think I may have been hijacked by a hacker...



Checkout thiws code I found on my pc. I just reloaded my os because it was
acting very strange. Does anyone have any idea what this is??

=== Verbose logging started: 1/28/2007 3:03:15 Build type: SHIP UNICODE
3.01.4000.2435 Calling process: C:\WINDOWS\system32\msiexec.exe ===
MSI (c) (E4:8C) [03:03:15:500]: Resetting cached policy values
MSI (c) (E4:8C) [03:03:15:500]: Machine policy value 'Debug' is 0
MSI (c) (E4:8C) [03:03:15:500]: ******* RunEngine:
******* Product: c:\769bdbe23a31fafa4610e81863f41d\msxml.msi
******* Action:
******* CommandLine: **********
MSI (c) (E4:8C) [03:03:15:500]: Client-side and UI is none or basic: Running
entire install on the server.
MSI (c) (E4:8C) [03:03:15:500]: Grabbed execution mutex.
MSI (c) (E4:8C) [03:03:15:593]: Cloaking enabled.
MSI (c) (E4:8C) [03:03:15:593]: Attempting to enable all disabled priveleges
before calling Install on Server
MSI (c) (E4:8C) [03:03:15:593]: Incrementing counter to disable shutdown.
Counter after increment: 0
MSI (s) (4C:08) [03:03:15:609]: Grabbed execution mutex.
MSI (s) (4C:A0) [03:03:15:609]: Resetting cached policy values
MSI (s) (4C:A0) [03:03:15:609]: Machine policy value 'Debug' is 0
MSI (s) (4C:A0) [03:03:15:609]: ******* RunEngine:
******* Product: c:\769bdbe23a31fafa4610e81863f41d\msxml.msi
******* Action:
******* CommandLine: **********
MSI (s) (4C:A0) [03:03:15:609]: Machine policy value 'DisableUserInstalls'
is 0
MSI (s) (4C:A0) [03:03:15:640]: File will have security applied from OpCode.
MSI (s) (4C:A0) [03:03:15:687]: SOFTWARE RESTRICTION POLICY: Verifying
package --> 'c:\769bdbe23a31fafa4610e81863f41d\msxml.msi' against software
restriction policy
MSI (s) (4C:A0) [03:03:15:687]: SOFTWARE RESTRICTION POLICY:
c:\769bdbe23a31fafa4610e81863f41d\msxml.msi has a digital signature
MSI (s) (4C:A0) [03:03:16:515]: SOFTWARE RESTRICTION POLICY:
c:\769bdbe23a31fafa4610e81863f41d\msxml.msi is permitted to run at the
'unrestricted' authorization level.
MSI (s) (4C:A0) [03:03:16:515]: End dialog not enabled
MSI (s) (4C:A0) [03:03:16:515]: Original package ==>
c:\769bdbe23a31fafa4610e81863f41d\msxml.msi
MSI (s) (4C:A0) [03:03:16:515]: Package we're running from ==>
c:\WINDOWS\Installer\5aeaa8.msi
MSI (s) (4C:A0) [03:03:16:515]: APPCOMPAT: looking for appcompat database
entry with ProductCode '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'.
MSI (s) (4C:A0) [03:03:16:515]: APPCOMPAT: no matching ProductCode found in
database.
MSI (s) (4C:A0) [03:03:16:515]: MSCOREE not loaded loading copy from system32
MSI (s) (4C:A0) [03:03:16:546]: Machine policy value 'TransformsSecure' is 0
MSI (s) (4C:A0) [03:03:16:546]: User policy value 'TransformsAtSource' is 0
MSI (s) (4C:A0) [03:03:16:546]: Machine policy value 'DisablePatch' is 0
MSI (s) (4C:A0) [03:03:16:546]: Machine policy value 'AllowLockdownPatch' is 0
MSI (s) (4C:A0) [03:03:16:546]: Machine policy value 'DisableLUAPatching' is 0
MSI (s) (4C:A0) [03:03:16:546]: Machine policy value
'DisableFlyWeightPatching' is 0
MSI (s) (4C:A0) [03:03:16:546]: APPCOMPAT: looking for appcompat database
entry with ProductCode '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'.
