Announcement

Collapse
No announcement yet.

I finally caught something dirty :(

Collapse
X
Collapse
 
  • Page of 2
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
  • #1

    I finally caught something dirty :(

    === Verbose logging started: 11/15/2006 3:00:52 Build type: SHIP UNICODE 3.01.4000.2435 Calling process: C:\WINDOWS\system32\msiexec.exe ===
    MSI (c) (9C:10) [03:00:52:312]: Resetting cached policy values
    MSI (c) (9C:10) [03:00:52:312]: Machine policy value 'Debug' is 0
    MSI (c) (9C:10) [03:00:52:312]: ******* RunEngine:
    ******* Product: c:\9acac38bc20c4be95bde50\msxml.msi
    ******* Action:
    ******* CommandLine: **********
    MSI (c) (9C:10) [03:00:52:312]: Client-side and UI is none or basic: Running entire install on the server.
    MSI (c) (9C:10) [03:00:52:312]: Grabbed execution mutex.
    MSI (c) (9C:10) [03:00:52:484]: Cloaking enabled.
    MSI (c) (9C:10) [03:00:52:484]: Attempting to enable all disabled priveleges before calling Install on Server
    MSI (c) (9C:10) [03:00:52:484]: Incrementing counter to disable shutdown. Counter after increment: 0

    [...]

    MicrosoftShared.3FB7DAB3_19E7_40A0_8730_4482CE77AC 59 = c:\Program Files\Common Files\Microsoft Shared\
    Property(S): MSDN.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 = c:\Program Files\Common Files\Microsoft Shared\MSDN\
    Property(S): Date = 11/15/2006
    Property(S): PackagecodeChanging = 1
    Property(S): REBOOT = ReallySuppress
    Property(S): CURRENTDIRECTORY = c:\9acac38bc20c4be95bde50
    Property(S): CLIENTUILEVEL = 3
    Property(S): CLIENTPROCESSID = 2204
    Property(S): VersionDatabase = 200
    Property(S): VersionMsi = 3.01
    Property(S): WindowsBuild = 2600
    Property(S): ServicePackLevel = 2
    Property(S): ServicePackLevelMinor = 0
    Property(S): MsiNTProductType = 1
    Property(S): MsiNTSuitePersonal = 1
    Property(S): WindowsFolder = c:\WINDOWS\
    Property(S): WindowsVolume = c:\
    Property(S): SystemFolder = C:\WINDOWS\system32\
    Property(S): System16Folder = C:\WINDOWS\system\
    Property(S): RemoteAdminTS = 1
    Property(S): TempFolder = C:\WINDOWS\TEMP\
    Property(S): AppDataFolder = C:\WINDOWS\system32\config\systemprofile\Applicati on Data\
    Property(S): FavoritesFolder = C:\WINDOWS\system32\config\systemprofile\Favorites \
    Property(S): NetHoodFolder = C:\WINDOWS\system32\config\systemprofile\NetHood\
    Property(S): PersonalFolder = C:\WINDOWS\system32\config\systemprofile\My Documents\
    Property(S): PrintHoodFolder = C:\WINDOWS\system32\config\systemprofile\PrintHood \
    Property(S): RecentFolder = C:\WINDOWS\system32\config\systemprofile\Recent\
    Property(S): SendToFolder = C:\WINDOWS\system32\config\systemprofile\SendTo\
    Property(S): TemplateFolder = C:\Documents and Settings\All Users\Templates\
    Property(S): CommonAppDataFolder = C:\Documents and Settings\All Users\Application Data\
    Property(S): LocalAppDataFolder = C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\
    Property(S): MyPicturesFolder = C:\WINDOWS\system32\config\systemprofile\My Documents\My Pictures\
    Property(S): AdminToolsFolder = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\
    Property(S): StartupFolder = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Property(S): ProgramMenuFolder = C:\Documents and Settings\All Users\Start Menu\Programs\
    Property(S): StartMenuFolder = C:\Documents and Settings\All Users\Start Menu\
    Property(S): FontsFolder = C:\WINDOWS\Fonts\
    Property(S): GPTSupport = 1
    Property(S): OLEAdvtSupport = 1
    Property(S): ShellAdvtSupport = 1
    Property(S): Intel = 15
    Property(S): PhysicalMemory = 638
    Property(S): VirtualMemory = 600
    Property(S): AdminUser = 1
    Property(S): LogonUser = SYSTEM
    Property(S): UserSID = S-1-5-18
    Property(S): UserLanguageID = 1033
    Property(S): ComputerName = ZYLKA-7FS61SMD2
    Property(S): SystemLanguageID = 1033
    Property(S): ScreenX = 1024
    Property(S): ScreenY = 768
    Property(S): CaptionHeight = 26
    Property(S): BorderTop = 1
    Property(S): BorderSide = 1
    Property(S): TextHeight = 16
    Property(S): ColorBits = 32
    Property(S): TTCSupport = 1
    Property(S): Time = 3:00:57
    Property(S): MsiWin32AssemblySupport = 5.1.2600.2180
    Property(S): RedirectedDllSupport = 2
    Property(S): Privileged = 1
    Property(S): DATABASE = c:\WINDOWS\Installer\ec04d6.msi
    Property(S): OriginalDatabase = c:\9acac38bc20c4be95bde50\msxml.msi
    Property(S): UILevel = 2
    Property(S): ACTION = INSTALL
    Property(S): ROOTDRIVE = c:\
    Property(S): CostingComplete = 1
    Property(S): OutOfDiskSpace = 0
    Property(S): OutOfNoRbDiskSpace = 0
    Property(S): PrimaryVolumeSpaceAvailable = 0
    Property(S): PrimaryVolumeSpaceRequired = 0
    Property(S): PrimaryVolumeSpaceRemaining = 0
    Property(S): SOURCEDIR = c:\9acac38bc20c4be95bde50\
    Property(S): SourcedirProduct = {37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    Property(S): ProductToBeRegistered = 1
    MSI (s) (EC:C4) [03:00:57:812]: Note: 1: 1707
    MSI (s) (EC:C4) [03:00:57:812]: Product: MSXML 4.0 SP2 (KB927978) -- Installation completed successfully.

