if a Root Certificates update has become available.

So, as I said, he deferred me back to you. Do you think this thing is solved? If not, do you have time to help me?


----------



## Cookiegal (Aug 27, 2003)

I will review all of this tomorrow when I have more time. It would be helpful though if you would upload your Belarc report as an attachment. You posted a link to the file on your computer but we can't access your computer. To upload an attachment you have to scroll down below the reply and click on "Manage Attachments" and then click on "Browse" to locate the file on your computer, next click on "Open" and then click on "upload" and finally, submit your reply. 

The Belarc report will display your license key so you should block that out with Xs and resave it before uploading.


----------



## sfrisch8 (Feb 6, 2011)

I tried, but the Belarc report won't let me make any changes. It won't let me x-out anything. I tried cutting the info out & it wouldn't let me do that.
If there are attachment options in the private messages, could I send it to you?
Thanks


----------



## Cookiegal (Aug 27, 2003)

You can't add an attachment to a private message. Will it fit in a reply rather than attaching? Then you could X it out before submitting your reply.


----------



## sfrisch8 (Feb 6, 2011)

I was able to edit it through Word, and it attached it.
Hope it works!


----------



## sfrisch8 (Feb 6, 2011)

I don't know if the attachment worked. I saw where it uploaded, but I usually notice when I send the reply. I'll try again, just in case.


----------



## sfrisch8 (Feb 6, 2011)

It won't let me upload it, it say Invalid file. Is it b/c it's an MHTML file?
Can't I just give you the link?
I'll try again, tomorrow, if that's ok.


----------



## sfrisch8 (Feb 6, 2011)

I've been searching for quite awhile on how to send the Belarc file to you.
The only answers I've received are the reasons I shouldn't send it is b/c it's private info that has a real security risk. the other reason is that it won't let you.

But as far as the updates, it truly did list all of the ones that I had found in MS update history as installed.


----------



## Cookiegal (Aug 27, 2003)

It's generally only the product keys which is why I asked you to remove them. Also, only malware removal helpers here can see the attachments in this forum.

In any event, you can open the report in your browser and just copy the section that pertains to the Windows updates. You will see this heading:

Missing Microsoft Security Hotfixes [Back to Top]

Please post all the test that follows that pertaining to the updates, including the list of updates installed.


----------



## sfrisch8 (Feb 6, 2011)

*Find your security vulnerabilities...
click for Belarc's System Management products ​
*​*
​Missing Microsoft Security Hotfixes [Back to Top]​
All required security hotfixes (using the 04/12/2011 Microsoft Security Bulletin Summary) have been installed. 
*​*
*
​ 
​​*Installed Microsoft Hotfixes* [Back to Top] ​*.**NET** Framework 2.0 Service Pack 2*
 KB958481
 on 2/12/2011
 (_details..._)
 KB976576
 on 2/12/2011
 (_details..._)
 KB979909
 on 2/12/2011
 (_details..._)
 KB980773
 on 2/12/2011
 (_details..._)
 KB2418241
 on 2/12/2011
 (_details..._)
 KB2446704
 on 4/13/2011
 (_details..._)
*.**NET** Framework 3.0 Service Pack 2*
 KB958483
 on 2/12/2011
 (_details..._)
 KB976769
 on 2/12/2011
 (_details..._)
 KB977354
 on 2/12/2011
 (_details..._)
*.**NET** Framework 3.5 SP1*
 KB958484
 on 2/12/2011
 (_details..._)
 KB963707
 on 2/12/2011
 (_details..._)
 KB2416473
 on 2/12/2011
 (_details..._)
*.NETFramework*
 _1.0_
 SP3