MSI (s) (4C:A0) [03:03:16:546]: APPCOMPAT: no matching ProductCode found in
database.
MSI (s) (4C:A0) [03:03:16:546]: Transforms are not secure.
MSI (s) (4C:A0) [03:03:16:546]: Command Line: REBOOT=ReallySuppress
CURRENTDIRECTORY=c:\769bdbe23a31fafa4610e81863f41d CLIENTUILEVEL=3
CLIENTPROCESSID=4068
MSI (s) (4C:A0) [03:03:16:546]: PROPERTY CHANGE: Adding PackageCode
property. Its value is '{2B27DCD9-53FA-4885-B6CD-698623819F4C}'.
MSI (s) (4C:A0) [03:03:16:546]: Product Code passed to Engine.Initialize:
''
MSI (s) (4C:A0) [03:03:16:546]: Product Code from property table before
transforms: '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'
MSI (s) (4C:A0) [03:03:16:546]: Product Code from property table after
transforms: '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'
MSI (s) (4C:A0) [03:03:16:546]: Product not registered: beginning first-time
install
MSI (s) (4C:A0) [03:03:16:546]: PROPERTY CHANGE: Adding ProductState
property. Its value is '-1'.
MSI (s) (4C:A0) [03:03:16:546]: Entering
CMsiConfigurationManager::SetLastUsedSource.
MSI (s) (4C:A0) [03:03:16:562]: User policy value 'SearchOrder' is 'nmu'
MSI (s) (4C:A0) [03:03:16:562]: Adding new sources is allowed.
MSI (s) (4C:A0) [03:03:16:562]: PROPERTY CHANGE: Adding PackagecodeChanging
property. Its value is '1'.
MSI (s) (4C:A0) [03:03:16:562]: Package name extracted from package path:
'msxml.msi'
MSI (s) (4C:A0) [03:03:16:578]: Package to be registered: 'msxml.msi'
MSI (s) (4C:A0) [03:03:16:578]: Note: 1: 2729
MSI (s) (4C:A0) [03:03:16:640]: Note: 1: 2729
MSI (s) (4C:A0) [03:03:16:640]: Note: 1: 2262 2: AdminProperties 3:
-2147287038
MSI (s) (4C:A0) [03:03:16:640]: Machine policy value 'DisableMsi' is 0
MSI (s) (4C:A0) [03:03:16:640]: Machine policy value 'AlwaysInstallElevated'
is 0
MSI (s) (4C:A0) [03:03:16:640]: User policy value 'AlwaysInstallElevated' is 0
MSI (s) (4C:A0) [03:03:16:640]: Product installation will be elevated
because user is admin and product is being installed per-machine.
MSI (s) (4C:A0) [03:03:16:640]: Running product
'{37477865-A3F1-4772-AD43-AAFC6BCFF99F}' with elevated privileges: Product is
assigned.
MSI (s) (4C:A0) [03:03:16:640]: PROPERTY CHANGE: Adding REBOOT property. Its
value is 'ReallySuppress'.
MSI (s) (4C:A0) [03:03:16:640]: PROPERTY CHANGE: Adding CURRENTDIRECTORY
property. Its value is 'c:\769bdbe23a31fafa4610e81863f41d'.
MSI (s) (4C:A0) [03:03:16:640]: PROPERTY CHANGE: Adding CLIENTUILEVEL
property. Its value is '3'.
MSI (s) (4C:A0) [03:03:16:640]: PROPERTY CHANGE: Adding CLIENTPROCESSID
property. Its value is '4068'.
MSI (s) (4C:A0) [03:03:16:640]: TRANSFORMS property is now:
MSI (s) (4C:A0) [03:03:16:640]: PROPERTY CHANGE: Adding VersionDatabase
property. Its value is '200'.
