KB917953 keeps reappearing

Nebulon · Nov 6, 2006

What causes this? A security update, cryptically named "KB917953", was
released earlier this year; ever since then my XP media center edition
keeps complaining that I have to download and install it, despite the
fact that I've already done so five or six times. I am not uninstalling
it, and the system consistently has checked clean of spyware and
viruses during the last several months, so I don't think there's some
malware uninstalling it for me.

Is it self-uninstalling? Is it something like the malicious software
removal tool, with new versions every month? Or is Windows Update
simply being buggy?

Given that this is Microsoft we're talking about, I guess the smart
money is on door number 3...

nahid · Nov 6, 2006

show a little cheaper broadband services.

Detlev Dreyer · Nov 6, 2006

Nebulon said:
What causes this? A security update, cryptically named "KB917953", was
released earlier this year; ever since then my XP media center edition
keeps complaining that I have to download and install it, despite the
fact that I've already done so five or six times.

Download that update and install manually.
"Security Update for Windows XP (KB917953)"
http://www.microsoft.com/downloads/...FamilyID=b62abe8e-4735-4934-a66e-5b957986efbf

Is it self-uninstalling?
No.

Is it something like the malicious software removal tool, with new
versions every month?
No.

Or is Windows Update simply being buggy?

In that case, most users should experience that problem. If the problem
persists, you may want to ask here: microsoft.public.windowsupdate

nahid · Nov 6, 2006

do you have a free downloading option of any softwares

MowGreen [MVP] · Nov 6, 2006

It's entirely possible that the update is not installing correctly.
Since it's an Important update for Remote Code Execution, it would be
nice to get it installed -
http://www.microsoft.com/technet/security/bulletin/ms06-032.mspx

Is it listed in Add/Remove Programs ?
Does tcpip.sys on the system match the version listed on the Sec
Bulletin page, v.5.1.2600.2892 ? (It's located in system32/drivers)

A possible clue as to why it's being redected by Automatic Update may be
present in the KB917953.log located in %windir%
Each installation "attempt" will have a separate entry.
Check the last one at the bottom of the log for possible error
codes/messages.

MowGreen [MVP 2003-2007]
===============
*-343-* FDNY
Never Forgotten
===============

Nebulon · Nov 7, 2006

MowGreen said:
Is it listed in Add/Remove Programs ?

Yes, as installed on 6/16/2006 (which is probably the first occasion).

Does tcpip.sys on the system match the version listed on the Sec
Bulletin page, v.5.1.2600.2892 ? (It's located in system32/drivers)

It seems to be v.5.1.2600.2180, which is strange, if it's in
add/remove. Unless someone keeps uninstalling the update in a manner
that doesn't remove it from add/remove.

A possible clue as to why it's being redected by Automatic Update may be
present in the KB917953.log located in %windir%
Each installation "attempt" will have a separate entry.
Check the last one at the bottom of the log for possible error
codes/messages.

This is the one from Nov. 2, the most recent. It seems to have
succeeded (various files copied to various places) though it does
contain some cryptic error messages. Someone more knowledgeable needs
to interpret this.

On Nov. 2 I installed several updates, and have rebooted several times
since then for assorted reasons (mostly because the updates as usual
screwed up the half-open connection limit, which in turn screws up p2p
apps, and patching the connection limit seems to need to be done
several times with a reboot or two to "take").

As of Nov. 6 it is again showing KB917953 as a needed, not-installed
critical update.

0.656:
================================================================================
0.656: 2006/11/02 00:50:08.390 (local)
0.656:
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\ccf16a349964b0c1db2aca1fe8adaff2\update\update.exe
(version 6.2.29.0)
0.656: Hotfix started with following command line: /si
/ParentInfo:3660d257ea61f141b5f66d82b3153909
2.203: DoInstallation: CleanPFR failed: 0x2
2.203: SetProductTypes: InfProductBuildType=BuildType.IP
2.234: SetAltOsLoaderPath: No section uses DirId 65701; done.
2.234: CreateUninstall = 0,Directory = C:\WINDOWS\$NtUninstallKB917953$