 (_Microsoft .__NET__ Framework 1.0 Service Pack 3_)
 KB930494

 (_details..._)
 KB953295

 (_details..._)
 KB979904

 (_details..._)
*Compatibility Pack for the 2007 Office system*
 KB954711[SP]
 on 11/26/2009
 (_details..._)
 KB972581
 on 11/26/2009
 (_details..._)
 KB2345043
 on 10/12/2010
 (_details..._)
 KB2464635
 on 4/13/2011
 (_details..._)
 KB2466156
 on 4/13/2011
 (_details..._)
 KB2509488
 on 4/13/2011
 (_details..._)
*MSXML4SP2*
 KB954430
 on 10/9/2009
 (_details..._)
 KB973688
 on 11/25/2009
 (_details..._)
*Office XP Standard*
 KB904018
 on 11/20/2008
 (_details..._)
 KB905758
 on 11/20/2008
 (_details..._)
 KB911701
 on 11/20/2008
 (_details..._)
 KB913471
 on 11/20/2008
 (_details..._)
 KB920816
 on 11/20/2008
 (_details..._)
 KB947320
 on 8/16/2009
 (_details..._)
 KB956464
 on 11/20/2008
 (_details..._)
 KB957646
 on 6/11/2009
 (_details..._)
 KB974556
 on 10/15/2009
 (_details..._)
 KB975008
 on 12/9/2009
 (_details..._)
 KB976380
 on 5/12/2010
 (_details..._)
 KB980371
 on 7/14/2010
 (_details..._)
 KB2284692
 on 12/15/2010
 (_details..._)
 KB2288608
 on 9/15/2010
 (_details..._)
 KB2289162
 on 12/15/2010
 (_details..._)
 KB2293422
 on 9/15/2010
 (_details..._)
 KB2328360
 on 10/12/2010
 (_details..._)
 KB2464617
 on 4/13/2011
 (_details..._)
 KB2466169
 on 4/13/2011
 (_details..._)
 KB2509461
 on 4/13/2011
 (_details..._)
*WGA*
 _SP0_
 KB892130
 on 4/1/2009
 (_details..._)
*Windows Media Player 10*
 _SP2_
 KB936782_WMP10
 on 11/8/2008
 (_details..._)
*Windows Media Player*
 _SP0_
 KB952069_WM9
 on 12/12/2008
 (_details..._)
 KB954155_WM9
 on 10/15/2009
 (_details..._)
 KB968816_WM9
 on 9/8/2009
 (_details..._)
 KB973540_WM9
 on 8/13/2009
 (_details..._)
 KB975558_WM8
 on 9/15/2010
 (_details..._)
 KB978695_WM9
 on 6/11/2010
 (_details..._)
 KB2378111_WM9
 on 10/12/2010
 (_details..._)
*Windows XP*
 _SP0_
 KB923689
 on 11/8/2008
 (_details..._)
 KB938127-IE7
 on 11/12/2008
 (_details..._)
 KB938127-V2-IE7
 on 11/12/2008
 (_details..._)
 KB941569
 on 11/8/2008
 (_details..._)
 KB953838-IE7
 on 11/10/2008
 (_details..._)
 KB956390-IE7
 on 11/10/2008
 (_details..._)
 KB958215-IE7
 on 12/12/2008
 (_details..._)
 KB960714-IE7
 on 12/18/2008
 (_details..._)
 KB961260-IE7
 on 2/11/2009
 (_details..._)
 KB963027-IE7
 on 4/14/2009
 (_details..._)
 KB969897-IE7
 on 6/11/2009
 (_details..._)
 KB971961-IE8
 on 3/21/2011
 (_details..._)
 KB972260-IE7
 on 7/29/2009
 (_details..._)
 KB974455-IE7
 on 10/15/2009
 (_details..._)
 KB976325-IE7
 on 12/9/2009
 (_details..._)
 KB976662-IE8
 on 3/21/2011
 (_details..._)
 KB976749-IE7
 on 11/4/2009
 (_details..._)
 KB978207-IE7
 on 1/22/2010
 (_details..._)
 KB980182-IE7
 on 3/31/2010
 (_details..._)
 KB981332-IE8
 on 3/21/2011
 (_details..._)
 KB982381-IE7
 on 6/11/2010
 (_details..._)
 KB982381-IE8
 on 3/21/2011
 (_details..._)
 KB2183461-IE7
 on 8/11/2010
 (_details..._)
 KB2360131-IE7
 on 10/12/2010
 (_details..._)
 KB2416400-IE7
 on 12/16/2010
 (_details..._)
 KB2447568-IE8
 on 3/21/2011
 (_details..._)
 KB2482017-IE7
 on 2/9/2011
 (_details..._)
 KB2482017-IE8
 on 3/21/2011
 (_details..._)
 KB2497640-IE8
 on 4/13/2011
 (_details..._)
 KB2510531-IE8
 on 4/13/2011
 (_details..._)
 _SP3_
 KB936929[SP]
 on 11/17/2008
 (_details..._)
 KB953295
 on 10/15/2009
 (_details..._)
 KB973768
 on 9/8/2009
 (_details..._)
 KB979904
 on 6/11/2010
 (_details..._)
 _SP4_
 KB923561
 on 4/14/2009
 (_details..._)
 KB938464
 on 11/17/2008
 (_details..._)
 KB938464-V2
 on 3/11/2009
 (_details..._)
 KB946648
 on 11/17/2008
 (_details..._)
 KB950762
 on 11/17/2008
 (_details..._)
 KB950974
 on 11/17/2008
 (_details..._)
 KB951066
 on 11/17/2008
 (_details..._)
 KB951072-V2
 on 11/8/2008
 (_details..._)
 KB951376-V2
 on 11/17/2008
 (_details..._)
 KB951698
 on 11/17/2008
 (_details..._)
 KB951748
 on 1/14/2009
 (_details..._)
 KB951978
 on 11/19/2008
 (_details..._)
 KB952004
 on 4/14/2009
 (_details..._)
 KB952287
 on 11/17/2008
 (_details..._)
 KB952954
 on 11/17/2008
 (_details..._)
 KB954211
 on 11/17/2008
 (_details..._)
 KB954459
 on 11/19/2008
 (_details..._)
 KB954550-V5
 on 2/12/2011
 (_details..._)
 KB954600
 on 12/12/2008
 (_details..._)
 KB955069
 on 11/17/2008
 (_details..._)
 KB955759
 on 1/13/2010
 (_details..._)
 KB955839
 on 12/12/2008
 (_details..._)
 KB956390
 on 11/8/2008
 (_details..._) *Reinstall!*
 KB956391
 on 11/8/2008
 (_details..._)
 KB956572
 on 4/14/2009
 (_details..._)
 KB956744
 on 8/13/2009
 (_details..._)
 KB956802
 on 12/12/2008
 (_details..._)
 KB956803
 on 11/17/2008
 (_details..._)


