strange directory named aeed9564540066ea4d1ea4ed97ead0dd


G

Guest

Does anyone know what this means and is it a sign of having been hacked?

I came across this directory listed under my documents:
aeed9564540066ea4d1ea4ed97ead0dd

I opened up the word file in it revealed the following:

=== Verbose logging started: 11/20/2006 21:08:21 Build type: SHIP UNICODE
3.01.4000.2435 Calling process: C:\WINDOWS\system32\msiexec.exe ===

MSI (c) (1C:FC) [21:08:21:418]: Resetting cached policy values

MSI (c) (1C:FC) [21:08:21:418]: Machine policy value 'Debug' is 0

MSI (c) (1C:FC) [21:08:21:418]: ******* RunEngine:

******* Product: c:\aeed956454066e4d1ea4ed97ead0dd\msxml.msi

******* Action:

******* CommandLine: **********

MSI (c) (1C:FC) [21:08:21:418]: Client-side and UI is none or basic: Running
entire install on the server.

MSI (c) (1C:FC) [21:08:21:418]: Grabbed execution mutex.

MSI (c) (1C:FC) [21:08:21:433]: Cloaking enabled.

MSI (c) (1C:FC) [21:08:21:433]: Attempting to enable all disabled priveleges
before calling Install on Server

MSI (c) (1C:FC) [21:08:21:433]: Incrementing counter to disable shutdown.
Counter after increment: 0

MSI (s) (E8:84) [21:08:21:433]: Grabbed execution mutex.

MSI (s) (E8:AC) [21:08:21:433]: Resetting cached policy values

MSI (s) (E8:AC) [21:08:21:433]: Machine policy value 'Debug' is 0

MSI (s) (E8:AC) [21:08:21:433]: ******* RunEngine:

******* Product: c:\aeed956454066e4d1ea4ed97ead0dd\msxml.msi

******* Action:

******* CommandLine: **********

MSI (s) (E8:AC) [21:08:21:433]: Machine policy value 'DisableUserInstalls'
is 0

MSI (s) (E8:AC) [21:08:21:433]: File will have security applied from OpCode.

MSI (s) (E8:AC) [21:08:21:449]: SOFTWARE RESTRICTION POLICY: Verifying
package --> 'c:\aeed956454066e4d1ea4ed97ead0dd\msxml.msi' against software
restriction policy

MSI (s) (E8:AC) [21:08:21:449]: SOFTWARE RESTRICTION POLICY:
c:\aeed956454066e4d1ea4ed97ead0dd\msxml.msi has a digital signature

MSI (s) (E8:AC) [21:08:21:683]: SOFTWARE RESTRICTION POLICY:
c:\aeed956454066e4d1ea4ed97ead0dd\msxml.msi is permitted to run at the
'unrestricted' authorization level.

MSI (s) (E8:AC) [21:08:21:683]: End dialog not enabled

MSI (s) (E8:AC) [21:08:21:683]: Original package ==>
c:\aeed956454066e4d1ea4ed97ead0dd\msxml.msi

MSI (s) (E8:AC) [21:08:21:683]: Package we're running from ==>
c:\WINDOWS\Installer\257e0ad.msi

MSI (s) (E8:AC) [21:08:21:683]: APPCOMPAT: looking for appcompat database
entry with ProductCode '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'.

MSI (s) (E8:AC) [21:08:21:683]: APPCOMPAT: no matching ProductCode found in
database.

MSI (s) (E8:AC) [21:08:21:683]: MSCOREE not loaded loading copy from system32

MSI (s) (E8:AC) [21:08:21:683]: Machine policy value 'TransformsSecure' is 0

MSI (s) (E8:AC) [21:08:21:683]: User policy value 'TransformsAtSource' is 0

MSI (s) (E8:AC) [21:08:21:683]: Machine policy value 'DisablePatch' is 0

MSI (s) (E8:AC) [21:08:21:683]: Machine policy value 'AllowLockdownPatch' is 0

MSI (s) (E8:AC) [21:08:21:683]: Machine policy value 'DisableLUAPatching' is 0

MSI (s) (E8:AC) [21:08:21:683]: Machine policy value
'DisableFlyWeightPatching' is 0

MSI (s) (E8:AC) [21:08:21:683]: APPCOMPAT: looking for appcompat database
entry with ProductCode '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'.

MSI (s) (E8:AC) [21:08:21:683]: APPCOMPAT: no matching ProductCode found in
database.

MSI (s) (E8:AC) [21:08:21:683]: Transforms are not secure.

