System Restore Problem among others!!!!

Browntoa · 18 November 2006 at 5:07PM

yes...slows it all down...and they may try to delete the same thing...would be better to just run one at a time

TonyB · 19 November 2006 at 2:54PM

Logfile of HijackThis v1.99.1
Scan saved at 14:49:31, on 19/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AGKNOR~1\Mouse\Amoumain.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Tony\LOCALS~1\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://email01.orange.co.uk/webmail/en_GB/inbox.html?FromSubmit=true
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILEOi+UdWpSlz2q9Dzn13Emww/YwLe98kRA1QsDTUGs2X3szgTkBoFFwRwzF77yuNx6ObU9C0pBt8hd3+MDED7pDUoodyOhHZe1s5BjARAfnbcBf33148uqEx6owgHKglYKL55c=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - !!53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - !!761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: metaspinner GmbH - !!7C7A8947-5935-4430-AC0E-E7D04697414E} - C:\PROGRA~1\BUYERT~1\IEBUTT~2.DLL (file missing)
O2 - BHO: CNisExtBho Class - !!9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: metaspinner GmbH - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\PROGRA~1\BUYERT~1\IEBUTT~1.DLL (file missing)
O3 - Toolbar: Wanadoo - !!8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll (file missing)
O3 - Toolbar: Norton Internet Security - !!0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - !!42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - !!2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\AGKNOR~1\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Buyertools Reminder] "C:\Program Files\Buyertools Reminder\Reminder.exe" /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MiniMinder.lnk = C:\Program Files\MiniMind\MiniMind.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O16 - DPF: !!01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: !!01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: !!05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: !!0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: !!17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: !!1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: !!3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: !!5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: !!6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139334357812
O16 - DPF: !!809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab42341.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca04.rightnowtech.com/7020-b369h/rnl/java/RntX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\!!933782EE-F5DD-4BA8-90F0-B7893441DBF3}: NameServer = 195.92.195.95 195.92.195.94
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Browntoa · 19 November 2006 at 3:02PM

you need to install hijack this in it's own folder so you can keep the backups then fix

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILEOi+UdWpSlz2q9Dzn13Emww/YwLe98kRA1QsDTU Gs2X3szgTkBoFFwRwzF77yuNx6ObU9C0pBt 8hd3+MDED7pDUoodyOhHZe1s5BjARAfnbcBf33148uqEx6owgH KglYKL55c=