*Windows XP*
 _SP4_ _(continued)_
 KB956841
 on 11/17/2008
 (_details..._)
 KB956844
 on 9/8/2009
 (_details..._)
 KB957095
 on 11/17/2008
 (_details..._)
 KB957097
 on 11/17/2008
 (_details..._)
 KB958644
 on 11/17/2008
 (_details..._)
 KB958687
 on 1/14/2009
 (_details..._)
 KB958690
 on 3/11/2009
 (_details..._)
 KB958869
 on 10/15/2009
 (_details..._)
 KB959426
 on 4/14/2009
 (_details..._)
 KB960225
 on 3/11/2009
 (_details..._)
 KB960715
 on 2/11/2009
 (_details..._)
 KB960803
 on 4/14/2009
 (_details..._)
 KB960859
 on 8/13/2009
 (_details..._)
 KB961118
 on 2/13/2011
 (_details..._)
 KB961371
 on 7/15/2009
 (_details..._)
 KB961373
 on 4/14/2009
 (_details..._)
 KB961501
 on 6/11/2009
 (_details..._)
 KB967715
 on 2/25/2009
 (_details..._)
 KB968389
 on 8/14/2009
 (_details..._)
 KB968537
 on 6/11/2009
 (_details..._)
 KB969059
 on 10/15/2009
 (_details..._)
 KB969898
 on 6/11/2009
 (_details..._)
 KB969947
 on 11/12/2009
 (_details..._)
 KB970238
 on 6/11/2009
 (_details..._)
 KB970430
 on 12/9/2009
 (_details..._)
 KB970653-V3
 on 8/26/2009
 (_details..._)
 KB971029
 on 2/22/2011
 (_details..._)
 KB971468
 on 2/10/2010
 (_details..._)
 KB971486
 on 10/15/2009
 (_details..._)
 KB971557
 on 8/13/2009
 (_details..._)
 KB971633
 on 7/15/2009
 (_details..._)
 KB971657
 on 8/13/2009
 (_details..._)
 KB971737
 on 12/9/2009
 (_details..._)
 KB971961
 on 9/8/2009
 (_details..._)
 KB972270
 on 1/13/2010
 (_details..._)
 KB973346
 on 7/15/2009
 (_details..._)
 KB973354
 on 8/13/2009
 (_details..._)
 KB973507
 on 8/13/2009
 (_details..._)
 KB973525
 on 10/15/2009
 (_details..._)
 KB973687
 on 11/25/2009
 (_details..._)
 KB973815
 on 8/13/2009
 (_details..._)
 KB973869
 on 8/13/2009
 (_details..._)
 KB973904
 on 12/9/2009
 (_details..._)
 KB974112
 on 10/15/2009
 (_details..._)
 KB974318
 on 12/9/2009
 (_details..._)
 KB974392
 on 12/9/2009
 (_details..._)
 KB974571
 on 10/15/2009
 (_details..._)
 KB975025
 on 10/15/2009
 (_details..._)
 KB975467
 on 10/15/2009
 (_details..._)
 KB975560
 on 2/10/2010
 (_details..._)
 KB975561
 on 3/10/2010
 (_details..._)
 KB975562
 on 6/11/2010
 (_details..._)
 KB975713
 on 2/10/2010
 (_details..._)
 KB976098-V2
 on 11/25/2009
 (_details..._)
 KB977165
 on 2/10/2010
 (_details..._)
 KB977816
 on 4/14/2010
 (_details..._)
 KB977914
 on 2/10/2010
 (_details..._)
 KB978037
 on 2/10/2010
 (_details..._)
 KB978251
 on 2/10/2010
 (_details..._)
 KB978262
 on 2/10/2010
 (_details..._)
 KB978338
 on 4/14/2010
 (_details..._)
 KB978542
 on 5/12/2010
 (_details..._)
 KB978601
 on 4/14/2010
 (_details..._)
 KB978706
 on 2/10/2010
 (_details..._)
 KB979306
 on 2/23/2010
 (_details..._)
 KB979309
 on 4/14/2010
