Odd file folder & log file - virus?


K

kaosmusik

I just noticed an odd file folder on my 2nd partition (drive E), and
wonder if it is malicious. It has the name d0373a4929ad1ee338... only
1 file there - msxml4-KB927978-enu.log

This .log file is 281 kb, and I've copied the beginning of it below.
Is it something I should worry about? I've run latest updates from
Spybot S&D (found TagASaurus spyware, and removed it.). Should I
delete this log file and folder? Or be really worried...? :)

I appreciate any insight or comments! Thanks in advance.



=== Verbose logging started: 17/11/2006 8:33:45 Build type: SHIP
UNICODE 3.01.4000.2435 Calling process:
C:\WINDOWS\system32\msiexec.exe ===
MSI (c) (A4:34) [08:33:45:640]: Resetting cached policy values
MSI (c) (A4:34) [08:33:45:640]: Machine policy value 'Debug' is 0
MSI (c) (A4:34) [08:33:45:640]: ******* RunEngine:
******* Product: e:\d0373a5929ad1ee338\msxml.msi
******* Action:
******* CommandLine: **********
MSI (c) (A4:34) [08:33:45:640]: Client-side and UI is none or basic:
Running entire install on the server.
MSI (c) (A4:34) [08:33:45:650]: Grabbed execution mutex.
MSI (c) (A4:34) [08:33:45:941]: Cloaking enabled.
MSI (c) (A4:34) [08:33:45:941]: Attempting to enable all disabled
priveleges before calling Install on Server
MSI (c) (A4:34) [08:33:45:961]: Incrementing counter to disable
shutdown. Counter after increment: 0
MSI (s) (18:00) [08:33:45:971]: Grabbed execution mutex.
MSI (s) (18:5C) [08:33:45:991]: Resetting cached policy values
MSI (s) (18:5C) [08:33:45:991]: Machine policy value 'Debug' is 0
MSI (s) (18:5C) [08:33:45:991]: ******* RunEngine:
******* Product: e:\d0373a5929ad1ee338\msxml.msi
******* Action:
******* CommandLine: **********
MSI (s) (18:5C) [08:33:46:121]: Machine policy value
'DisableUserInstalls' is 0
MSI (s) (18:5C) [08:33:46:331]: SOFTWARE RESTRICTION POLICY: Verifying
package --> 'e:\d0373a5929ad1ee338\msxml.msi' against software
restriction policy
MSI (s) (18:5C) [08:33:46:331]: SOFTWARE RESTRICTION POLICY:
e:\d0373a5929ad1ee338\msxml.msi has a digital signature
MSI (s) (18:5C) [08:33:47:804]: SOFTWARE RESTRICTION POLICY:
e:\d0373a5929ad1ee338\msxml.msi is permitted to run at the
'unrestricted' authorization level.
MSI (s) (18:5C) [08:33:47:824]: End dialog not enabled
MSI (s) (18:5C) [08:33:47:824]: Original package ==>
e:\d0373a5929ad1ee338\msxml.msi
MSI (s) (18:5C) [08:33:47:824]: Package we're running from ==>
C:\WINDOWS\Installer\1ec36dc1.msi
MSI (s) (18:5C) [08:33:47:874]: APPCOMPAT: looking for appcompat
database entry with ProductCode
'{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'.
MSI (s) (18:5C) [08:33:47:884]: APPCOMPAT: no matching ProductCode
found in database.
MSI (s) (18:5C) [08:33:47:904]: MSCOREE not loaded loading copy from
system32
MSI (s) (18:5C) [08:33:47:984]: Machine policy value 'TransformsSecure'
is 0
MSI (s) (18:5C) [08:33:47:984]: User policy value 'TransformsAtSource'
is 0
MSI (s) (18:5C) [08:33:47:994]: Machine policy value 'DisablePatch' is
0
MSI (s) (18:5C) [08:33:47:994]: Machine policy value
'AllowLockdownPatch' is 0
MSI (s) (18:5C) [08:33:47:994]: Machine policy value
'DisableLUAPatching' is 0
MSI (s) (18:5C) [08:33:47:994]: Machine policy value
'DisableFlyWeightPatching' is 0
MSI (s) (18:5C) [08:33:47:994]: APPCOMPAT: looking for appcompat
database entry with ProductCode
'{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'.
MSI (s) (18:5C) [08:33:47:994]: APPCOMPAT: no matching ProductCode
found in database.
MSI (s) (18:5C) [08:33:47:994]: Transforms are not secure.
MSI (s) (18:5C) [08:33:47:994]: Command Line: REBOOT=ReallySuppress
CURRENTDIRECTORY=e:\d0373a5929ad1ee338 CLIENTUILEVEL=3
CLIENTPROCESSID=3492
MSI (s) (18:5C) [08:33:47:994]: PROPERTY CHANGE: Adding PackageCode
property. Its value is '{2B27DCD9-53FA-4885-B6CD-698623819F4C}'.
MSI (s) (18:5C) [08:33:47:994]: Product Code passed to
Engine.Initialize: ''
MSI (s) (18:5C) [08:33:47:994]: Product Code from property table before
transforms: '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'
MSI (s) (18:5C) [08:33:47:994]: Product Code from property table after
transforms: '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'
MSI (s) (18:5C) [08:33:47:994]: Product not registered: beginning
first-time install
MSI (s) (18:5C) [08:33:47:994]: PROPERTY CHANGE: Adding ProductState
property. Its value is '-1'.
MSI (s) (18:5C) [08:33:47:994]: Entering
CMsiConfigurationManager::SetLastUsedSource.
MSI (s) (18:5C) [08:33:47:994]: User policy value 'SearchOrder' is
'nmu'
MSI (s) (18:5C) [08:33:48:004]: Adding new sources is allowed.
MSI (s) (18:5C) [08:33:48:004]: PROPERTY CHANGE: Adding
PackagecodeChanging property. Its value is '1'.
MSI (s) (18:5C) [08:33:48:004]: Package name extracted from package
path: 'msxml.msi'
MSI (s) (18:5C) [08:33:48:004]: Package to be registered: 'msxml.msi'
MSI (s) (18:5C) [08:33:48:004]: Note: 1: 2729
MSI (s) (18:5C) [08:33:48:024]: Note: 1: 2729
MSI (s) (18:5C) [08:33:48:024]: Note: 1: 2262 2: AdminProperties 3:
-2147287038
MSI (s) (18:5C) [08:33:48:024]: Machine policy value 'DisableMsi' is 0
MSI (s) (18:5C) [08:33:48:024]: Machine policy value
'AlwaysInstallElevated' is 0
MSI (s) (18:5C) [08:33:48:024]: User policy value
'AlwaysInstallElevated' is 0
MSI (s) (18:5C) [08:33:48:024]: Product installation will be elevated
because user is admin and product is being installed per-machine.
MSI (s) (18:5C) [08:33:48:024]: Running product
'{37477865-A3F1-4772-AD43-AAFC6BCFF99F}' with elevated privileges:
Product is assigned.
MSI (s) (18:5C) [08:33:48:024]: PROPERTY CHANGE: Adding REBOOT
property. Its value is 'ReallySuppress'.
 
