K
kaosmusik
I just noticed an odd file folder on my 2nd partition (drive E), and
wonder if it is malicious. It has the name d0373a4929ad1ee338... only
1 file there - msxml4-KB927978-enu.log
This .log file is 281 kb, and I've copied the beginning of it below.
Is it something I should worry about? I've run latest updates from
Spybot S&D (found TagASaurus spyware, and removed it.). Should I
delete this log file and folder? Or be really worried...?
I appreciate any insight or comments! Thanks in advance.
=== Verbose logging started: 17/11/2006 8:33:45 Build type: SHIP
UNICODE 3.01.4000.2435 Calling process:
C:\WINDOWS\system32\msiexec.exe ===
MSI (c) (A4:34) [08:33:45:640]: Resetting cached policy values
MSI (c) (A4:34) [08:33:45:640]: Machine policy value 'Debug' is 0
MSI (c) (A4:34) [08:33:45:640]: ******* RunEngine:
******* Product: e:\d0373a5929ad1ee338\msxml.msi
******* Action:
******* CommandLine: **********
MSI (c) (A4:34) [08:33:45:640]: Client-side and UI is none or basic:
Running entire install on the server.
MSI (c) (A4:34) [08:33:45:650]: Grabbed execution mutex.
MSI (c) (A4:34) [08:33:45:941]: Cloaking enabled.
MSI (c) (A4:34) [08:33:45:941]: Attempting to enable all disabled
priveleges before calling Install on Server
MSI (c) (A4:34) [08:33:45:961]: Incrementing counter to disable
shutdown. Counter after increment: 0
MSI (s) (18:00) [08:33:45:971]: Grabbed execution mutex.
MSI (s) (18:5C) [08:33:45:991]: Resetting cached policy values
MSI (s) (18:5C) [08:33:45:991]: Machine policy value 'Debug' is 0
MSI (s) (18:5C) [08:33:45:991]: ******* RunEngine:
******* Product: e:\d0373a5929ad1ee338\msxml.msi
******* Action:
******* CommandLine: **********
MSI (s) (18:5C) [08:33:46:121]: Machine policy value
'DisableUserInstalls' is 0
MSI (s) (18:5C) [08:33:46:331]: SOFTWARE RESTRICTION POLICY: Verifying
package --> 'e:\d0373a5929ad1ee338\msxml.msi' against software
restriction policy
MSI (s) (18:5C) [08:33:46:331]: SOFTWARE RESTRICTION POLICY:
e:\d0373a5929ad1ee338\msxml.msi has a digital signature
MSI (s) (18:5C) [08:33:47:804]: SOFTWARE RESTRICTION POLICY:
e:\d0373a5929ad1ee338\msxml.msi is permitted to run at the
'unrestricted' authorization level.
MSI (s) (18:5C) [08:33:47:824]: End dialog not enabled
MSI (s) (18:5C) [08:33:47:824]: Original package ==>
e:\d0373a5929ad1ee338\msxml.msi
MSI (s) (18:5C) [08:33:47:824]: Package we're running from ==>
C:\WINDOWS\Installer\1ec36dc1.msi
MSI (s) (18:5C) [08:33:47:874]: APPCOMPAT: looking for appcompat
database entry with ProductCode
'{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'.
MSI (s) (18:5C) [08:33:47:884]: APPCOMPAT: no matching ProductCode
found in database.
MSI (s) (18:5C) [08:33:47:904]: MSCOREE not loaded loading copy from
system32
MSI (s) (18:5C) [08:33:47:984]: Machine policy value 'TransformsSecure'
is 0
MSI (s) (18:5C) [08:33:47:984]: User policy value 'TransformsAtSource'
is 0
MSI (s) (18:5C) [08:33:47:994]: Machine policy value 'DisablePatch' is
0
MSI (s) (18:5C) [08:33:47:994]: Machine policy value
'AllowLockdownPatch' is 0
MSI (s) (18:5C) [08:33:47:994]: Machine policy value
'DisableLUAPatching' is 0
MSI (s) (18:5C) [08:33:47:994]: Machine policy value
'DisableFlyWeightPatching' is 0
MSI (s) (18:5C) [08:33:47:994]: APPCOMPAT: looking for appcompat
database entry with ProductCode
'{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'.
MSI (s) (18:5C) [08:33:47:994]: APPCOMPAT: no matching ProductCode
found in database.
MSI (s) (18:5C) [08:33:47:994]: Transforms are not secure.
MSI (s) (18:5C) [08:33:47:994]: Command Line: REBOOT=ReallySuppress
CURRENTDIRECTORY=e:\d0373a5929ad1ee338 CLIENTUILEVEL=3
CLIENTPROCESSID=3492
MSI (s) (18:5C) [08:33:47:994]: PROPERTY CHANGE: Adding PackageCode
property. Its value is '{2B27DCD9-53FA-4885-B6CD-698623819F4C}'.