2.234: LoadFileQueues: UpdSpGetSourceFileLocation for halmacpi.dll
failed: 0xe0000102
2.234: ref tag c:\windows\system32\sp4.cab does not exist
2.234: ref tag c:\windows\system32\sp3.cab does not exist
2.234: ref tag c:\windows\system32\sp2.cab does not exist
2.234: ref tag c:\windows\system32\sp1.cab does not exist
2.234: ref tag c:\windows\system32\driver.cab does not exist
2.234: ref tag c:\windows\system32\fp40ext.cab does not exist
2.234: ref tag c:\windows\system32\fp40ext1.cab does not exist
2.250: ref tag c:\windows\system32\wms4.cab does not exist
2.250: ref tag c:\windows\system32\wms41.cab does not exist
2.250: ref tag c:\windows\system32\ims.cab does not exist
2.250: ref tag c:\windows\system32\ims1.cab does not exist
2.250: ref tag c:\windows\system32\ins.cab does not exist
2.250: ref tag c:\windows\system32\ins1.cab does not exist
2.250: Starting AnalyzeComponents
2.250: AnalyzePhaseZero used 0 ticks
2.250: No c:\windows\INF\updtblk.inf file.
2.250: OEM file scan used 0 ticks
2.250: AnalyzePhaseOne: used 0 ticks
2.250: AnalyzeComponents: Hotpatch analysis disabled; skipping.
2.250: AnalyzeComponents: Hotpatching is disabled.
2.250: FindFirstFile c:\windows\$hf_mig$\*.*
2.266: KB917953 Setup encountered an error: The update.ver file is
not correct.
2.281: KB917953 Setup encountered an error: The update.ver file is
not correct.
2.281: KB917953 Setup encountered an error: The update.ver file is
not correct.
2.281: KB917953 Setup encountered an error: The update.ver file is
not correct.
2.281: KB917953 Setup encountered an error: The update.ver file is
not correct.
2.297: AnalyzeForBranching used 16 ticks.
2.297: AnalyzePhaseTwo used 0 ticks
2.297: AnalyzePhaseThree used 0 ticks
2.297: AnalyzePhaseFive used 0 ticks
2.313: AnalyzePhaseSix used 16 ticks
2.313: AnalyzeComponents used 63 ticks
2.313: Downloading 0 files
2.313: bPatchMode = TRUE
2.313: Inventory complete: ReturnStatus=0, 79 ticks
2.313: Num Ticks for invent : 79
2.313: [dumpDownloadTask] We have all necessary files for the package
to install. Return STATUS_READY_TO_INSTALL
2.313: dumpDownloadTask returned 0xf201 (ready to install)
2.375: KB917953 installation did not complete.
2.375: Update.exe extended error code = 0xf201
0.672:
================================================================================
0.672: 2006/11/02 00:51:17.609 (local)
0.672:
C:\WINDOWS\SoftwareDistribution\Download\556eb98436b65a8c1ffae674c83d197f\update\update.exe
(version 6.2.29.0)
0.672: Failed To Enable SE_SHUTDOWN_PRIVILEGE
0.672: Hotfix started with following command line: -q -z -er
/ParentInfo:57f21480b813f74b87a05491847d076c
2.344: In Function TestVolatileFlag, line 11873, RegOpenKeyEx failed
with error 0x2
2.344: In Function TestVolatileFlag, line 11905, RegOpenKeyEx failed
with error 0x2
2.344: DoInstallation: CleanPFR failed: 0x2
2.344: SetProductTypes: InfProductBuildType=BuildType.IP
2.360: SetAltOsLoaderPath: No section uses DirId 65701; done.
2.391: CreateUninstall = 0,Directory = C:\WINDOWS\$NtUninstallKB917953$