MSI (s) (4C:A0) [03:03:16:640]: SHELL32::SHGetFolderPath returned:
C:\WINDOWS\system32\config\systemprofile\Application Data
MSI (s) (4C:A0) [03:03:16:640]: SHELL32::SHGetFolderPath returned:
C:\WINDOWS\system32\config\systemprofile\Favorites
MSI (s) (4C:A0) [03:03:16:656]: SHELL32::SHGetFolderPath returned:
C:\WINDOWS\system32\config\systemprofile\NetHood
MSI (s) (4C:A0) [03:03:16:656]: SHELL32::SHGetFolderPath returned:
C:\WINDOWS\system32\config\systemprofile\My Documents
MSI (s) (4C:A0) [03:03:16:656]: SHELL32::SHGetFolderPath returned:
C:\WINDOWS\system32\config\systemprofile\PrintHood
MSI (s) (4C:A0) [03:03:16:656]: SHELL32::SHGetFolderPath returned:
C:\WINDOWS\system32\config\systemprofile\Recent
MSI (s) (4C:A0) [03:03:16:656]: SHELL32::SHGetFolderPath returned:
C:\WINDOWS\system32\config\systemprofile\SendTo
MSI (s) (4C:A0) [03:03:16:656]: SHELL32::SHGetFolderPath returned:
C:\WINDOWS\system32\config\systemprofile\Templates
MSI (s) (4C:A0) [03:03:16:656]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\All Users.WINDOWS\Application Data
MSI (s) (4C:A0) [03:03:16:656]: SHELL32::SHGetFolderPath returned:
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data
MSI (s) (4C:A0) [03:03:16:656]: SHELL32::SHGetFolderPath returned:
C:\WINDOWS\system32\config\systemprofile\My Documents\My Pictures
MSI (s) (4C:A0) [03:03:16:687]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\All Users.WINDOWS\Start
Menu\Programs\Administrative Tools
MSI (s) (4C:A0) [03:03:16:703]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
MSI (s) (4C:A0) [03:03:16:703]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs
MSI (s) (4C:A0) [03:03:16:703]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\All Users.WINDOWS\Start Menu
MSI (s) (4C:A0) [03:03:16:703]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\All Users.WINDOWS\Desktop
MSI (s) (4C:A0) [03:03:16:703]: SHELL32::SHGetFolderPath returned:
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Administrative
Tools
MSI (s) (4C:A0) [03:03:16:718]: SHELL32::SHGetFolderPath returned:
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup
MSI (s) (4C:A0) [03:03:16:718]: SHELL32::SHGetFolderPath returned:
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs
MSI (s) (4C:A0) [03:03:16:718]: SHELL32::SHGetFolderPath returned:
C:\WINDOWS\system32\config\systemprofile\Start Menu
MSI (s) (4C:A0) [03:03:16:734]: SHELL32::SHGetFolderPath returned:
C:\WINDOWS\system32\config\systemprofile\Desktop
MSI (s) (4C:A0) [03:03:16:734]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\All Users.WINDOWS\Templates
MSI (s) (4C:A0) [03:03:16:734]: SHELL32::SHGetFolderPath returned:
C:\WINDOWS\Fonts
MSI (s) (4C:A0) [03:03:16:750]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans
Serif 4: 0 5: 16
MSI (s) (4C:A0) [03:03:16:750]: PROPERTY CHANGE: Adding Privileged property.
Its value is '1'.
MSI (s) (4C:A0) [03:03:16:750]: Note: 1: 1402 2:
HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (s) (4C:A0) [03:03:16:750]: PROPERTY CHANGE: Adding USERNAME property.
Its value is 'timothy bigelow'.
MSI (s) (4C:A0) [03:03:16:750]: Note: 1: 1402 2:
HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (s) (4C:A0) [03:03:16:750]: PROPERTY CHANGE: Adding DATABASE property.
Its value is 'c:\WINDOWS\Installer\5aeaa8.msi'.
MSI (s) (4C:A0) [03:03:16:750]: PROPERTY CHANGE: Adding OriginalDatabase
property. Its value is 'c:\769bdbe23a31fafa4610e81863f41d\msxml.msi'.