 (_details..._)
 KB979482
 on 6/11/2010
 (_details..._)
 KB979559
 on 6/11/2010
 (_details..._)
 KB979683
 on 4/14/2010
 (_details..._)
 KB979687
 on 10/12/2010
 (_details..._)
 KB980195
 on 6/11/2010
 (_details..._)
 KB980218
 on 6/11/2010
 (_details..._)
 KB980232
 on 4/14/2010
 (_details..._)
 KB980436
 on 8/11/2010
 (_details..._)
 KB981322
 on 9/15/2010
 (_details..._)
 KB981349
 on 4/14/2010
 (_details..._)
 KB981793
 on 5/26/2010
 (_details..._)
 KB981852
 on 8/11/2010
 (_details..._)
 KB981957
 on 10/12/2010
 (_details..._)
 KB981997
 on 8/11/2010
 (_details..._)
 KB982132
 on 10/12/2010
 (_details..._)
 KB982214
 on 8/11/2010
 (_details..._)
 KB982665
 on 8/11/2010
 (_details..._)
 KB982802
 on 9/15/2010
 (_details..._)
 KB2079403
 on 8/11/2010
 (_details..._)
 KB2115168
 on 8/11/2010
 (_details..._)
 KB2121546
 on 9/15/2010
 (_details..._)
 KB2141007
 on 9/15/2010
 (_details..._)
 KB2158563
 on 9/29/2010
 (_details..._)
 KB2160329
 on 8/11/2010
 (_details..._)
 KB2229593
 on 7/14/2010
 (_details..._)
 KB2259922
 on 9/15/2010
 (_details..._)
 KB2279986
 on 10/12/2010
 (_details..._)
 KB2286198
 on 8/3/2010
 (_details..._)
 KB2296011
 on 10/12/2010
 (_details..._)
 KB2296199
 on 12/16/2010
 (_details..._)
 KB2345886
 on 10/12/2010
 (_details..._)
 KB2347290
 on 9/15/2010
 (_details..._)
 KB2360937
 on 10/12/2010
 (_details..._)
 KB2387149
 on 10/12/2010
 (_details..._)
 KB2393802
 on 2/9/2011
 (_details..._)
 KB2412687
 on 4/13/2011
 (_details..._)
 KB2419632
 on 1/12/2011
 (_details..._)
 KB2423089
 on 12/16/2010
 (_details..._)
 KB2436673
 on 12/16/2010
 (_details..._)
 KB2440591
 on 12/16/2010
 (_details..._)
 KB2443105
 on 12/16/2010
 (_details..._)
 KB2443685
 on 12/16/2010
 (_details..._)
 KB2467659
 on 12/16/2010
 (_details..._)
 KB2476687
 on 2/9/2011
 (_details..._)
 KB2478960
 on 2/9/2011
 (_details..._)
 KB2478971
 on 2/9/2011
 (_details..._)
 KB2479628
 on 2/9/2011
 (_details..._)
 KB2481109
 on 3/9/2011
 (_details..._)
 KB2483185
 on 2/9/2011
 (_details..._)
 KB2485376
 on 2/9/2011
 (_details..._)
 KB2485663
 on 4/13/2011
 (_details..._)
 KB2503658
 on 4/13/2011
 (_details..._)
 KB2506212
 on 4/13/2011
 (_details..._)
 KB2506223
 on 4/13/2011
 (_details..._)
 KB2507618
 on 4/13/2011
 (_details..._)
 KB2508272
 on 4/13/2011
 (_details..._)
 KB2508429
 on 4/13/2011
 (_details..._)
 KB2509553
 on 4/13/2011
 (_details..._)
 KB2511455
 on 4/13/2011
 (_details..._)
 KB2524375
 on 3/24/2011
 (_details..._)
*Windows*
 _SP1_
 IDNMITIGATIONAPIS
 on 11/10/2008
 (_Microsoft Internationalized Domain Names Mitigation APIs_)
 NLSDOWNLEVELMAPPING
 on 11/10/2008
 (_Microsoft National Language Support Downlevel APIs_)