2.406: LoadFileQueues: UpdSpGetSourceFileLocation for halmacpi.dll
failed: 0xe0000102
2.406: ref tag c:\windows\system32\sp4.cab does not exist
2.406: ref tag c:\windows\system32\sp3.cab does not exist
2.406: ref tag c:\windows\system32\sp2.cab does not exist
2.406: ref tag c:\windows\system32\sp1.cab does not exist
2.406: ref tag c:\windows\system32\driver.cab does not exist
2.406: ref tag c:\windows\system32\fp40ext.cab does not exist
2.406: ref tag c:\windows\system32\fp40ext1.cab does not exist
2.406: ref tag c:\windows\system32\wms4.cab does not exist
2.406: ref tag c:\windows\system32\wms41.cab does not exist
2.406: ref tag c:\windows\system32\ims.cab does not exist
2.406: ref tag c:\windows\system32\ims1.cab does not exist
2.406: ref tag c:\windows\system32\ins.cab does not exist
2.406: ref tag c:\windows\system32\ins1.cab does not exist
2.406: Starting AnalyzeComponents
2.406: AnalyzePhaseZero used 0 ticks
2.406: No c:\windows\INF\updtblk.inf file.
2.422: OEM file scan used 16 ticks
2.422: AnalyzePhaseOne: used 16 ticks
2.422: AnalyzeComponents: Hotpatch analysis disabled; skipping.
2.422: AnalyzeComponents: Hotpatching is disabled.
2.422: FindFirstFile c:\windows\$hf_mig$\*.*
2.438: KB917953 Setup encountered an error: The update.ver file is
not correct.
2.453: KB917953 Setup encountered an error: The update.ver file is
not correct.
2.453: KB917953 Setup encountered an error: The update.ver file is
not correct.
2.453: KB917953 Setup encountered an error: The update.ver file is
not correct.
2.453: KB917953 Setup encountered an error: The update.ver file is
not correct.
2.453: KB917953 Setup encountered an error: The update.ver file is
not correct.
2.469: AnalyzeForBranching used 16 ticks.
2.469: AnalyzePhaseTwo used 0 ticks
2.469: AnalyzePhaseThree used 0 ticks
2.469: AnalyzePhaseFive used 0 ticks
2.485: AnalyzePhaseSix used 16 ticks
2.485: AnalyzeComponents used 79 ticks
2.485: Downloading 0 files
2.485: bPatchMode = TRUE
2.485: Inventory complete: ReturnStatus=0, 94 ticks
2.485: Num Ticks for invent : 94
2.485: VerifyTargetFileSize: Unable to verify size as Source = NULL for
file c:\windows\inf\HFX62.tmp
2.516: Copied file: c:\windows\inf\branches.inf
10.360: Allocation size of drive C: is 4096 bytes, free space =
166163513344 bytes
10.485: Drive C: free 158465MB req: 5MB w/uninstall 0MB
10.485: CabinetBuild complete
10.485: Num Ticks for Cabinet build : 8000
10.485: DynamicStrings section not defined or empty.
10.485: FileInUse:: Detection disabled.
11.485: LoadFileQueues: UpdSpGetSourceFileLocation for halmacpi.dll
failed: 0xe0000102
11.531: System Restore Point set.
11.625: Copied file: C:\WINDOWS\system32\spmsg.dll
11.625: PFE2: Not avoiding Per File Exceptions.
12.875: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL:
Copied
c:\windows\softwaredistribution\download\556eb98436b65a8c1ffae674c83d197f\update\update_SP2QFE.inf
-> c:\windows\$hf_mig$\KB917953\update\update_SP2QFE.inf.
12.938: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL:
Copied
c:\windows\softwaredistribution\download\556eb98436b65a8c1ffae674c83d197f\spuninst.exe
-> c:\windows\$hf_mig$\KB917953\spuninst.exe.
12.953: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL:
Copied
c:\windows\softwaredistribution\download\556eb98436b65a8c1ffae674c83d197f\spmsg.dll
-> c:\windows\$hf_mig$\KB917953\spmsg.dll.
12.985: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL:
Copied
c:\windows\softwaredistribution\download\556eb98436b65a8c1ffae674c83d197f\update\spcustom.dll
-> c:\windows\$hf_mig$\KB917953\update\spcustom.dll.
13.094: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL:
Copied
c:\windows\softwaredistribution\download\556eb98436b65a8c1ffae674c83d197f\update\KB917953.CAT
-> c:\windows\$hf_mig$\KB917953\update\KB917953.CAT.
13.141: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL:
Copied
c:\windows\softwaredistribution\download\556eb98436b65a8c1ffae674c83d197f\update\update.exe
-> c:\windows\$hf_mig$\KB917953\update\update.exe.
13.203: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL:
Copied
c:\windows\softwaredistribution\download\556eb98436b65a8c1ffae674c83d197f\update\updspapi.dll
-> c:\windows\$hf_mig$\KB917953\update\updspapi.dll.
13.438: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL:
Copied
c:\windows\softwaredistribution\download\556eb98436b65a8c1ffae674c83d197f\update\update.ver
-> c:\windows\$hf_mig$\KB917953\update\update.ver.
13.438: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL:
Copied
c:\windows\softwaredistribution\download\556eb98436b65a8c1ffae674c83d197f\update\updatebr.inf
-> c:\windows\$hf_mig$\KB917953\update\updatebr.inf.
13.453: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL:
Copied
c:\windows\softwaredistribution\download\556eb98436b65a8c1ffae674c83d197f\update\eula.txt
-> c:\windows\$hf_mig$\KB917953\update\eula.txt.
13.453: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL:
Copied
c:\windows\softwaredistribution\download\556eb98436b65a8c1ffae674c83d197f\update\branches.inf
-> c:\windows\$hf_mig$\KB917953\update\branches.inf.
13.656: Copied file: C:\WINDOWS\system32\DRIVERS\tcpip.sys
13.656: Copied file: C:\WINDOWS\system32\DllCache\tcpip.sys
13.735: DoInstallation: Installing assemblies with source root path:
c:\windows\softwaredistribution\download\556eb98436b65a8c1ffae674c83d197f\
13.735: Num Ticks for Copying files : 3250
13.735: Num Ticks for Reg update and deleting 0 size files : 0
13.750: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section
is empty; nothing to do.
13.750: IsRebootRequiredForFileQueue:
c:\windows\system32\drivers\tcpip.sys was no-delay replaced; reboot is
required.
13.750: DoInstallation: A reboot is required to complete the
installation of one or more files.
13.750: In Function SetVolatileFlag, line 11789, RegOpenKeyEx failed
with error 0x2
13.750: In Function SetVolatileFlag, line 11806, RegOpenKeyEx failed
with error 0x2
13.750: UpdateSpUpdSvcInf: Source
[ProcessesToRunAfterReboot.RebootNotRequired] section is empty; nothing
to do.
13.844: RebootNecessary = 1,WizardInput = 1 , DontReboot = 1,
ForceRestart = 0