O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm

cannot see much else wrong there though

TonyB · 19 November 2006 at 3:14PM

Browntoa, when I looked into Explore I found a new folder:-
C/a7b34f184fba58116641c637efa3e7d0 which contained a file:-
msxml4-KB927978-enu printed below What the heck is this
=== Verbose logging started: 18/11/2006 10:24:34 Build type: SHIP UNICODE 3.01.4000.2435 Calling process: C:\WINDOWS\system32\msiexec.exe ===
MSI (c) (D8:50) [10:24:34:406]: Resetting cached policy values
MSI (c) (D8:50) [10:24:34:406]: Machine policy value 'Debug' is 0
MSI (c) (D8:50) [10:24:34:406]: ******* RunEngine:
******* Product: c:\a7b34f184fba58116641c637efa3e7d0\msxml.msi
******* Action:
******* CommandLine: **********
MSI (c) (D8:50) [10:24:34:406]: Client-side and UI is none or basic: Running entire install on the server.
MSI (c) (D8:50) [10:24:34:406]: Grabbed execution mutex.
MSI (c) (D8:50) [10:24:34:453]: Cloaking enabled.
MSI (c) (D8:50) [10:24:34:453]: Attempting to enable all disabled priveleges before calling Install on Server
MSI (c) (D8:50) [10:24:34:468]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (48:44) [10:24:34:484]: Grabbed execution mutex.
MSI (s) (48:FC) [10:24:34:484]: Resetting cached policy values
MSI (s) (48:FC) [10:24:34:484]: Machine policy value 'Debug' is 0
MSI (s) (48:FC) [10:24:34:484]: ******* RunEngine:
******* Product: c:\a7b34f184fba58116641c637efa3e7d0\msxml.msi
******* Action:
******* CommandLine: **********
MSI (s) (48:FC) [10:24:34:484]: Machine policy value 'DisableUserInstalls' is 0
MSI (s) (48:FC) [10:24:34:500]: File will have security applied from OpCode.
MSI (s) (48:FC) [10:24:34:531]: SOFTWARE RESTRICTION POLICY: Verifying package --> 'c:\a7b34f184fba58116641c637efa3e7d0\msxml.msi' against software restriction policy
MSI (s) (48:FC) [10:24:34:531]: SOFTWARE RESTRICTION POLICY: c:\a7b34f184fba58116641c637efa3e7d0\msxml.msi has a digital signature
MSI (s) (48:FC) [10:24:34:875]: SOFTWARE RESTRICTION POLICY: c:\a7b34f184fba58116641c637efa3e7d0\msxml.msi is permitted to run at the 'unrestricted' authorization level.
MSI (s) (48:FC) [10:24:34:875]: End dialog not enabled
MSI (s) (48:FC) [10:24:34:875]: Original package ==> c:\a7b34f184fba58116641c637efa3e7d0\msxml.msi
MSI (s) (48:FC) [10:24:34:875]: Package we're running from ==> c:\WINDOWS\Installer\f6d66.msi
MSI (s) (48:FC) [10:24:34:890]: APPCOMPAT: looking for appcompat database entry with ProductCode '!!37477865-A3F1-4772-AD43-AAFC6BCFF99F}'.
MSI (s) (48:FC) [10:24:34:890]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (48:FC) [10:24:34:890]: MSCOREE not loaded loading copy from system32
MSI (s) (48:FC) [10:24:34:890]: Machine policy value 'TransformsSecure' is 0
MSI (s) (48:FC) [10:24:34:890]: User policy value 'TransformsAtSource' is 0
MSI (s) (48:FC) [10:24:34:890]: Machine policy value 'DisablePatch' is 0
MSI (s) (48:FC) [10:24:34:890]: Machine policy value 'AllowLockdownPatch' is 0
MSI (s) (48:FC) [10:24:34:890]: Machine policy value 'DisableLUAPatching' is 0
MSI (s) (48:FC) [10:24:34:890]: Machine policy value 'DisableFlyWeightPatching' is 0
MSI (s) (48:FC) [10:24:34:890]: APPCOMPAT: looking for appcompat database entry with ProductCode '!!37477865-A3F1-4772-AD43-AAFC6BCFF99F}'.
MSI (s) (48:FC) [10:24:34:890]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (48:FC) [10:24:34:890]: Transforms are not secure.
MSI (s) (48:FC) [10:24:34:890]: Command Line: REBOOT=ReallySuppress CURRENTDIRECTORY=c:\a7b34f184fba58116641c637efa3e7d0 CLIENTUILEVEL=3 CLIENTPROCESSID=1496
MSI (s) (48:FC) [10:24:34:890]: PROPERTY CHANGE: Adding PackageCode property. Its value is '!!2B27DCD9-53FA-4885-B6CD-698623819F4C}'.
MSI (s) (48:FC) [10:24:34:890]: Product Code passed to Engine.Initialize: ''
MSI (s) (48:FC) [10:24:34:890]: Product Code from property table before transforms: '!!37477865-A3F1-4772-AD43-AAFC6BCFF99F}'
MSI (s) (48:FC) [10:24:34:890]: Product Code from property table after transforms: '!!37477865-A3F1-4772-AD43-AAFC6BCFF99F}'
MSI (s) (48:FC) [10:24:34:890]: Product not registered: beginning first-time install
MSI (s) (48:FC) [10:24:34:890]: PROPERTY CHANGE: Adding ProductState property. Its value is '-1'.
MSI (s) (48:FC) [10:24:34:890]: Entering CMsiConfigurationManager::SetLastUsedSource.
MSI (s) (48:FC) [10:24:34:890]: User policy value 'SearchOrder' is 'nmu'
MSI (s) (48:FC) [10:24:34:890]: Adding new sources is allowed.
MSI (s) (48:FC) [10:24:34:890]: PROPERTY CHANGE: Adding PackagecodeChanging property. Its value is '1'.
MSI (s) (48:FC) [10:24:34:890]: Package name extracted from package path: 'msxml.msi'
MSI (s) (48:FC) [10:24:34:890]: Package to be registered: 'msxml.msi'
MSI (s) (48:FC) [10:24:34:890]: Note: 1: 2729
MSI (s) (48:FC) [10:24:34:906]: Note: 1: 2729
MSI (s) (48:FC) [10:24:34:906]: Note: 1: 2262 2: AdminProperties 3: -2147287038
MSI (s) (48:FC) [10:24:34:906]: Machine policy value 'DisableMsi' is 0
MSI (s) (48:FC) [10:24:34:906]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (s) (48:FC) [10:24:34:906]: User policy value 'AlwaysInstallElevated' is 0
MSI (s) (48:FC) [10:24:34:906]: Product installation will be elevated because user is admin and product is being installed per-machine.