*Click here to see all available Microsoft security hotfixes for this computer. *​ 
Marks a security hotfix (using the 04/12/2011 Microsoft Security Bulletin Summary)

Marks a security hotFix that fails verification (a security vulnerability)

Marks a hotfix that verifies correctly

Marks a hotfix that fails verification (note that failing hotfixes need to be reinstalled)

Unmarked hotfixes lack the data to allow verification

​ ​


----------



## Cookiegal (Aug 27, 2003)

Alright well that is good news. The problem now is simply to find out why they are not displayed in Add or Remove Programs. Let's try something that may be too good to be true (too simple to work) but it's worth a shot before investigating other possibilities.

Go to Add or Remove Programs in the Control Panel and uncheck "Show Updates" at the top. Then close the window. Reboot the machine and go to back there and open Add or Remove programs again. It should render the list without any of the updates. Then recheck "Show Updates" and let me know if they are all now listed.


----------



## sfrisch8 (Feb 6, 2011)

I tried it and it didn't work. I was just trying to think of something was installed or uninstalled previously that could have caused it.

Since I've only had the computer since 11/2008, you'd think I'd remember.


----------



## Cookiegal (Aug 27, 2003)

I would like you to export a registry key for me. To do that:

Go to *Start *- *Run *and copy and paste the following:


```
regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2115168"
```
You won't see anything happen and it will only take a second. You will find the report it creates at C:\look.txt. Please open it in Notepad and then copy and paste the report here.


----------



## sfrisch8 (Feb 6, 2011)

I entered the information, but I can't find where to look for the C:\look.txt. I tried entering it at the run line but it wouldn't work. I also ran a search on it with no luck either.


----------



## Cookiegal (Aug 27, 2003)

Just click on My Computer and then double-click on your C drive and it should be there.


----------



## sfrisch8 (Feb 6, 2011)

It's not there, I even checked the dates & times. Could it be inside another folder?

Should I try the command again?


----------



## Cookiegal (Aug 27, 2003)

It could be that the key doesn't exist.

Have you ever gone into the registry just to look around? Are you familiar with it at all?

But please try it one more time to be sure. You are copying/pasting the command and not trying to type, correct?


----------



## sfrisch8 (Feb 6, 2011)

Yes, I am copy/pasting the command. OK, I will try it one more time.

I used to go into the registry & do all sorts of things - so, I'm not afraid of it.
You'll have to guide me on how to get there. etc.


----------



## sfrisch8 (Feb 6, 2011)

It's not there. The first time I entered the CMD it copyed the * on each end. Then I tried the whole thing with the "*, and it didn't work. So this time I just copied the CMD only & it took it. But, for future reference, should I ever include these symbols?

I learned a long time ago to be extremely careful while in the registry, so,
if you want to go in the registry that's fine with me. But, I will need instructions on where it's located.


----------



## Cookiegal (Aug 27, 2003)

There are only quotation marks ", where are you seeing *?

I have a theory but first I need to know you're running the command properly. You have to include everything that's in the quote box, including the quotation marks.


----------



## sfrisch8 (Feb 6, 2011)

Ok, now I get it. I guess I should always read from the forum. I copied it from my email which had an ** *followed by quotation marks. *" at each end.
*"Just call me a Big Dummy"*


----------



## Cookiegal (Aug 27, 2003)

sfrisch8 said:


> Ok, now I get it. I guess I should always *read from the forum.*


Yes, that is very important.

So please run the command again and see if it works.


----------



## sfrisch8 (Feb 6, 2011)

Sorry it took so long to get back to you.

I ran the CMD again (correctly), and the text file wasn't listed.

I want to be able to work with you at your convenience, but right now something has come up, and I need to go.