MowGreen [MVP] · Nov 7, 2006

According to the second section of the log,2006/11/02 00:51:17.609, the
update installed and a reboot was required -

13.750: IsRebootRequiredForFileQueue:
c:\windows\system32\drivers\tcpip.sys was no-delay replaced; reboot is
required.
13.750: DoInstallation: A reboot is required to complete the
installation of one or more files. *< --- This is the reboot required*
13.750: In Function SetVolatileFlag, line 11789, RegOpenKeyEx failed
with error 0x2
13.750: In Function SetVolatileFlag, line 11806, RegOpenKeyEx failed
with error 0x2
13.750: UpdateSpUpdSvcInf: Source
[ProcessesToRunAfterReboot.RebootNotRequired] section is empty; nothing
to do.
13.844: RebootNecessary = 1,WizardInput = 1 , DontReboot = 1,
ForceRestart = 0

Below is the log from my system and it shows the same entries -

21.611: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section is
empty; nothing to do.
21.611: IsRebootRequiredForFileQueue:
d:\windows\system32\drivers\tcpip.sys was no-delay replaced; reboot is
required.
21.611: DoInstallation: A reboot is required to complete the
installation of one or more files.
21.611: In Function SetVolatileFlag, line 11789, RegOpenKeyEx failed
with error 0x2
21.611: In Function SetVolatileFlag, line 11806, RegOpenKeyEx failed
with error 0x2
21.611: UpdateSpUpdSvcInf: Source
[ProcessesToRunAfterReboot.RebootNotRequired] section is empty; nothing
to do.
24.586: RebootNecessary = 1,WizardInput = 0 , DontReboot = 1,
ForceRestart = 0

Here's where the logs differ ... mine shows

18.827: Num Ticks for Copying files : 7120
18.857: Num Ticks for Reg update and deleting 0 size files : 30

Yours shows -

13.735: Num Ticks for Copying files : 3250
13.735: Num Ticks for Reg update and deleting 0 size files : 0

Apparently the registry is NOT being updated on your system.
There should be an Access Denied error if it's related to Permissions
issues.

Your log does show that the files HAVE been updated =

13.656: Copied file: C:\WINDOWS\system32\DRIVERS\tcpip.sys
13.656: Copied file: C:\WINDOWS\system32\DllCache\tcpip.sys

Suggest checking both the Drivers and DllCache folders to determine if
both tcpip.sys files are of the same version.

The update is located in the registry here -

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB917953
Click the plus sign next to KB917953
Click the plus sign next to the Filelist folder
There should be 3 subfolders present - 0, 1, and 2
The first two show where tcpip.sys have been installed to and show the
version number
The 3rd subfolder is where the SP2QFE is located,
windows\$hf_mig$\KB917953\SP2QFE
Confirm that, please.

MowGreen [MVP 2003-2007]
===============
*-343-* FDNY
Never Forgotten
===============

MowGreen said:
MowGreen said:

Is it listed in Add/Remove Programs ?