MSI (s) (18:5C) [08:33:47:994]: Product Code passed to
Engine.Initialize: ''
MSI (s) (18:5C) [08:33:47:994]: Product Code from property table before
transforms: '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'
MSI (s) (18:5C) [08:33:47:994]: Product Code from property table after
transforms: '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'
MSI (s) (18:5C) [08:33:47:994]: Product not registered: beginning
first-time install
MSI (s) (18:5C) [08:33:47:994]: PROPERTY CHANGE: Adding ProductState
property. Its value is '-1'.
MSI (s) (18:5C) [08:33:47:994]: Entering
CMsiConfigurationManager::SetLastUsedSource.
MSI (s) (18:5C) [08:33:47:994]: User policy value 'SearchOrder' is
'nmu'
MSI (s) (18:5C) [08:33:48:004]: Adding new sources is allowed.
MSI (s) (18:5C) [08:33:48:004]: PROPERTY CHANGE: Adding
PackagecodeChanging property. Its value is '1'.
MSI (s) (18:5C) [08:33:48:004]: Package name extracted from package
path: 'msxml.msi'
MSI (s) (18:5C) [08:33:48:004]: Package to be registered: 'msxml.msi'
MSI (s) (18:5C) [08:33:48:004]: Note: 1: 2729
MSI (s) (18:5C) [08:33:48:024]: Note: 1: 2729
MSI (s) (18:5C) [08:33:48:024]: Note: 1: 2262 2: AdminProperties 3:
-2147287038
MSI (s) (18:5C) [08:33:48:024]: Machine policy value 'DisableMsi' is 0
MSI (s) (18:5C) [08:33:48:024]: Machine policy value
'AlwaysInstallElevated' is 0
MSI (s) (18:5C) [08:33:48:024]: User policy value
'AlwaysInstallElevated' is 0
MSI (s) (18:5C) [08:33:48:024]: Product installation will be elevated
because user is admin and product is being installed per-machine.
MSI (s) (18:5C) [08:33:48:024]: Running product
'{37477865-A3F1-4772-AD43-AAFC6BCFF99F}' with elevated privileges:
Product is assigned.
MSI (s) (18:5C) [08:33:48:024]: PROPERTY CHANGE: Adding REBOOT
property. Its value is 'ReallySuppress'.
wonder if it is malicious. It has the name d0373a4929ad1ee338... only
1 file there - msxml4-KB927978-enu.log
This .log file is 281 kb, and I've copied the beginning of it below.
Is it something I should worry about? I've run latest updates from
Spybot S&D (found TagASaurus spyware, and removed it.). Should I
delete this log file and folder? Or be really worried...?
I appreciate any insight or comments! Thanks in advance.
=== Verbose logging started: 17/11/2006 8:33:45 Build type: SHIP
UNICODE 3.01.4000.2435 Calling process:
C:\WINDOWS\system32\msiexec.exe ===
MSI (c) (A4:34) [08:33:45:640]: Resetting cached policy values
MSI (c) (A4:34) [08:33:45:640]: Machine policy value 'Debug' is 0
MSI (c) (A4:34) [08:33:45:640]: ******* RunEngine:
******* Product: e:\d0373a5929ad1ee338\msxml.msi
******* Action:
******* CommandLine: **********
MSI (c) (A4:34) [08:33:45:640]: Client-side and UI is none or basic:
Running entire install on the server.
MSI (c) (A4:34) [08:33:45:650]: Grabbed execution mutex.
MSI (c) (A4:34) [08:33:45:941]: Cloaking enabled.
MSI (c) (A4:34) [08:33:45:941]: Attempting to enable all disabled
priveleges before calling Install on Server
MSI (c) (A4:34) [08:33:45:961]: Incrementing counter to disable
shutdown. Counter after increment: 0
MSI (s) (18:00) [08:33:45:971]: Grabbed execution mutex.
MSI (s) (18:5C) [08:33:45:991]: Resetting cached policy values
MSI (s) (18:5C) [08:33:45:991]: Machine policy value 'Debug' is 0
MSI (s) (18:5C) [08:33:45:991]: ******* RunEngine:
******* Product: e:\d0373a5929ad1ee338\msxml.msi
******* Action:
******* CommandLine: **********
MSI (s) (18:5C) [08:33:46:121]: Machine policy value
'DisableUserInstalls' is 0
MSI (s) (18:5C) [08:33:46:331]: SOFTWARE RESTRICTION POLICY: Verifying
package --> 'e:\d0373a5929ad1ee338\msxml.msi' against software
restriction policy
MSI (s) (18:5C) [08:33:46:331]: SOFTWARE RESTRICTION POLICY:
e:\d0373a5929ad1ee338\msxml.msi has a digital signature
MSI (s) (18:5C) [08:33:47:804]: SOFTWARE RESTRICTION POLICY:
e:\d0373a5929ad1ee338\msxml.msi is permitted to run at the
'unrestricted' authorization level.