MSI (s) (E8:AC) [21:08:21:683]: Command Line: REBOOT=ReallySuppress
CURRENTDIRECTORY=c:\aeed956454066e4d1ea4ed97ead0dd CLIENTUILEVEL=3
CLIENTPROCESSID=4636

MSI (s) (E8:AC) [21:08:21:683]: PROPERTY CHANGE: Adding PackageCode
property. Its value is '{2B27DCD9-53FA-4885-B6CD-698623819F4C}'.

MSI (s) (E8:AC) [21:08:21:683]: Product Code passed to Engine.Initialize:
''

MSI (s) (E8:AC) [21:08:21:683]: Product Code from property table before
transforms: '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'

MSI (s) (E8:AC) [21:08:21:683]: Product Code from property table after
transforms: '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'

MSI (s) (E8:AC) [21:08:21:683]: Product not registered: beginning first-time
install

MSI (s) (E8:AC) [21:08:21:683]: PROPERTY CHANGE: Adding ProductState
property. Its value is '-1'.

MSI (s) (E8:AC) [21:08:21:683]: Entering
CMsiConfigurationManager::SetLastUsedSource.

MSI (s) (E8:AC) [21:08:21:683]: User policy value 'SearchOrder' is 'nmu'

MSI (s) (E8:AC) [21:08:21:683]: Adding new sources is allowed.

MSI (s) (E8:AC) [21:08:21:683]: PROPERTY CHANGE: Adding PackagecodeChanging
property. Its value is '1'.

MSI (s) (E8:AC) [21:08:21:683]: Package name extracted from package path:
'msxml.msi'

MSI (s) (E8:AC) [21:08:21:683]: Package to be registered: 'msxml.msi'

MSI (s) (E8:AC) [21:08:21:683]: Note: 1: 2729

MSI (s) (E8:AC) [21:08:21:715]: Note: 1: 2729

MSI (s) (E8:AC) [21:08:21:715]: Note: 1: 2262 2: AdminProperties 3:
-2147287038

MSI (s) (E8:AC) [21:08:21:715]: Machine policy value 'DisableMsi' is 0

MSI (s) (E8:AC) [21:08:21:715]: Machine policy value 'AlwaysInstallElevated'
is 0

MSI (s) (E8:AC) [21:08:21:715]: User policy value 'AlwaysInstallElevated' is 0

MSI (s) (E8:AC) [21:08:21:715]: Product installation will be elevated
because user is admin and product is being installed per-machine.

MSI (s) (E8:AC) [21:08:21:715]: Running product
'{37477865-A3F1-4772-AD43-AAFC6BCFF99F}' with elevated privileges: Product is
assigned.

MSI (s) (E8:AC) [21:08:21:715]: PROPERTY CHANGE: Adding REBOOT property. Its
value is 'ReallySuppress'.

MSI (s) (E8:AC) [21:08:21:715]: PROPERTY CHANGE: Adding CURRENTDIRECTORY
property. Its value is 'c:\aeed956454066e4d1ea4ed97ead0dd'.

MSI (s) (E8:AC) [21:08:21:715]: PROPERTY CHANGE: Adding CLIENTUILEVEL
property. Its value is '3'.

MSI (s) (E8:AC) [21:08:21:715]: PROPERTY CHANGE: Adding CLIENTPROCESSID
property. Its value is '4636'.

MSI (s) (E8:AC) [21:08:21:715]: TRANSFORMS property is now:

MSI (s) (E8:AC) [21:08:21:715]: PROPERTY CHANGE: Adding VersionDatabase
property. Its value is '200'.

MSI (s) (E8:AC) [21:08:21:715]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\DRB.DRBRIZENDINE\Application Data

MSI (s) (E8:AC) [21:08:21:715]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\DRB.DRBRIZENDINE\Favorites

MSI (s) (E8:AC) [21:08:21:715]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\DRB.DRBRIZENDINE\NetHood

MSI (s) (E8:AC) [21:08:21:715]: SHELL32::SHGetFolderPath returned: C:\Drb's
Documents

MSI (s) (E8:AC) [21:08:21:730]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\DRB.DRBRIZENDINE\PrintHood

MSI (s) (E8:AC) [21:08:21:730]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\DRB.DRBRIZENDINE\Recent

MSI (s) (E8:AC) [21:08:21:730]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\DRB.DRBRIZENDINE\SendTo

MSI (s) (E8:AC) [21:08:21:730]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\DRB.DRBRIZENDINE\Templates

MSI (s) (E8:AC) [21:08:21:730]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\All Users\Application Data