MSI (s) (4C:A0) [03:03:16:765]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (4C:A0) [03:03:16:765]: Machine policy value 'DisableRollback' is 0
MSI (s) (4C:A0) [03:03:16:765]: User policy value 'DisableRollback' is 0
MSI (s) (4C:A0) [03:03:16:765]: PROPERTY CHANGE: Adding UILevel property.
Its value is '2'.
=== Logging started: 1/28/2007 3:03:16 ===
MSI (s) (4C:A0) [03:03:16:765]: PROPERTY CHANGE: Adding ACTION property. Its
value is 'INSTALL'.
MSI (s) (4C:A0) [03:03:16:765]: Doing action: INSTALL
MSI (s) (4C:A0) [03:03:16:765]: Running ExecuteSequence
MSI (s) (4C:A0) [03:03:16:765]: Doing action:
DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901
Action start 3:03:16: INSTALL.
MSI (s) (4C:A0) [03:03:16:765]: PROPERTY CHANGE: Adding
DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is
'C:\Documents and Settings\All Users.WINDOWS\Desktop\'.
Action start 3:03:16: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901.
MSI (s) (4C:A0) [03:03:16:765]: Doing action:
ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901
Action ended 3:03:16: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901.
Return value 1.
MSI (s) (4C:A0) [03:03:16:765]: PROPERTY CHANGE: Adding
ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is
'C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\'.
Action start 3:03:16: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901.
MSI (s) (4C:A0) [03:03:16:765]: Doing action:
WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537
Action ended 3:03:16:
ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901. Return value 1.
MSI (s) (4C:A0) [03:03:16:765]: PROPERTY CHANGE: Adding
WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is
'C:\WINDOWS\'.
Action start 3:03:16: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537.
MSI (s) (4C:A0) [03:03:16:765]: Doing action:
SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537
Action ended 3:03:16: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537.
Return value 1.
MSI (s) (4C:A0) [03:03:16:765]: PROPERTY CHANGE: Adding
SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is
'C:\WINDOWS\system32\'.
Action start 3:03:16: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537.
MSI (s) (4C:A0) [03:03:16:765]: Doing action:
WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537
Action ended 3:03:16: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537.
Return value 1.
MSI (s) (4C:A0) [03:03:16:765]: PROPERTY CHANGE: Adding
WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is
'C:\WINDOWS\'.
Action start 3:03:16: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537.
MSI (s) (4C:A0) [03:03:16:765]: Doing action:
SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537
Action ended 3:03:16: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537.
Return value 1.
MSI (s) (4C:A0) [03:03:16:765]: PROPERTY CHANGE: Adding
SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is
'C:\WINDOWS\system32\'.
Action start 3:03:16: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537.

.



Relevant Pages

  • Re: Trouble Getting VS.Net 2003 WalkThroughs MSDE Connection
    ... Config Tool of SQL Server? ... > link to download the PUBs database. ... >>> Setup and they directed me to install MSDE and they attached a ...
    (microsoft.public.sqlserver.msde)
  • Re: Sharepoint not working anymore
    ... a way to rebuild the master database (which you can think of as the database ... Microsoft Small Business Server Support ... SBS Newsgroups: ... >> You mentioned that you had set out to install SP1... ...
    (microsoft.public.windows.server.sbs)
  • Re: Multiple instances
    ... "We wrote the books on Project Server" ... >> install; one production, one demo. ... >> I first created a new project database, populated it by running setupdb, ... >> had MSProjectServerUser in the MSProjectMember Role text box under ...
    (microsoft.public.project.pro_and_server)
  • RE: SPS WSS SQL 2000 same machine
    ... that the MSSQL$SHAREPOINT SQL Service instance is not running. ... both are installed on the SQL Server Default instance. ... You MUST install WSS before SPS. ... However, when selecting the Database ...
    (microsoft.public.sharepoint.portalserver)
  • Trouble Getting VS.Net 2003 WalkThroughs MSDE Connection
    ... It asked for the server ... and they directed me to install MSDE and they attached a ConfigSamples app ... database.: Pubs: Cannot open database requested in login 'Pubs'. ...
    (microsoft.public.sqlserver.msde)