MSI (s) (48:FC) [10:24:34:906]: Running product '!!37477865-A3F1-4772-AD43-AAFC6BCFF99F}' with elevated privileges: Product is assigned.
MSI (s) (48:FC) [10:24:34:906]: PROPERTY CHANGE: Adding REBOOT property. Its value is 'ReallySuppress'.
MSI (s) (48:FC) [10:24:34:906]: PROPERTY CHANGE: Adding CURRENTDIRECTORY property. Its value is 'c:\a7b34f184fba58116641c637efa3e7d0'.
MSI (s) (48:FC) [10:24:34:906]: PROPERTY CHANGE: Adding CLIENTUILEVEL property. Its value is '3'.
MSI (s) (48:FC) [10:24:34:906]: PROPERTY CHANGE: Adding CLIENTPROCESSID property. Its value is '1496'.
MSI (s) (48:FC) [10:24:34:906]: TRANSFORMS property is now:
MSI (s) (48:FC) [10:24:34:906]: PROPERTY CHANGE: Adding VersionDatabase property. Its value is '200'.
MSI (s) (48:FC) [10:24:34:906]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\Tony\Application Data
MSI (s) (48:FC) [10:24:34:906]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\Tony\Favorites
MSI (s) (48:FC) [10:24:34:906]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\Tony\NetHood
MSI (s) (48:FC) [10:24:34:906]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\Tony\My Documents
MSI (s) (48:FC) [10:24:34:906]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\Tony\PrintHood
MSI (s) (48:FC) [10:24:34:906]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\Tony\Recent
MSI (s) (48:FC) [10:24:34:906]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\Tony\SendTo
MSI (s) (48:FC) [10:24:34:921]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\Tony\Templates
MSI (s) (48:FC) [10:24:34:921]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Application Data
MSI (s) (48:FC) [10:24:34:921]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\Tony\Local Settings\Application Data
MSI (s) (48:FC) [10:24:34:921]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\Tony\My Documents\My Pictures
MSI (s) (48:FC) [10:24:34:921]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
MSI (s) (48:FC) [10:24:34:921]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu\Programs\Startup
MSI (s) (48:FC) [10:24:34:921]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu\Programs
MSI (s) (48:FC) [10:24:34:921]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu
MSI (s) (48:FC) [10:24:34:921]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Desktop
MSI (s) (48:FC) [10:24:34:921]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\Tony\Start Menu\Programs\Administrative Tools
MSI (s) (48:FC) [10:24:34:921]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\Tony\Start Menu\Programs\Startup
MSI (s) (48:FC) [10:24:34:921]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\Tony\Start Menu\Programs
MSI (s) (48:FC) [10:24:34:921]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\Tony\Start Menu
MSI (s) (48:FC) [10:24:34:921]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\Tony\Desktop
MSI (s) (48:FC) [10:24:34:921]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Templates
MSI (s) (48:FC) [10:24:34:921]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\Fonts
MSI (s) (48:FC) [10:24:34:921]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans Serif 4: 0 5: 16
MSI (s) (48:FC) [10:24:34:921]: PROPERTY CHANGE: Adding Privileged property. Its value is '1'.
MSI (s) (48:FC) [10:24:34:921]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (s) (48:FC) [10:24:34:921]: PROPERTY CHANGE: Adding USERNAME property. Its value is 'Tony'.
MSI (s) (48:FC) [10:24:34:921]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (s) (48:FC) [10:24:34:921]: PROPERTY CHANGE: Adding DATABASE property. Its value is 'c:\WINDOWS\Installer\f6d66.msi'.
MSI (s) (48:FC) [10:24:34:921]: PROPERTY CHANGE: Adding OriginalDatabase property. Its value is 'c:\a7b34f184fba58116641c637efa3e7d0\msxml.msi'.
MSI (s) (48:FC) [10:24:34:937]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (48:FC) [10:24:34:937]: Machine policy value 'DisableRollback' is 0
MSI (s) (48:FC) [10:24:34:937]: User policy value 'DisableRollback' is 0
MSI (s) (48:FC) [10:24:34:937]: PROPERTY CHANGE: Adding UILevel property. Its value is '2'.
=== Logging started: 18/11/2006 10:24:34 ===
MSI (s) (48:FC) [10:24:34:937]: PROPERTY CHANGE: Adding ACTION property. Its value is 'INSTALL'.
MSI (s) (48:FC) [10:24:34:937]: Doing action: INSTALL
MSI (s) (48:FC) [10:24:34:937]: Running ExecuteSequence
MSI (s) (48:FC) [10:24:34:937]: Doing action: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901
Action start 10:24:34: INSTALL.
MSI (s) (48:FC) [10:24:34:937]: PROPERTY CHANGE: Adding DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'C:\Documents and Settings\All Users\Desktop\'.
Action start 10:24:34: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901.
MSI (s) (48:FC) [10:24:34:937]: Doing action: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901
Action ended 10:24:34: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901. Return value 1.
MSI (s) (48:FC) [10:24:34:937]: PROPERTY CHANGE: Adding ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'C:\Documents and Settings\All Users\Start Menu\Programs\'.
Action start 10:24:34: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901.
MSI (s) (48:FC) [10:24:34:937]: Doing action: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537