MSI (s) (E8:AC) [21:08:21:730]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\DRB.DRBRIZENDINE\Local Settings\Application Data

MSI (s) (E8:AC) [21:08:21:730]: SHELL32::SHGetFolderPath returned: C:\Drb's
Documents\My Pictures

MSI (s) (E8:AC) [21:08:21:730]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools

MSI (s) (E8:AC) [21:08:21:730]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup

MSI (s) (E8:AC) [21:08:21:730]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\All Users\Start Menu\Programs

MSI (s) (E8:AC) [21:08:21:730]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\All Users\Start Menu

MSI (s) (E8:AC) [21:08:21:730]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\All Users\Desktop

MSI (s) (E8:AC) [21:08:21:730]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\DRB.DRBRIZENDINE\Start Menu\Programs\Administrative
Tools

MSI (s) (E8:AC) [21:08:21:730]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\DRB.DRBRIZENDINE\Start Menu\Programs\Startup

MSI (s) (E8:AC) [21:08:21:730]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\DRB.DRBRIZENDINE\Start Menu\Programs

MSI (s) (E8:AC) [21:08:21:730]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\DRB.DRBRIZENDINE\Start Menu

MSI (s) (E8:AC) [21:08:21:730]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\DRB.DRBRIZENDINE\Desktop

MSI (s) (E8:AC) [21:08:21:730]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\All Users\Templates

MSI (s) (E8:AC) [21:08:21:730]: SHELL32::SHGetFolderPath returned:
C:\WINDOWS\Fonts

MSI (s) (E8:AC) [21:08:21:746]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans
Serif 4: 0 5: 16

MSI (s) (E8:AC) [21:08:21:746]: PROPERTY CHANGE: Adding Privileged property.
Its value is '1'.

MSI (s) (E8:AC) [21:08:21:746]: Note: 1: 1402 2:
HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2

MSI (s) (E8:AC) [21:08:21:746]: PROPERTY CHANGE: Adding USERNAME property.
Its value is 'Dr. Brizendine'.

MSI (s) (E8:AC) [21:08:21:746]: Note: 1: 1402 2:
HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2

MSI (s) (E8:AC) [21:08:21:746]: PROPERTY CHANGE: Adding COMPANYNAME
property. Its value is 'Dr. Brizendine'.

MSI (s) (E8:AC) [21:08:21:746]: PROPERTY CHANGE: Adding DATABASE property.
Its value is 'c:\WINDOWS\Installer\257e0ad.msi'.

MSI (s) (E8:AC) [21:08:21:746]: PROPERTY CHANGE: Adding OriginalDatabase
property. Its value is 'c:\aeed956454066e4d1ea4ed97ead0dd\msxml.msi'.

MSI (s) (E8:AC) [21:08:21:746]: Note: 1: 2205 2: 3: PatchPackage

MSI (s) (E8:AC) [21:08:21:746]: Machine policy value 'DisableRollback' is 0

MSI (s) (E8:AC) [21:08:21:746]: User policy value 'DisableRollback' is 0

MSI (s) (E8:AC) [21:08:21:746]: PROPERTY CHANGE: Adding UILevel property.
Its value is '2'.

=== Logging started: 11/20/2006 21:08:21 ===

MSI (s) (E8:AC) [21:08:21:746]: PROPERTY CHANGE: Adding ACTION property. Its
value is 'INSTALL'.

MSI (s) (E8:AC) [21:08:21:746]: Doing action: INSTALL

MSI (s) (E8:AC) [21:08:21:746]: Running ExecuteSequence

MSI (s) (E8:AC) [21:08:21:746]: Doing action:
DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901

Action start 21:08:21: INSTALL.

MSI (s) (E8:AC) [21:08:21:746]: PROPERTY CHANGE: Adding
DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is
'C:\Documents and Settings\All Users\Desktop\'.

Action start 21:08:21: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901.

MSI (s) (E8:AC) [21:08:21:746]: Doing action:
ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901

Action ended 21:08:21: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901.
Return value 1.

MSI (s) (E8:AC) [21:08:21:746]: PROPERTY CHANGE: Adding
ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is
'C:\Documents and Settings\All Users\Start Menu\Programs\'.

Action start 21:08:21: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901.

MSI (s) (E8:AC) [21:08:21:746]: Doing action:
WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537

Action ended 21:08:21:
ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901. Return value 1.

MSI (s) (E8:AC) [21:08:21:746]: PROPERTY CHANGE: Adding
WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is
'C:\WINDOWS\'.

Action start 21:08:21: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537.