    MSI (s) (EC:C4) [03:00:57:828]: Cleaning up uninstalled install packages, if any exist
    MSI (s) (EC:C4) [03:00:57:828]: Post-install cleanup: removing installer file 'C:\WINDOWS\Installer\76420d3.msi'
    MSI (s) (EC:C4) [03:00:57:828]: MainEngineThread is returning 0
    MSI (s) (EC:F0) [03:00:57:937]: Destroying RemoteAPI object.
    MSI (s) (EC:6C) [03:00:57:937]: Custom Action Manager thread ending.
    === Logging stopped: 11/15/2006 3:00:57 ===
    MSI (c) (9C:10) [03:00:57:937]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
    MSI (c) (9C:10) [03:00:57:937]: MainEngineThread is returning 0
    === Verbose logging stopped: 11/15/2006 3:00:57 ===
    Tags: None
  • #2
    HOW DO WE KILL IT!!!

    Comment

    • #3
      POSIX conformance testing by UNIFIX
      This is Shireroth, and Giant Squid will brutally murder me if I ever remove this link from my signature | In the end it won't be love that saves us, it will be mathematics | So many people have this concept of God the Avenger. I see God as the ultimate sense of humor -- SlowwHand

      Comment

      • #4
        Does that mean it's benign? because it comes in a rather peculiar folder and seemed to have simply appeared within [mycomputer] list scroll

        Anyway SOMETHING bad is in there, which started up early by simply screwing with the ability to log on MSN messenger. It obviously got past McAffe because by the time I'd downloaded a Kaspersky trial and rebooted to do a system sacn, the computer has completely bogged down to near non-responsive. The scan is running but will take 7 hours (!) to complete. Only the computer upstairs can hope to change through communication the outcome of this ill fated evening..

        What kind of trouble does that sound like, anyway? A worm?

        Comment

        • #5
          C'mon guys. I'm high on some sort of pseudo-psychedelic sleeping aid and need to know if my Cats de-worming pills will do anything if fit through the CD drive?

          All of my schoolwork! Pictures of an (until know) unbeknownst weekend with LTEC when she was looking to hurt Mikey! They'll be all gone without proper attention to this SCAAA-R-r-r-r-y COMPUTARRRR CRISIS!



          VOTE DRAGUL PRO SENATIUM

          Comment

          • #6
            There is certain software that can test for things that try to be invisible.