Click to expand...

Yes, as installed on 6/16/2006 (which is probably the first occasion).

Does tcpip.sys on the system match the version listed on the Sec
Bulletin page, v.5.1.2600.2892 ? (It's located in system32/drivers)

Click to expand...

It seems to be v.5.1.2600.2180, which is strange, if it's in
add/remove. Unless someone keeps uninstalling the update in a manner
that doesn't remove it from add/remove.

A possible clue as to why it's being redected by Automatic Update may be
present in the KB917953.log located in %windir%
Each installation "attempt" will have a separate entry.
Check the last one at the bottom of the log for possible error
codes/messages.

Click to expand...

This is the one from Nov. 2, the most recent. It seems to have
succeeded (various files copied to various places) though it does
contain some cryptic error messages. Someone more knowledgeable needs
to interpret this.

On Nov. 2 I installed several updates, and have rebooted several times
since then for assorted reasons (mostly because the updates as usual
screwed up the half-open connection limit, which in turn screws up p2p
apps, and patching the connection limit seems to need to be done
several times with a reboot or two to "take").

As of Nov. 6 it is again showing KB917953 as a needed, not-installed
critical update.

0.656:
================================================================================
0.656: 2006/11/02 00:50:08.390 (local)
0.656:
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\ccf16a349964b0c1db2aca1fe8adaff2\update\update.exe
(version 6.2.29.0)
0.656: Hotfix started with following command line: /si
/ParentInfo:3660d257ea61f141b5f66d82b3153909
2.203: DoInstallation: CleanPFR failed: 0x2
2.203: SetProductTypes: InfProductBuildType=BuildType.IP
2.234: SetAltOsLoaderPath: No section uses DirId 65701; done.
2.234: CreateUninstall = 0,Directory = C:\WINDOWS\$NtUninstallKB917953$

2.234: LoadFileQueues: UpdSpGetSourceFileLocation for halmacpi.dll
failed: 0xe0000102
2.234: ref tag c:\windows\system32\sp4.cab does not exist
2.234: ref tag c:\windows\system32\sp3.cab does not exist
2.234: ref tag c:\windows\system32\sp2.cab does not exist
2.234: ref tag c:\windows\system32\sp1.cab does not exist
2.234: ref tag c:\windows\system32\driver.cab does not exist
2.234: ref tag c:\windows\system32\fp40ext.cab does not exist
2.234: ref tag c:\windows\system32\fp40ext1.cab does not exist
2.250: ref tag c:\windows\system32\wms4.cab does not exist
2.250: ref tag c:\windows\system32\wms41.cab does not exist
2.250: ref tag c:\windows\system32\ims.cab does not exist
2.250: ref tag c:\windows\system32\ims1.cab does not exist
2.250: ref tag c:\windows\system32\ins.cab does not exist
2.250: ref tag c:\windows\system32\ins1.cab does not exist
2.250: Starting AnalyzeComponents
2.250: AnalyzePhaseZero used 0 ticks
2.250: No c:\windows\INF\updtblk.inf file.
2.250: OEM file scan used 0 ticks
2.250: AnalyzePhaseOne: used 0 ticks
2.250: AnalyzeComponents: Hotpatch analysis disabled; skipping.
2.250: AnalyzeComponents: Hotpatching is disabled.
2.250: FindFirstFile c:\windows\$hf_mig$\*.*
2.266: KB917953 Setup encountered an error: The update.ver file is
not correct.
2.281: KB917953 Setup encountered an error: The update.ver file is
not correct.
2.281: KB917953 Setup encountered an error: The update.ver file is
not correct.
2.281: KB917953 Setup encountered an error: The update.ver file is
not correct.
2.281: KB917953 Setup encountered an error: The update.ver file is
not correct.
2.297: AnalyzeForBranching used 16 ticks.
2.297: AnalyzePhaseTwo used 0 ticks
2.297: AnalyzePhaseThree used 0 ticks
2.297: AnalyzePhaseFive used 0 ticks
2.313: AnalyzePhaseSix used 16 ticks
2.313: AnalyzeComponents used 63 ticks
2.313: Downloading 0 files
2.313: bPatchMode = TRUE
2.313: Inventory complete: ReturnStatus=0, 79 ticks
2.313: Num Ticks for invent : 79
2.313: [dumpDownloadTask] We have all necessary files for the package
to install. Return STATUS_READY_TO_INSTALL
2.313: dumpDownloadTask returned 0xf201 (ready to install)
2.375: KB917953 installation did not complete.
2.375: Update.exe extended error code = 0xf201
0.672:
================================================================================
0.672: 2006/11/02 00:51:17.609 (local)
0.672:
C:\WINDOWS\SoftwareDistribution\Download\556eb98436b65a8c1ffae674c83d197f\update\update.exe
(version 6.2.29.0)
0.672: Failed To Enable SE_SHUTDOWN_PRIVILEGE
0.672: Hotfix started with following command line: -q -z -er
/ParentInfo:57f21480b813f74b87a05491847d076c
2.344: In Function TestVolatileFlag, line 11873, RegOpenKeyEx failed
with error 0x2
2.344: In Function TestVolatileFlag, line 11905, RegOpenKeyEx failed
with error 0x2
2.344: DoInstallation: CleanPFR failed: 0x2
2.344: SetProductTypes: InfProductBuildType=BuildType.IP
2.360: SetAltOsLoaderPath: No section uses DirId 65701; done.
2.391: CreateUninstall = 0,Directory = C:\WINDOWS\$NtUninstallKB917953$