MSI (s) (E8:AC) [21:08:21:746]: Doing action:
SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537

Action ended 21:08:21: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537.
Return value 1.

MSI (s) (E8:AC) [21:08:21:746]: PROPERTY CHANGE: Adding
SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is
'C:\WINDOWS\system32\'.

Action start 21:08:21: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537.

MSI (s) (E8:AC) [21:08:21:746]: Doing action:
WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537

Action ended 21:08:21: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537.
Return value 1.

MSI (s) (E8:AC) [21:08:21:746]: PROPERTY CHANGE: Adding
WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is
'C:\WINDOWS\'.

Action start 21:08:21: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537.

MSI (s) (E8:AC) [21:08:21:746]: Doing action:
SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537

Action ended 21:08:21: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537.
Return value 1.

MSI (s) (E8:AC) [21:08:21:746]: PROPERTY CHANGE: Adding
SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is
'C:\WINDOWS\system32\'.

Action start 21:08:21: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537.

MSI (s) (E8:AC) [21:08:21:746]: Doing action:
WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537

Action ended 21:08:21: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537.
Return value 1.

MSI (s) (E8:AC) [21:08:21:746]: PROPERTY CHANGE: Adding
WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is
'C:\WINDOWS\'.

Action start 21:08:21: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537.

MSI (s) (E8:AC) [21:08:21:746]: Doing action:
SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537

Action ended 21:08:21: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537.
Return value 1.

MSI (s) (E8:AC) [21:08:21:746]: PROPERTY CHANGE: Adding
SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is
'C:\WINDOWS\system32\'.

Action start 21:08:21: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537.

MSI (s) (E8:AC) [21:08:21:746]: Doing action:
SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB

Action ended 21:08:21: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537.
Return value 1.

MSI (s) (E8:AC) [21:08:21:746]: PROPERTY CHANGE: Adding
SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB property. Its value is
'C:\WINDOWS\system32\'.

Action start 21:08:21: SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB.

MSI (s) (E8:AC) [21:08:21:746]: Doing action:
SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1

Action ended 21:08:21: SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB.
Return value 1.

MSI (s) (E8:AC) [21:08:21:746]: PROPERTY CHANGE: Adding
SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1 property. Its value is
'C:\WINDOWS\system32\'.

Action start 21:08:21: SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1.

MSI (s) (E8:AC) [21:08:21:746]: Doing action:
SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7

Action ended 21:08:21: SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1.
Return value 1.

MSI (s) (E8:AC) [21:08:21:746]: PROPERTY CHANGE: Adding
SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7 property. Its value is
'C:\WINDOWS\system32\'.

Action start 21:08:21: SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7.

MSI (s) (E8:AC) [21:08:21:746]: Doing action: LaunchConditions

Action ended 21:08:21: SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7.
Return value 1.

Action start 21:08:21: LaunchConditions.

MSI (s) (E8:AC) [21:08:21:746]: Doing action: FindRelatedProducts

Action ended 21:08:21: LaunchConditions. Return value 1.

Action start 21:08:21: FindRelatedProducts.

MSI (s) (E8:AC) [21:08:21:746]: Doing action: AppSearch

Action ended 21:08:21: FindRelatedProducts. Return value 1.

Action start 21:08:21: AppSearch.

MSI (s) (E8:AC) [21:08:21:746]: Note: 1: 2262 2: Signature 3: -2147287038

MSI (s) (E8:AC) [21:08:21:746]: PROPERTY CHANGE: Adding WINHTTP_51 property.
Its value is 'WinHttpRequest Component version 5.1'.

MSI (s) (E8:AC) [21:08:21:746]: Skipping action: CCPSearch (condition is
false)

MSI (s) (E8:AC) [21:08:21:746]: Skipping action: RMCCPSearch (condition is
false)

MSI (s) (E8:AC) [21:08:21:746]: Doing action: ValidateProductID

Action ended 21:08:21: AppSearch. Return value 1.

Action start 21:08:21: ValidateProductID.

MSI (s) (E8:AC) [21:08:21:746]: Doing action: CostInitialize

Action ended 21:08:21: ValidateProductID. Return value 1.

MSI (s) (E8:AC) [21:08:21:746]: Machine policy value 'MaxPatchCacheSize' is 10

Action start 21:08:21: CostInitialize.

MSI (s) (E8:AC) [21:08:21:762]: PROPERTY CHANGE: Adding ROOTDRIVE property.
Its value is 'c:\'.