Action ended 10:24:34: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901. Return value 1.
MSI (s) (48:FC) [10:24:34:937]: PROPERTY CHANGE: Adding WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\'.
Action start 10:24:34: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537.
MSI (s) (48:FC) [10:24:34:937]: Doing action: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537
Action ended 10:24:34: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (48:FC) [10:24:34:937]: PROPERTY CHANGE: Adding SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\system32\'.
Action start 10:24:34: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537.
MSI (s) (48:FC) [10:24:34:937]: Doing action: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537
Action ended 10:24:34: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (48:FC) [10:24:34:937]: PROPERTY CHANGE: Adding WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\'.
Action start 10:24:34: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537.
MSI (s) (48:FC) [10:24:34:937]: Doing action: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537
Action ended 10:24:34: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (48:FC) [10:24:34:937]: PROPERTY CHANGE: Adding SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\system32\'.
Action start 10:24:34: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537.
MSI (s) (48:FC) [10:24:34:937]: Doing action: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537
Action ended 10:24:34: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (48:FC) [10:24:34:937]: PROPERTY CHANGE: Adding WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\'.
Action start 10:24:34: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537.
MSI (s) (48:FC) [10:24:34:937]: Doing action: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537
Action ended 10:24:34: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (48:FC) [10:24:34:937]: PROPERTY CHANGE: Adding SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\system32\'.
Action start 10:24:34: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537.
MSI (s) (48:FC) [10:24:34:937]: Doing action: SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB
Action ended 10:24:34: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (48:FC) [10:24:34:937]: PROPERTY CHANGE: Adding SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB property. Its value is 'C:\WINDOWS\system32\'.
Action start 10:24:34: SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB.
MSI (s) (48:FC) [10:24:34:937]: Doing action: SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1
Action ended 10:24:34: SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB. Return value 1.
MSI (s) (48:FC) [10:24:34:937]: PROPERTY CHANGE: Adding SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1 property. Its value is 'C:\WINDOWS\system32\'.
Action start 10:24:34: SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1.
MSI (s) (48:FC) [10:24:34:937]: Doing action: SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7
Action ended 10:24:34: SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1. Return value 1.
MSI (s) (48:FC) [10:24:34:953]: PROPERTY CHANGE: Adding SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7 property. Its value is 'C:\WINDOWS\system32\'.
Action start 10:24:34: SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7.
MSI (s) (48:FC) [10:24:34:953]: Doing action: LaunchConditions
Action ended 10:24:34: SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7. Return value 1.
Action start 10:24:34: LaunchConditions.
MSI (s) (48:FC) [10:24:34:953]: Doing action: FindRelatedProducts
Action ended 10:24:34: LaunchConditions. Return value 1.
Action start 10:24:34: FindRelatedProducts.
MSI (s) (48:FC) [10:24:34:953]: Doing action: AppSearch
Action ended 10:24:34: FindRelatedProducts. Return value 1.
Action start 10:24:34: AppSearch.
MSI (s) (48:FC) [10:24:34:953]: Note: 1: 2262 2: Signature 3: -2147287038
MSI (s) (48:FC) [10:24:34:953]: PROPERTY CHANGE: Adding WINHTTP_51 property. Its value is 'WinHttpRequest Component version 5.1'.
MSI (s) (48:FC) [10:24:34:953]: Skipping action: CCPSearch (condition is false)
MSI (s) (48:FC) [10:24:34:953]: Skipping action: RMCCPSearch (condition is false)
MSI (s) (48:FC) [10:24:34:953]: Doing action: ValidateProductID
Action ended 10:24:34: AppSearch. Return value 1.
Action start 10:24:34: ValidateProductID.
MSI (s) (48:FC) [10:24:34:953]: Doing action: CostInitialize
Action ended 10:24:34: ValidateProductID. Return value 1.
MSI (s) (48:FC) [10:24:34:953]: Machine policy value 'MaxPatchCacheSize'
CUT OUT TONS TonyB
MSI (s) (48:FC) [10:24:39:796]: Cleaning up uninstalled install packages, if any exist
MSI (s) (48:FC) [10:24:39:796]: MainEngineThread is returning 3010
MSI (s) (48:44) [10:24:39:890]: Destroying RemoteAPI object.
MSI (s) (48:C4) [10:24:39:890]: Custom Action Manager thread ending.
=== Logging stopped: 18/11/2006 10:24:39 ===
MSI (c) (D8:50) [10:24:39:906]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (c) (D8:50) [10:24:39:906]: MainEngineThread is returning 3010
=== Verbose logging stopped: 18/11/2006 10:24:39 ===