2.406: LoadFileQueues: UpdSpGetSourceFileLocation for halmacpi.dll
failed: 0xe0000102
2.406: ref tag c:\windows\system32\sp4.cab does not exist
2.406: ref tag c:\windows\system32\sp3.cab does not exist
2.406: ref tag c:\windows\system32\sp2.cab does not exist
2.406: ref tag c:\windows\system32\sp1.cab does not exist
2.406: ref tag c:\windows\system32\driver.cab does not exist
2.406: ref tag c:\windows\system32\fp40ext.cab does not exist
2.406: ref tag c:\windows\system32\fp40ext1.cab does not exist
2.406: ref tag c:\windows\system32\wms4.cab does not exist
2.406: ref tag c:\windows\system32\wms41.cab does not exist
2.406: ref tag c:\windows\system32\ims.cab does not exist
2.406: ref tag c:\windows\system32\ims1.cab does not exist
2.406: ref tag c:\windows\system32\ins.cab does not exist
2.406: ref tag c:\windows\system32\ins1.cab does not exist
2.406: Starting AnalyzeComponents
2.406: AnalyzePhaseZero used 0 ticks
2.406: No c:\windows\INF\updtblk.inf file.
2.422: OEM file scan used 16 ticks
2.422: AnalyzePhaseOne: used 16 ticks
2.422: AnalyzeComponents: Hotpatch analysis disabled; skipping.
2.422: AnalyzeComponents: Hotpatching is disabled.
2.422: FindFirstFile c:\windows\$hf_mig$\*.*
2.438: KB917953 Setup encountered an error: The update.ver file is
not correct.
2.453: KB917953 Setup encountered an error: The update.ver file is
not correct.
2.453: KB917953 Setup encountered an error: The update.ver file is
not correct.
2.453: KB917953 Setup encountered an error: The update.ver file is
not correct.
2.453: KB917953 Setup encountered an error: The update.ver file is
not correct.
2.453: KB917953 Setup encountered an error: The update.ver file is
not correct.
2.469: AnalyzeForBranching used 16 ticks.
2.469: AnalyzePhaseTwo used 0 ticks
2.469: AnalyzePhaseThree used 0 ticks
2.469: AnalyzePhaseFive used 0 ticks
2.485: AnalyzePhaseSix used 16 ticks
2.485: AnalyzeComponents used 79 ticks
2.485: Downloading 0 files
2.485: bPatchMode = TRUE
2.485: Inventory complete: ReturnStatus=0, 94 ticks
2.485: Num Ticks for invent : 94
2.485: VerifyTargetFileSize: Unable to verify size as Source = NULL for
file c:\windows\inf\HFX62.tmp
2.516: Copied file: c:\windows\inf\branches.inf
10.360: Allocation size of drive C: is 4096 bytes, free space =
166163513344 bytes
10.485: Drive C: free 158465MB req: 5MB w/uninstall 0MB
10.485: CabinetBuild complete
10.485: Num Ticks for Cabinet build : 8000
10.485: DynamicStrings section not defined or empty.
10.485: FileInUse:: Detection disabled.
11.485: LoadFileQueues: UpdSpGetSourceFileLocation for halmacpi.dll
failed: 0xe0000102
11.531: System Restore Point set.
11.625: Copied file: C:\WINDOWS\system32\spmsg.dll
11.625: PFE2: Not avoiding Per File Exceptions.
12.875: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL:
Copied
c:\windows\softwaredistribution\download\556eb98436b65a8c1ffae674c83d197f\update\update_SP2QFE.inf
-> c:\windows\$hf_mig$\KB917953\update\update_SP2QFE.inf.
12.938: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL:
Copied