MSI (s) (E8:AC) [21:08:21:762]: PROPERTY CHANGE: Adding CostingComplete
property. Its value is '0'.

MSI (s) (E8:AC) [21:08:21:762]: Note: 1: 2205 2: 3: Patch

MSI (s) (E8:AC) [21:08:21:762]: Note: 1: 2205 2: 3: PatchPackage

MSI (s) (E8:AC) [21:08:21:762]: Note: 1: 2205 2: 3: MsiPatchHeaders

MSI (s) (E8:AC) [21:08:21:762]: Note: 1: 2205 2: 3: __MsiPatchFileList

MSI (s) (E8:AC) [21:08:21:762]: Note: 1: 2205 2: 3: PatchPackage

MSI (s) (E8:AC) [21:08:21:762]: Note: 1: 2228 2: 3: PatchPackage 4: SELECT
`DiskId`, `PatchId`, `LastSequence` FROM `Media`, `PatchPackage` WHERE
`Media`.`DiskId`=`PatchPackage`.`Media_` ORDER BY `DiskId`

MSI (s) (E8:AC) [21:08:21:762]: Doing action: FileCost

Action ended 21:08:21: CostInitialize. Return value 1.

MSI (s) (E8:AC) [21:08:21:762]: Note: 1: 2262 2: Extension 3: -2147287038

Action start 21:08:21: FileCost.

MSI (s) (E8:AC) [21:08:21:762]: Doing action: CostFinalize

Action ended 21:08:21: FileCost. Return value 1.

MSI (s) (E8:AC) [21:08:21:762]: PROPERTY CHANGE: Adding OutOfDiskSpace
property. Its value is '0'.

MSI (s) (E8:AC) [21:08:21:762]: PROPERTY CHANGE: Adding OutOfNoRbDiskSpace
property. Its value is '0'.

MSI (s) (E8:AC) [21:08:21:762]: PROPERTY CHANGE: Adding
PrimaryVolumeSpaceAvailable property. Its value is '0'.

MSI (s) (E8:AC) [21:08:21:762]: PROPERTY CHANGE: Adding
PrimaryVolumeSpaceRequired property. Its value is '0'.

MSI (s) (E8:AC) [21:08:21:762]: PROPERTY CHANGE: Adding
PrimaryVolumeSpaceRemaining property. Its value is '0'.

MSI (s) (E8:AC) [21:08:21:762]: Note: 1: 2205 2: 3: Patch

MSI (s) (E8:AC) [21:08:21:762]: PROPERTY CHANGE: Adding TARGETDIR property.
Its value is 'c:\'.

MSI (s) (E8:AC) [21:08:21:762]: PROPERTY CHANGE: Modifying WindowsFolder
property. Its current value is 'C:\WINDOWS\'. Its new value: 'c:\WINDOWS\'.

MSI (s) (E8:AC) [21:08:21:762]: PROPERTY CHANGE: Modifying CommonFilesFolder
property. Its current value is 'C:\Program Files\Common Files\'. Its new
value: 'c:\Program Files\Common Files\'.

MSI (s) (E8:AC) [21:08:21:762]: PROPERTY CHANGE: Adding
MicrosoftShared.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 property. Its value is
'c:\Program Files\Common Files\Microsoft Shared\'.

MSI (s) (E8:AC) [21:08:21:762]: PROPERTY CHANGE: Adding
MSDN.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 property. Its value is 'c:\Program
Files\Common Files\Microsoft Shared\MSDN\'.

MSI (s) (E8:AC) [21:08:21:762]: PROPERTY CHANGE: Modifying
WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its current



-----had to snip out most of the file due to post exceeding 30000
characters)--------

Property(S): SourcedirProduct = {37477865-A3F1-4772-AD43-AAFC6BCFF99F}

Property(S): ProductToBeRegistered = 1

MSI (s) (E8:AC) [21:08:23:559]: Note: 1: 1707

MSI (s) (E8:AC) [21:08:23:559]: Product: MSXML 4.0 SP2 (KB927978) --
Installation completed successfully.



MSI (s) (E8:AC) [21:08:23:559]: Cleaning up uninstalled install packages, if
any exist

MSI (s) (E8:AC) [21:08:23:559]: MainEngineThread is returning 0

MSI (s) (E8:84) [21:08:23:668]: Destroying RemoteAPI object.

MSI (s) (E8:4C) [21:08:23:668]: Custom Action Manager thread ending.