I'm free tomorrrow, but I know you might not be. So, I'll just keep and eye on my email for your response. I hope that's ok.


----------



## Cookiegal (Aug 27, 2003)

Alright you can do this tomorrow. I want to run another command the same way you did the other one. This is the command I want you to run. See if this one creates the log.


```
regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2497640"
```
Have you used any registry cleaners in the past?


----------



## sfrisch8 (Feb 6, 2011)

Hi there! Sorry about yesterday, everything got totally crazy around here & I wasn't concentrating as well as I should have been.

This morning, I re-ran both commands - exactly as posted, and double checked everything, with no luck. C:\look.txt is nowhere to be found.

Registry cleaners: Yes, I have run them many times in the past. The Trend Security program comes with one, and I thinks Windows offers one. I've run both, at different times, since you've been helping me. I know now, that you don't approve - so I haven't run one lately.


----------



## Cookiegal (Aug 27, 2003)

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*
Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:filefind
look.txt
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## sfrisch8 (Feb 6, 2011)

scan log:

SystemLook 04.09.10 by jpshortstuff
Log created at 12:13 on 17/04/2011 by Owner
Administrator - Elevation successful
========== filefind ==========
Searching for "look.txt"
No files found.
-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

OK, let's approach this differently. I only want you to look in the registry and export a key but let's back up the registry in case of error first.

Please go to *Start *- *Run *and copy and paste the following and then click OK:

*regedit /e c:\registrybackup.reg*

It won't appear to be doing anything and that's normal. Your mouse pointer may turn to an hour glass for a minute.

When it no longer has the hour glass, check in your C drive to be sure you have a file called* registrybackup.reg *before continuing. *If you do not see that file, please let me know before doing anything else*.

Go to *Start *- *Run *- type in *Regedit *and click OK to open the Registry Editor.

Navigate to the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

To do that, click on the + that you see to the left of each of these branches:

+HKEY_LOCAL_MACHINE
+SOFTWARE
+Microsoft
+Windows
+CurrentVersion

Then under Current version (still in the left-hand pane) right-click on *Uninstall *and then select "Export" from the right-click menu. Name the file Uninstall (don't type any file extension, it will be created as a .reg file automatically) and save it to your desktop.

Right-click the file on your desktop and select "Send to" and then Compressed (Zipped) folder to zip the file. Then upload the zipped file as an attachment here please.


----------



## sfrisch8 (Feb 6, 2011)

Here's the file!


----------



## Cookiegal (Aug 27, 2003)

I believe I see what's happened. Something (or someone  likely a registry cleaner) has deleted the uninstall strings and/or keys for the updates that are "missing". Without those keys they will not populate in Add or Remove Programs in the Control Panel. I checked some of the ones that we knew were showing as installed and they all have their uninstall strings whereas the ones I checked that were not showing do not have those strings and in most cases don't even have the uninstall key at all.

The fact that both Belarc and Secunia are detecting the updates as being installed seems to confirm that they are indeed installed.

As a last check, please do a search (one at a time) for both of the following:

KB2115168
KB978601

To do the search, click on Start - Search - All Files and Folders - then type one of the names above then click on More Advanced Options and make sure to put a check beside "Search Hidden Files and Folders".

The search should reveal a folder for each of those (and several other updates) that looks like this:

C:\WINDOWS\$hf_mig$\KB978601

This would indicate the update is installed.


----------



## sfrisch8 (Feb 6, 2011)

Hi again! 

I did the searches and they came out just the way you said, but with a 
" /update on the end" I did have to click on the CAT file or fldr to find it.


----------



## Cookiegal (Aug 27, 2003)

Well then it looks like they are indeed installed. 

The only thing that concerns me are the initial 41 rootkits that AVG detected bu I never saw any logs so can't confirm. 

Was that with AVG anti-virus or AVG Anti-Rootkit? Have you scanned again with both of those? Is anything detected?


----------



## sfrisch8 (Feb 6, 2011)

Well, When it turned out that none of the other anti-virus programs and tests we tried didn't detect any, I uninstall AVG. Then I installed Trend, and nothing has ever been found as far as rootkits. I think I had also read that AVG detects false-positives with rootkits. The Belarc advisor didn't show any either. But, I'm willing to try anything you want.


----------



## Cookiegal (Aug 27, 2003)

Most rootkit scanners do come up with false positive. In most cases they are not really "false postives" as the files they are detecting have rootkit like behaviour but they can be legitimate programs.