TonyB · 19 November 2006 at 4:12PM

Browntoa wrote:

you need to install hijack this in it's own folder so you can keep the backups then fix

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILEOi+UdWpSlz2q9Dzn13Emww/YwLe98kRA1QsDTU Gs2X3szgTkBoFFwRwzF77yuNx6ObU9C0pBt 8hd3+MDED7pDUoodyOhHZe1s5BjARAfnbcBf33148uqEx6owgH KglYKL55c=

O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm

cannot see much else wrong there though

What do Ido with these

Browntoa · 19 November 2006 at 7:39PM

tick them on the hijackthis list and click on the button to fix them

Browntoa · 19 November 2006 at 7:41PM

that other post is windows installer

msiexec.exe

and KB927978 is a windows update, nothing to worry about

TonyB · 19 November 2006 at 8:59PM

O.K. sys restore still not working, any further sugestions.
I've tried many dates going back to early Oct.
I sys rest Help I found a list of recent errors, quite long & mostly system manager not working or no int conn detected for auto update.

Any further suggestions?

You don't have any experience of dampproofing via tanking systems do you?
This is my other current dilema!!
TB

Browntoa · 19 November 2006 at 9:12PM

just a thought..it's not since the IE7 update is it ??

Browntoa · 19 November 2006 at 9:13PM

To verify that System Restore services are running from Control Panel:
1. Click Start, Control Panel, then Performance and Maintenance
2. Click Administrative Tools, Computer Management, then Services and Applications.
3. Click Services, and then click System Restore Services. Ensure the service is set to Automatic and the status is Started

•To verify that System Restore services are running using the command prompt:
1. Click Start, Run, then type CMD in the control box
2. Press Enter, then type Net Start at the command prompt

System Restore Problem among others!!!!

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free