c:\windows\softwaredistribution\download\556eb98436b65a8c1ffae674c83d197f\spuninst.exe
-> c:\windows\$hf_mig$\KB917953\spuninst.exe.
12.953: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL:
Copied
c:\windows\softwaredistribution\download\556eb98436b65a8c1ffae674c83d197f\spmsg.dll
-> c:\windows\$hf_mig$\KB917953\spmsg.dll.
12.985: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL:
Copied
c:\windows\softwaredistribution\download\556eb98436b65a8c1ffae674c83d197f\update\spcustom.dll
-> c:\windows\$hf_mig$\KB917953\update\spcustom.dll.
13.094: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL:
Copied
c:\windows\softwaredistribution\download\556eb98436b65a8c1ffae674c83d197f\update\KB917953.CAT
-> c:\windows\$hf_mig$\KB917953\update\KB917953.CAT.
13.141: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL:
Copied
c:\windows\softwaredistribution\download\556eb98436b65a8c1ffae674c83d197f\update\update.exe
-> c:\windows\$hf_mig$\KB917953\update\update.exe.
13.203: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL:
Copied
c:\windows\softwaredistribution\download\556eb98436b65a8c1ffae674c83d197f\update\updspapi.dll
-> c:\windows\$hf_mig$\KB917953\update\updspapi.dll.
13.438: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL:
Copied
c:\windows\softwaredistribution\download\556eb98436b65a8c1ffae674c83d197f\update\update.ver
-> c:\windows\$hf_mig$\KB917953\update\update.ver.
13.438: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL:
Copied
c:\windows\softwaredistribution\download\556eb98436b65a8c1ffae674c83d197f\update\updatebr.inf
-> c:\windows\$hf_mig$\KB917953\update\updatebr.inf.
13.453: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL:
Copied
c:\windows\softwaredistribution\download\556eb98436b65a8c1ffae674c83d197f\update\eula.txt
-> c:\windows\$hf_mig$\KB917953\update\eula.txt.
13.453: ProcessSetupContentSection: PROCESS_SETUP_CONTENT_OP_INSTALL:
Copied
c:\windows\softwaredistribution\download\556eb98436b65a8c1ffae674c83d197f\update\branches.inf
-> c:\windows\$hf_mig$\KB917953\update\branches.inf.
13.656: Copied file: C:\WINDOWS\system32\DRIVERS\tcpip.sys
13.656: Copied file: C:\WINDOWS\system32\DllCache\tcpip.sys
13.735: DoInstallation: Installing assemblies with source root path:
c:\windows\softwaredistribution\download\556eb98436b65a8c1ffae674c83d197f\
13.735: Num Ticks for Copying files : 3250
13.735: Num Ticks for Reg update and deleting 0 size files : 0
13.750: UpdateSpUpdSvcInf: Source [ProcessesToRunAfterReboot] section
is empty; nothing to do.
13.750: IsRebootRequiredForFileQueue:
c:\windows\system32\drivers\tcpip.sys was no-delay replaced; reboot is
required.
13.750: DoInstallation: A reboot is required to complete the
installation of one or more files.
13.750: In Function SetVolatileFlag, line 11789, RegOpenKeyEx failed
with error 0x2
13.750: In Function SetVolatileFlag, line 11806, RegOpenKeyEx failed
with error 0x2
13.750: UpdateSpUpdSvcInf: Source
[ProcessesToRunAfterReboot.RebootNotRequired] section is empty; nothing
to do.
13.844: RebootNecessary = 1,WizardInput = 1 , DontReboot = 1,
ForceRestart = 0