We ran rootkit scanners and nothing was found.

Would you please post a final HijackThis log for me?


----------



## sfrisch8 (Feb 6, 2011)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:03:44 PM, on 4/17/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\RETROS~1\RETROS~1.5\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\TmIEPlg.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238543960270
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\TmIEPlg.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Retrospect Express HD Helper (RetroExp Helper) - EMC Corporation - C:\PROGRA~1\RETROS~1\RETROS~1.5\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\PROGRA~1\RETROS~1\RETROS~1.5\retrorun.exe
O24 - Desktop Component 1: (no name) - http://mail.live.com/
--
End of file - 6788 bytes


----------



## Cookiegal (Aug 27, 2003)

The log looks fine. Any problems with the computer?


----------



## sfrisch8 (Feb 6, 2011)

It seems to work fine. But, it didn't before and I thank you so much for fixing it. You are a very kind person! You also gave me the courage to handle PA Bear!

Now, if you could fix my Quicken issues, that would be something else!
Thanks over & over again!


----------



## Cookiegal (Aug 27, 2003)

Dare I ask what the issues are with Quicken? 

You're quite welcome. As a courtesy, you may wish to reply to PA Bear to give him an update. If you do, please give him my regards.


----------



## sfrisch8 (Feb 6, 2011)

Help with Quicken? You don't even want to go there!!!!!!!!!!!!!!! All I can advise, is to never use it!

OK, I guess it would be a nice thing to do - I'll update PA BEAR !

It's so funny, with these names & just trying to imagine what ya'll look like! 

Bye, and now that you're done with me (hopefully), you'll have some extra time to do some gardening, reading, or whatever you like to do!


----------



## Cookiegal (Aug 27, 2003)

Well I've never used Quicken so couldn't help much anyway. 

Here are some final instructions for you.

*Follow these steps to uninstall Combofix and all of its files and components.*

 Click *START* then *RUN*
 Now type *ComboFix /uninstall* in the runbox and click *OK*. Note the *space* between the *X* and the */uninstall*, it needs to be there (the screenshot is just for illustration but the actual command used the entire word uninstall and just the u).










Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on *My Computer* and click on *Properties.*
Click the *System Restore* tab.
Check *Turn off System Restore.*
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on *Start* - *All Programs* - *Accessories* - *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.

I also recommend changing all passwords just as a precaution. Make sure to choose strong ones containing letters and numbers, upper case and lower case, etc.


----------



## sfrisch8 (Feb 6, 2011)

Ok, I will do that. Is it also OK to delete or uninstall any other .txt, .exe or log files that are left over? I did delete some along the way, but there's a few more - I just can't remember right now.

Also, I was going through our threads to try and update PA Bear with, and it's taking forever to write them down. Should I just sent him this link?


----------



## Cookiegal (Aug 27, 2003)

Yes, you can delete the log files that we created.

You can just tell him that it appears that something delete the uninstall keys/strings in the registry (probably a registry cleaner) which is why the updates I thought were missing are not populating the list in Add or Remove programs but they are installed. That sums it up in a nutshell.


----------



## Cookiegal (Aug 27, 2003)

I just noticed in the Belarc log it says:

(using the 09/09/2008 Microsoft Security Bulletin Summary)

Isn't there a way for it to scan using a current summary? Because that report still doesn't show updates from 2009 and 2010 although Secunia didn't say any were missing (other than IE7).

Edit: Nevermind. I was going by the log that was attached and this is the one you copied and pasted had the correct date. (Phew!).


----------



## sfrisch8 (Feb 6, 2011)

My message to PA Bear:

Hi there! It looks like my computer may be ok after all.
Cookiegal wanted me to give you an update of our last communications on the update issues with my computer.
" It appears that something deleted the uninstall keys/strings in the registry (probably a registry cleaner) which is why the updates I thought were missing are not populating the list in Add or Remove programs but they are installed."
She also wanted me to please give you her regards.
Thanks again
----------------------------------------------------------------------
I'm going to do the uninstall of ComboFix tomorrow. I printed out your instructions (thanks) so I don't mess up!

If I ever need your advice again, would there be a way to contact you?
If not, I totally understand. I've learned my lesson about playing around with the "insides" of my computer, and I will never run a registery cleaner again!


----------



## Cookiegal (Aug 27, 2003)

Normally we just ask that you post on the boards but you could drop me a private message to let me know about your thread if you need help with something. 