MSI (s) (18:5C) [08:33:47:824]: End dialog not enabled
MSI (s) (18:5C) [08:33:47:824]: Original package ==>
e:\d0373a5929ad1ee338\msxml.msi
MSI (s) (18:5C) [08:33:47:824]: Package we're running from ==>
C:\WINDOWS\Installer\1ec36dc1.msi
MSI (s) (18:5C) [08:33:47:874]: APPCOMPAT: looking for appcompat
database entry with ProductCode
'{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'.
MSI (s) (18:5C) [08:33:47:884]: APPCOMPAT: no matching ProductCode
found in database.
MSI (s) (18:5C) [08:33:47:904]: MSCOREE not loaded loading copy from
system32
MSI (s) (18:5C) [08:33:47:984]: Machine policy value 'TransformsSecure'
is 0
MSI (s) (18:5C) [08:33:47:984]: User policy value 'TransformsAtSource'
is 0
MSI (s) (18:5C) [08:33:47:994]: Machine policy value 'DisablePatch' is
0
MSI (s) (18:5C) [08:33:47:994]: Machine policy value
'AllowLockdownPatch' is 0
MSI (s) (18:5C) [08:33:47:994]: Machine policy value
'DisableLUAPatching' is 0
MSI (s) (18:5C) [08:33:47:994]: Machine policy value
'DisableFlyWeightPatching' is 0
MSI (s) (18:5C) [08:33:47:994]: APPCOMPAT: looking for appcompat
database entry with ProductCode
'{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'.
MSI (s) (18:5C) [08:33:47:994]: APPCOMPAT: no matching ProductCode
found in database.
MSI (s) (18:5C) [08:33:47:994]: Transforms are not secure.
MSI (s) (18:5C) [08:33:47:994]: Command Line: REBOOT=ReallySuppress
CURRENTDIRECTORY=e:\d0373a5929ad1ee338 CLIENTUILEVEL=3
CLIENTPROCESSID=3492
MSI (s) (18:5C) [08:33:47:994]: PROPERTY CHANGE: Adding PackageCode
property. Its value is '{2B27DCD9-53FA-4885-B6CD-698623819F4C}'.
MSI (s) (18:5C) [08:33:47:994]: Product Code passed to
Engine.Initialize: ''
MSI (s) (18:5C) [08:33:47:994]: Product Code from property table before
transforms: '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'
MSI (s) (18:5C) [08:33:47:994]: Product Code from property table after
transforms: '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'
MSI (s) (18:5C) [08:33:47:994]: Product not registered: beginning
first-time install
MSI (s) (18:5C) [08:33:47:994]: PROPERTY CHANGE: Adding ProductState
property. Its value is '-1'.
MSI (s) (18:5C) [08:33:47:994]: Entering
CMsiConfigurationManager::SetLastUsedSource.
MSI (s) (18:5C) [08:33:47:994]: User policy value 'SearchOrder' is
'nmu'
MSI (s) (18:5C) [08:33:48:004]: Adding new sources is allowed.
MSI (s) (18:5C) [08:33:48:004]: PROPERTY CHANGE: Adding
PackagecodeChanging property. Its value is '1'.
MSI (s) (18:5C) [08:33:48:004]: Package name extracted from package
path: 'msxml.msi'
MSI (s) (18:5C) [08:33:48:004]: Package to be registered: 'msxml.msi'
MSI (s) (18:5C) [08:33:48:004]: Note: 1: 2729
MSI (s) (18:5C) [08:33:48:024]: Note: 1: 2729
MSI (s) (18:5C) [08:33:48:024]: Note: 1: 2262 2: AdminProperties 3:
-2147287038
MSI (s) (18:5C) [08:33:48:024]: Machine policy value 'DisableMsi' is 0
MSI (s) (18:5C) [08:33:48:024]: Machine policy value
'AlwaysInstallElevated' is 0
MSI (s) (18:5C) [08:33:48:024]: User policy value
'AlwaysInstallElevated' is 0
MSI (s) (18:5C) [08:33:48:024]: Product installation will be elevated
because user is admin and product is being installed per-machine.
MSI (s) (18:5C) [08:33:48:024]: Running product
'{37477865-A3F1-4772-AD43-AAFC6BCFF99F}' with elevated privileges:
Product is assigned.
MSI (s) (18:5C) [08:33:48:024]: PROPERTY CHANGE: Adding REBOOT
property. Its value is 'ReallySuppress'.