            I think Hijack This or something could do stuff... I don't really remember all of it as I haven't messed with it in about a year.

            JM
            Jon Miller-
            I AM.CANADIAN
            GENERATION 35: The first time you see this, copy it into your sig on any forum and add 1 to the generation. Social experiment.

            Comment

            • #7
              For your convinience:

              'HiJack this' Link:
              http://www.merijn.org/files/hijackthis.zip


              Copy Log to: http://www.hijackthis.de/en
              Curse your sudden but inevitable betrayal!

              Comment

              • #8
                Unless I'm reading that log wrong... you caught a MS Windows update (Product: MSXML 4.0 SP2 (KB927978)). It's possible that the update messed something up, maybe try uninstalling it and see if that fixes the problem?

                Or it could be that your problems are related to something else entirely. As Jon says, "Hijack This" is a good utility for figuring such things out.

                Comment

                • #9
                  wtfz?
                  THEY!!111 OMG WTF LOL LET DA NOMADS AND TEH S3D3NTARY PEOPLA BOTH MAEK BITER AXP3REINCES
                  AND TEH GRAAT SINS OF THERE [DOCTRINAL] INOVATIONS BQU3ATH3D SMAL
                  AND!!1!11!!! LOL JUST IN CAES A DISPUTANT CALS U 2 DISPUT3 ABOUT THEYRE CLAMES
                  DO NOT THAN DISPUT3 ON THEM 3XCAPT BY WAY OF AN 3XTARNAL DISPUTA!!!!11!! WTF

                  Comment

                  • #10
                    Wow, Zylka sighting!

                    Still as relax as always I see.

                    Spec.
                    -Never argue with an idiot; He will bring you down to his level and beat you with experience.

                    Comment

                    • #11
                      LTEC told me she was remarried and had moved to Orange County. BTW Mike doesn't come here very much any more.
                      Try http://wordforge.net/index.php for discussion and debate.

                      Comment

                      • #12
                        Originally posted by Aeson
                        As Jon says, "Hijack This" is a good utility for figuring such things out.
                        I have that within a spybot program that has been run, it's not the problem

                        Or it could be that your problems are related to something else entirely.
                        Well at this point my computer is in an almost frozen state, still responding to some commands but as SLOWLY as ever possible (kaspersky virusscan is STILL running from last night)

                        Given a few actions yesterday that were firsts in this computers recent life; I've boiled this down to either being:

                        A - Some sort of debilitating malicious bad action from a crack I'd downloaded earlier in the day (Kaspersky scan should confirm or deny this though, correct?)

                        B - The result of a manual removal of all AOL software from the C drive, perhaps deleting something that was not AOL related and rather windows related. The AOL uninstaller in add/remove programs did not list anything to unistall which was completely contrary to a glaring AOL browser evident within program files list. When doing a windows search for any and all files with "AOL" in the title it came with a whole schwack of them, including some obviously unrelateds that I did not delete. Though I deleted a WHOLE BUNCH of them that did contain AOL and from a medium length glance it seemed that they were all America Online related. Anyone know of any essential files containing keyword "aol" that when deleted will f*ck yar little media box up this bad??

                        Comment

                        • #13
                          Originally posted by Oerdin
                          LTEC told me she was remarried and had moved to Orange County. BTW Mike doesn't come here very much any more.
                          Are you serious?
                          "The issue is there are still many people out there that use religion as a crutch for bigotry and hate. Like Ben."
                          Ben Kenobi: "That means I'm doing something right. "

                          Comment

                          • #14
                            sigh @ drama

                            Luckily I have stayed away from married women lately.

                            Hope you get better Z and things clear up.
                            "Yay Apoc!!!!!!!" - bipolarbear
                            "At least there were some thoughts went into Apocalypse." - Urban Ranger
                            "Apocalype was a great game." - DrSpike
                            "In Apoc, I had one soldier who lasted through the entire game... was pretty cool. I like apoc for that reason, the soldiers are a bit more 'personal'." - General Ludd

                            Comment

                            • #15
                              And here I though Zylka was making a thread about some young slutty girl.
                              Try http://wordforge.net/index.php for discussion and debate.

                              Comment

                              Previous 1 2 template Next
                              Working...
                              X