Thanks for posting an update to PA Bear. :up:


----------



## sfrisch8 (Feb 6, 2011)

More questions.

I tried to do the uninstall of ComboFix, and got a msg that "Windows cannot find the file." I entered it exactly the way you explained *ComboFix /uninstall.*

Now that I've thought about it, I remember uninstalling it before. I think I did it through add/remove programs, or just deleting it through Windows, if it wasn't listed. I just did a search and it left behind 2 txt files : ComboFix.txt & ComboFix-quarantined-files.txt. Should I try to delete them, if it will let me?

I also deleted other things we used along the way, (like GMER and Fix-it) and still have a few more to do - although I don't remember if they they were program files. If they were, I went through add /remove programs, if not, I think I just deleted them through a search.

This is why I used to use registry cleaners - because I know that even if you use add/remove programs, things can be left behind in the registry.
I would always do a seach to see what was left & delete what it would let me. There were always some .dill files or somthing that I wasn't allowed to delete. This may also have been the the case when I uninstalled AVG or old IE7 files.

I didn't know how to delete them through a start/run cmd prompt, like you advised with ComboFix.

In the future, If I have to uninstall something, should I do it through add/remove programs & hope it gets it all? Or, should I do it the way you wanted me to uninstall ComboFix?

I was also wondering if I should uninstall "Belarc Advisor"? If I should uninstall it, which way do you suggest?

I'm also asking this now because I don't want to have to keep bothering you with questions. I've always installed an addional malware/spyware program, like Webroot SpySweeper in addition to my antivirus program. I know you said that Webroot might conflict with my antivirus, so I uninstalled it (& it probably left behind some stuff too). But, are there any that you can suggest that would be ok, for extra protection - or do think they aren't needed?

OK, I'm finally done - that extra cup of coffee didn't help you any, I'm sorry.


----------



## Cookiegal (Aug 27, 2003)

sfrisch8 said:


> More questions.
> 
> I tried to do the uninstall of ComboFix, and got a msg that "Windows cannot find the file." I entered it exactly the way you explained *ComboFix /uninstall.*
> 
> ...


You can delete any C:\combofix.txt files and also this folder C:\*Qoobox*.


> This is why I used to use registry cleaners - because I know that even if you use add/remove programs, things can be left behind in the registry.
> 
> I would always do a seach to see what was left & delete what it would let me. There were always some .dill files or somthing that I wasn't allowed to delete. This may also have been the the case when I uninstalled AVG or old IE7 files.
> 
> ...


It's usually best to uninstall from Add or Remove Programs but some programs have their own uninstalling methods so you're best to research that. Then many also have removal tools that should be run after uninstallation to take care of any possible leftovers. Orphaned registry entries left behind don't generally cause any problems and should just be left alone.


> I was also wondering if I should uninstall "Belarc Advisor"? If I should uninstall it, which way do you suggest?


I would just uninstall it via Add or Remove programs.


> I'm also asking this now because I don't want to have to keep bothering you with questions. I've always installed an addional malware/spyware program, like Webroot SpySweeper in addition to my antivirus program. I know you said that Webroot might conflict with my antivirus, so I uninstalled it (& it probably left behind some stuff too). But, are there any that you can suggest that would be ok, for extra protection - or do think they aren't needed?
> 
> OK, I'm finally done - that extra cup of coffee didn't help you any, I'm sorry.


I would keep MalwareBytes and if you like you can also install SuperAntiSpyware. Both can be updated and run as on-demand scanners. When downloaded, uncheck the option to have it run at startup as that's not necessary and will only slow down startup time.


----------



## Cookiegal (Aug 27, 2003)

I noticed in your post on the MS forums you stated:

"_As of yesterday, when Cookiegal and I felt it was ok to move on without another suggestion of a reformat, I was elated. She did say all along that a reformat would be the safest thing to do - until I found all the missing updates. I'm sure, she'd suggest a reformat again to be truly safe._"

That's not really what I meant. See my post no. 199 which I made after we determined that the updates were installed:

http://forums.techguy.org/7897022-post199.html

"_The only thing that concerns me are the initial 41 rootkits that AVG detected bu I never saw any logs so can't confirm_."

The fact that we couldn't ascertain whether or not there were any rootkits at the beginning was still of concern to me but I knew you were very much against reformatting so you had a decision to make based on the information we had (meaning we couldn't confirm whether or not there ever were any rootkits). Certainly you are in much better shape with the updates iinstalled but when in doubt as to the integrity of the system a reformat is always the best way to go to be sure.


----------