Nebulon · Nov 8, 2006

MowGreen said:
Apparently the registry is NOT being updated on your system.
There should be an Access Denied error if it's related to Permissions
issues.

Can't be. I did the install as administrator.

Suggest checking both the Drivers and DllCache folders to determine if
both tcpip.sys files are of the same version.

5.1.2600.2180 in dllcache and in drivers.

The update is located in the registry here -

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB917953
Click the plus sign next to KB917953
Click the plus sign next to the Filelist folder
There should be 3 subfolders present - 0, 1, and 2
The first two show where tcpip.sys have been installed to and show the
version number
The 3rd subfolder is where the SP2QFE is located,
windows\$hf_mig$\KB917953\SP2QFE
Confirm that, please.

Those are all there and say 5.1.2600.2892.

It's as if the update is not "taking" somehow.

And yet if it weren't, it shouldn't be necessary after every update to
patch the bloody thing to raise the half-open connection limit so I can
do more than just web surf and email with my net connection.

This is damned strange...

MowGreen [MVP] · Nov 8, 2006

It's as if the update is not "taking" somehow.

Bingo ! tcpip.sys is NOT being updated/replaced . The KB917953.log is
falsely showing that it is being replaced. The registry shows it being
replaced.
Is the system being rebooted after the install ?

This is quite a mystery ...

MowGreen [MVP 2003-2007]
===============
*-343-* FDNY
Never Forgotten
===============

Nebulon · Nov 8, 2006

MowGreen said:
Bingo ! tcpip.sys is NOT being updated/replaced . The KB917953.log is
falsely showing that it is being replaced. The registry shows it being
replaced.
Is the system being rebooted after the install ?

Yes, it is. And other updates are taking. (And generally keep resetting
that damn connection limit.)

MowGreen [MVP] · Nov 10, 2006

Nebulon said:
Yes, it is. And other updates are taking. (And generally keep resetting
that damn connection limit.)

What " other updates " are resetting the connection limit ?
If you're 'hacking' connection limits with a .dll downloaded from the
net to get more connections than that's why KB917953 is being reoffered.

You wrote :

On Nov. 2 I installed several updates, and have rebooted several times
since then for assorted reasons (mostly because the updates as usual
screwed up the half-open connection limit, which in turn screws up p2p
apps, and patching the connection limit seems to need to be done
several times with a reboot or two to "take").

MowGreen [MVP 2003-2007]
===============
*-343-* FDNY
Never Forgotten
===============

Nebulon · Nov 11, 2006

MowGreen said:
If you're 'hacking' connection limits with a .dll downloaded from the
net to get more connections than that's why KB917953 is being reoffered.

No, I'm using the www.xp-anispy.org utility to patch tcpip.sys, not
replacing any dlls.

MowGreen [MVP] · Nov 11, 2006

Well, that explains why the update is being reoffered time and again.
Let's hope the system is not vulnerable to - Vulnerability in TCP/IP
Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/bulletin/ms06-032.mspx

And so, I bid you adieu. Good luck !

MowGreen [MVP 2003-2007]
===============
*-343-* FDNY
Never Forgotten
===============

Nebulon · Nov 12, 2006

MowGreen said:
Well, that explains why the update is being reoffered time and again.
Let's hope the system is not vulnerable to - Vulnerability in TCP/IP
Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/bulletin/ms06-032.mspx

Patching 4 bytes* in tcpip.sys that affect only 1 variable cannot
reopen this vulnerability.

*assumes the limit is stored as a 32-bit integer, which is the most
likely format; otherwise, exact number of bytes may vary and even be as
high as 8. Oooh!

Also, there'd be widespread reports of this and it would be listed at
www.xp-antispy.com as a known issue if xp-antispy were the cause.
Googling hasn't turned up any reports and nothing's mentioned on the
site, despite the problem being six months old. That means the
problem's cause is something more unique to my system configuration
(everyone with XP2 and any kind of filesharing, e.g. bittorrent, uses
xp-antispy. And everyone using voip/skype. Or some games that get laggy
and wonky otherwise (mainly MMO which may involve many connections).
And anything else nontrivial and network-aware, pretty much.)

KB920872	1	Sep 14, 2006
Security update KB832483 keeps reappearing	3	Sep 12, 2006
Kaspersky conflict	6	Feb 13, 2017
Today's Updates Have Caused My PC to Run Slow and Choppy	13	Jun 15, 2006
folder keeps reappearing on restart	2	Nov 22, 2005
XP auto update keeps restarting my PC!!	5	Mar 9, 2007
Robolinux Mate Raptor 8.1	67	Oct 18, 2015
OT Critical Security Bulletins	2	Jan 4, 2008

KB917953 keeps reappearing

Nebulon

nahid

Detlev Dreyer

nahid

MowGreen [MVP]

Nebulon

MowGreen [MVP]

Nebulon

MowGreen [MVP]

Nebulon

MowGreen [MVP]

Nebulon

MowGreen [MVP]

Nebulon

Ask a Question

Similar Threads