Ad

Advertisements

M

Malke

kaosmusik said:
I just noticed an odd file folder on my 2nd partition (drive E), and
wonder if it is malicious. It has the name d0373a4929ad1ee338... only
1 file there - msxml4-KB927978-enu.log

This .log file is 281 kb, and I've copied the beginning of it below.
Is it something I should worry about? I've run latest updates from
Spybot S&D (found TagASaurus spyware, and removed it.). Should I
delete this log file and folder? Or be really worried...? :) >

(snippage)

The folder and its contents comes from Windows Update KB927978 and is
legitimate. I don't know why the update leaves this behind but it is
perfectly safe for you to delete it or leave it as you desire. It
doesn't matter.

Malke
 
Ad

Advertisements

K

kaosmusik

Malke said:
kaosmusik wrote:-
I just noticed an odd file folder on my 2nd partition (drive E), and
wonder if it is malicious. It has the name d0373a4929ad1ee338...
only
1 file there - msxml4-KB927978-enu.log

... Or be really worried...? :) -

(snippage)

The folder and its contents comes from Windows Update KB927978 and is
legitimate. I don't know why the update leaves this behind but it is
perfectly safe for you to delete it or leave it as you desire. It
doesn't matter.

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User


Thanks Malke! I shall delete the folder then and sleep easier.

Cheers,
Kaosmusik
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top