=== Logging stopped: 11/20/2006 21:08:23 ===

MSI (c) (1C:FC) [21:08:23:684]: Decrementing counter to disable shutdown. If
counter >= 0, shutdown will be denied. Counter after decrement: -1

MSI (c) (1C:FC) [21:08:23:684]: MainEngineThread is returning 0

=== Verbose logging stopped: 11/20/2006 21:08:23 ===
 
Ad

Advertisements

G

Guest

Michael G said:
Does anyone know what this means and is it a sign of having been hacked?

I came across this directory listed under my documents:
aeed9564540066ea4d1ea4ed97ead0dd

I opened up the word file in it revealed the following:

=== Verbose logging started: 11/20/2006 21:08:21 Build type: SHIP UNICODE
3.01.4000.2435 Calling process: C:\WINDOWS\system32\msiexec.exe ===

MSI (c) (1C:FC) [21:08:21:418]: Resetting cached policy values

MSI (c) (1C:FC) [21:08:21:418]: Machine policy value 'Debug' is 0

MSI (c) (1C:FC) [21:08:21:418]: ******* RunEngine:

******* Product: c:\aeed956454066e4d1ea4ed97ead0dd\msxml.msi

******* Action:

******* CommandLine: **********

MSI (c) (1C:FC) [21:08:21:418]: Client-side and UI is none or basic: Running
entire install on the server.

MSI (c) (1C:FC) [21:08:21:418]: Grabbed execution mutex.

MSI (c) (1C:FC) [21:08:21:433]: Cloaking enabled.

MSI (c) (1C:FC) [21:08:21:433]: Attempting to enable all disabled priveleges
before calling Install on Server

MSI (c) (1C:FC) [21:08:21:433]: Incrementing counter to disable shutdown.
Counter after increment: 0

MSI (s) (E8:84) [21:08:21:433]: Grabbed execution mutex.

MSI (s) (E8:AC) [21:08:21:433]: Resetting cached policy values

MSI (s) (E8:AC) [21:08:21:433]: Machine policy value 'Debug' is 0

MSI (s) (E8:AC) [21:08:21:433]: ******* RunEngine:

******* Product: c:\aeed956454066e4d1ea4ed97ead0dd\msxml.msi

******* Action:

******* CommandLine: **********

MSI (s) (E8:AC) [21:08:21:433]: Machine policy value 'DisableUserInstalls'
is 0

MSI (s) (E8:AC) [21:08:21:433]: File will have security applied from OpCode.

MSI (s) (E8:AC) [21:08:21:449]: SOFTWARE RESTRICTION POLICY: Verifying
package --> 'c:\aeed956454066e4d1ea4ed97ead0dd\msxml.msi' against software
restriction policy

MSI (s) (E8:AC) [21:08:21:449]: SOFTWARE RESTRICTION POLICY:
c:\aeed956454066e4d1ea4ed97ead0dd\msxml.msi has a digital signature

MSI (s) (E8:AC) [21:08:21:683]: SOFTWARE RESTRICTION POLICY:
c:\aeed956454066e4d1ea4ed97ead0dd\msxml.msi is permitted to run at the
'unrestricted' authorization level.

MSI (s) (E8:AC) [21:08:21:683]: End dialog not enabled

MSI (s) (E8:AC) [21:08:21:683]: Original package ==>
c:\aeed956454066e4d1ea4ed97ead0dd\msxml.msi

MSI (s) (E8:AC) [21:08:21:683]: Package we're running from ==>
c:\WINDOWS\Installer\257e0ad.msi

MSI (s) (E8:AC) [21:08:21:683]: APPCOMPAT: looking for appcompat database
entry with ProductCode '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'.

MSI (s) (E8:AC) [21:08:21:683]: APPCOMPAT: no matching ProductCode found in
database.

MSI (s) (E8:AC) [21:08:21:683]: MSCOREE not loaded loading copy from system32

MSI (s) (E8:AC) [21:08:21:683]: Machine policy value 'TransformsSecure' is 0

MSI (s) (E8:AC) [21:08:21:683]: User policy value 'TransformsAtSource' is 0

MSI (s) (E8:AC) [21:08:21:683]: Machine policy value 'DisablePatch' is 0

MSI (s) (E8:AC) [21:08:21:683]: Machine policy value 'AllowLockdownPatch' is 0

MSI (s) (E8:AC) [21:08:21:683]: Machine policy value 'DisableLUAPatching' is 0

MSI (s) (E8:AC) [21:08:21:683]: Machine policy value
'DisableFlyWeightPatching' is 0

MSI (s) (E8:AC) [21:08:21:683]: APPCOMPAT: looking for appcompat database
entry with ProductCode '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'.

MSI (s) (E8:AC) [21:08:21:683]: APPCOMPAT: no matching ProductCode found in
database.

MSI (s) (E8:AC) [21:08:21:683]: Transforms are not secure.

MSI (s) (E8:AC) [21:08:21:683]: Command Line: REBOOT=ReallySuppress
CURRENTDIRECTORY=c:\aeed956454066e4d1ea4ed97ead0dd CLIENTUILEVEL=3
CLIENTPROCESSID=4636

MSI (s) (E8:AC) [21:08:21:683]: PROPERTY CHANGE: Adding PackageCode
property. Its value is '{2B27DCD9-53FA-4885-B6CD-698623819F4C}'.

MSI (s) (E8:AC) [21:08:21:683]: Product Code passed to Engine.Initialize:
''

MSI (s) (E8:AC) [21:08:21:683]: Product Code from property table before
transforms: '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'

MSI (s) (E8:AC) [21:08:21:683]: Product Code from property table after
transforms: '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'

MSI (s) (E8:AC) [21:08:21:683]: Product not registered: beginning first-time
install

MSI (s) (E8:AC) [21:08:21:683]: PROPERTY CHANGE: Adding ProductState
property. Its value is '-1'.

MSI (s) (E8:AC) [21:08:21:683]: Entering
CMsiConfigurationManager::SetLastUsedSource.

MSI (s) (E8:AC) [21:08:21:683]: User policy value 'SearchOrder' is 'nmu'

MSI (s) (E8:AC) [21:08:21:683]: Adding new sources is allowed.

MSI (s) (E8:AC) [21:08:21:683]: PROPERTY CHANGE: Adding PackagecodeChanging
property. Its value is '1'.

MSI (s) (E8:AC) [21:08:21:683]: Package name extracted from package path:
'msxml.msi'

MSI (s) (E8:AC) [21:08:21:683]: Package to be registered: 'msxml.msi'

MSI (s) (E8:AC) [21:08:21:683]: Note: 1: 2729

MSI (s) (E8:AC) [21:08:21:715]: Note: 1: 2729

MSI (s) (E8:AC) [21:08:21:715]: Note: 1: 2262 2: AdminProperties 3:
-2147287038

MSI (s) (E8:AC) [21:08:21:715]: Machine policy value 'DisableMsi' is 0

MSI (s) (E8:AC) [21:08:21:715]: Machine policy value 'AlwaysInstallElevated'
is 0

MSI (s) (E8:AC) [21:08:21:715]: User policy value 'AlwaysInstallElevated' is 0

MSI (s) (E8:AC) [21:08:21:715]: Product installation will be elevated
because user is admin and product is being installed per-machine.

MSI (s) (E8:AC) [21:08:21:715]: Running product
'{37477865-A3F1-4772-AD43-AAFC6BCFF99F}' with elevated privileges: Product is
assigned.

MSI (s) (E8:AC) [21:08:21:715]: PROPERTY CHANGE: Adding REBOOT property. Its
value is 'ReallySuppress'.

MSI (s) (E8:AC) [21:08:21:715]: PROPERTY CHANGE: Adding CURRENTDIRECTORY
property. Its value is 'c:\aeed956454066e4d1ea4ed97ead0dd'.

MSI (s) (E8:AC) [21:08:21:715]: PROPERTY CHANGE: Adding CLIENTUILEVEL
property. Its value is '3'.

MSI (s) (E8:AC) [21:08:21:715]: PROPERTY CHANGE: Adding CLIENTPROCESSID
property. Its value is '4636'.

MSI (s) (E8:AC) [21:08:21:715]: TRANSFORMS property is now:

MSI (s) (E8:AC) [21:08:21:715]: PROPERTY CHANGE: Adding VersionDatabase
property. Its value is '200'.

MSI (s) (E8:AC) [21:08:21:715]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\DRB.DRBRIZENDINE\Application Data

MSI (s) (E8:AC) [21:08:21:715]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\DRB.DRBRIZENDINE\Favorites

MSI (s) (E8:AC) [21:08:21:715]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\DRB.DRBRIZENDINE\NetHood

MSI (s) (E8:AC) [21:08:21:715]: SHELL32::SHGetFolderPath returned: C:\Drb's
Documents

MSI (s) (E8:AC) [21:08:21:730]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\DRB.DRBRIZENDINE\PrintHood

MSI (s) (E8:AC) [21:08:21:730]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\DRB.DRBRIZENDINE\Recent

MSI (s) (E8:AC) [21:08:21:730]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\DRB.DRBRIZENDINE\SendTo

MSI (s) (E8:AC) [21:08:21:730]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\DRB.DRBRIZENDINE\Templates

MSI (s) (E8:AC) [21:08:21:730]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\All Users\Application Data

MSI (s) (E8:AC) [21:08:21:730]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\DRB.DRBRIZENDINE\Local Settings\Application Data

MSI (s) (E8:AC) [21:08:21:730]: SHELL32::SHGetFolderPath returned: C:\Drb's
Documents\My Pictures

MSI (s) (E8:AC) [21:08:21:730]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools

MSI (s) (E8:AC) [21:08:21:730]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup

MSI (s) (E8:AC) [21:08:21:730]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\All Users\Start Menu\Programs

MSI (s) (E8:AC) [21:08:21:730]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\All Users\Start Menu

MSI (s) (E8:AC) [21:08:21:730]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\All Users\Desktop

MSI (s) (E8:AC) [21:08:21:730]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\DRB.DRBRIZENDINE\Start Menu\Programs\Administrative
Tools

MSI (s) (E8:AC) [21:08:21:730]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\DRB.DRBRIZENDINE\Start Menu\Programs\Startup

MSI (s) (E8:AC) [21:08:21:730]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\DRB.DRBRIZENDINE\Start Menu\Programs

MSI (s) (E8:AC) [21:08:21:730]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\DRB.DRBRIZENDINE\Start Menu

MSI (s) (E8:AC) [21:08:21:730]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\DRB.DRBRIZENDINE\Desktop

MSI (s) (E8:AC) [21:08:21:730]: SHELL32::SHGetFolderPath returned:
C:\Documents and Settings\All Users\Templates

MSI (s) (E8:AC) [21:08:21:730]: SHELL32::SHGetFolderPath returned:
C:\WINDOWS\Fonts

MSI (s) (E8:AC) [21:08:21:746]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans
Serif 4: 0 5: 16

MSI (s) (E8:AC) [21:08:21:746]: PROPERTY CHANGE: Adding Privileged property.
Its value is '1'.

MSI (s) (E8:AC) [21:08:21:746]: Note: 1: 1402 2:
HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2

MSI (s) (E8:AC) [21:08:21:746]: PROPERTY CHANGE: Adding USERNAME property.
Its value is 'Dr. Brizendine'.

MSI (s) (E8:AC) [21:08:21:746]: Note: 1: 1402 2:
HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2

MSI (s) (E8:AC) [21:08:21:746]: PROPERTY CHANGE: Adding COMPANYNAME
property. Its value is 'Dr. Brizendine'.

MSI (s) (E8:AC) [21:08:21:746]: PROPERTY CHANGE: Adding DATABASE property.
Its value is 'c:\WINDOWS\Installer\257e0ad.msi'.

MSI (s) (E8:AC) [21:08:21:746]: PROPERTY CHANGE: Adding OriginalDatabase
property. Its value is 'c:\aeed956454066e4d1ea4ed97ead0dd\msxml.msi'.

MSI (s) (E8:AC) [21:08:21:746]: Note: 1: 2205 2: 3: PatchPackage

MSI (s) (E8:AC) [21:08:21:746]: Machine policy value 'DisableRollback' is 0

MSI (s) (E8:AC) [21:08:21:746]: User policy value 'DisableRollback' is 0

MSI (s) (E8:AC) [21:08:21:746]: PROPERTY CHANGE: Adding UILevel property.
Its value is '2'.

=== Logging started: 11/20/2006 21:08:21 ===

MSI (s) (E8:AC) [21:08:21:746]: PROPERTY CHANGE: Adding ACTION property. Its
value is 'INSTALL'.

MSI (s) (E8:AC) [21:08:21:746]: Doing action: INSTALL

MSI (s) (E8:AC) [21:08:21:746]: Running ExecuteSequence

MSI (s) (E8:AC) [21:08:21:746]: Doing action:
DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901

Action start 21:08:21: INSTALL.

MSI (s) (E8:AC) [21:08:21:746]: PROPERTY CHANGE: Adding
DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is
'C:\Documents and Settings\All Users\Desktop\'.

Action start 21:08:21: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901.

I think this the log file for MSXML 4.0 you can delete this safely from your
system.
How much space does it take on your disk?., I think mine was 285KB or so.
But scan for Viruses and Malwares to be in the safe side though.
http://msdn.microsoft.com/XML/XMLDownloads/
Another it may belong to Office 2003:
http://support.microsoft.com/kb/837826
HTH.
Please let us know.
Regs,
nass
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top