Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Suspicious Looking (regkey Named) Folder Appeared In H:\

  • Please log in to reply
2 replies to this topic

#1 Gummy


  • Members
  • 4 posts
  • Local time:06:57 PM

Posted 15 August 2007 - 04:50 AM


About a week ago, I finished re-installing a slipstreamed Service Pack 2 copy of Windows XP Home (yes, i have a valid license key) on this machine. I was re-installing programs when i came across this folder (sorry, i can't remember what program i was installing at the time of this log):

Note: Astrix used to replace numbers/letters just in case.

With system files & hidden files turned on, i could only find this text document:

=== Logging started: 8/12/2007 19:23:55 ===
Action start 19:23:55: INSTALL.
Action start 19:23:55: LaunchConditions.
Action ended 19:23:55: LaunchConditions. Return value 1.
Action start 19:23:55: FindRelatedProducts.
Action ended 19:23:55: FindRelatedProducts. Return value 1.
Action start 19:23:55: IsPendingRebootKey.
PendingFileRenameOperations contains:
No file in package listed in PendingFileRenameOperations
Action ended 19:23:55: IsPendingRebootKey. Return value 1.
Action start 19:23:55: AppSearch.
Action ended 19:23:55: AppSearch. Return value 0.
Action start 19:23:55: CCPSearch.
Action ended 19:23:55: CCPSearch. Return value 0.
Action start 19:23:55: RMCCPSearch.
Action ended 19:23:55: RMCCPSearch. Return value 0.
Action start 19:23:55: ValidateProductID.
Action ended 19:23:55: ValidateProductID. Return value 1.
Action start 19:23:55: CostInitialize.
Action ended 19:23:55: CostInitialize. Return value 1.
Action start 19:23:55: FileCost.
Action ended 19:23:55: FileCost. Return value 1.
Action start 19:23:55: IsolateComponents.
Action ended 19:23:55: IsolateComponents. Return value 0.
Action start 19:23:55: CostFinalize.
Action ended 19:23:55: CostFinalize. Return value 1.
Action start 19:23:55: CA_SetARPINSTALLLOCATION.
Action ended 19:23:55: CA_SetARPINSTALLLOCATION. Return value 1.
Action start 19:23:55: SetODBCFolders.
Action ended 19:23:55: SetODBCFolders. Return value 0.
Action start 19:23:55: MigrateFeatureStates.
Action ended 19:23:55: MigrateFeatureStates. Return value 0.
Action start 19:23:55: InstallValidate.
Action ended 19:23:55: InstallValidate. Return value 1.
Action start 19:23:55: InstallInitialize.
Action ended 19:23:55: InstallInitialize. Return value 1.
Action start 19:23:55: AllocateRegistrySpace.
Action ended 19:23:55: AllocateRegistrySpace. Return value 1.
Action start 19:23:55: ProcessComponents.
Action ended 19:23:55: ProcessComponents. Return value 1.
Action start 19:23:55: UnpublishComponents.
Action ended 19:23:55: UnpublishComponents. Return value 1.
Action start 19:23:55: MsiUnpublishAssemblies.
Action ended 19:23:55: MsiUnpublishAssemblies. Return value 1.
Action start 19:23:55: UnpublishFeatures.
Action ended 19:23:55: UnpublishFeatures. Return value 1.
Action start 19:23:55: StopServices.
Action ended 19:23:55: StopServices. Return value 1.
Action start 19:23:55: DeleteServices.
Action ended 19:23:55: DeleteServices. Return value 1.
Action start 19:23:55: UnregisterComPlus.
Action ended 19:23:55: UnregisterComPlus. Return value 0.
Action start 19:23:55: SelfUnregModules.
Action ended 19:23:55: SelfUnregModules. Return value 1.
Action start 19:23:55: UnregisterTypeLibraries.
Action ended 19:23:55: UnregisterTypeLibraries. Return value 1.
Action start 19:23:55: UnregisterFonts.
Action ended 19:23:55: UnregisterFonts. Return value 1.
Action start 19:23:55: RemoveRegistryValues.
Action ended 19:23:55: RemoveRegistryValues. Return value 1.
Action start 19:23:55: UnregisterClassInfo.
Action ended 19:23:55: UnregisterClassInfo. Return value 1.
Action start 19:23:55: UnregisterExtensionInfo.
Action ended 19:23:55: UnregisterExtensionInfo. Return value 1.
Action start 19:23:55: UnregisterProgIdInfo.
Action ended 19:23:55: UnregisterProgIdInfo. Return value 0.
Action start 19:23:55: UnregisterMIMEInfo.
Action ended 19:23:55: UnregisterMIMEInfo. Return value 0.
Action start 19:23:55: RemoveIniValues.
Action ended 19:23:55: RemoveIniValues. Return value 1.
Action start 19:23:55: RemoveShortcuts.
Action ended 19:23:55: RemoveShortcuts. Return value 0.
Action start 19:23:55: RemoveEnvironmentStrings.
Action ended 19:23:55: RemoveEnvironmentStrings. Return value 1.
Action start 19:23:55: RemoveDuplicateFiles.
Action ended 19:23:55: RemoveDuplicateFiles. Return value 1.
Action start 19:23:55: RemoveFiles.
Action ended 19:23:55: RemoveFiles. Return value 0.
Action start 19:23:55: RemoveFolders.
Action ended 19:23:55: RemoveFolders. Return value 0.
Action start 19:23:55: CreateFolders.
Action ended 19:23:55: CreateFolders. Return value 0.
Action start 19:23:55: MoveFiles.
Action ended 19:23:55: MoveFiles. Return value 1.
Action start 19:23:55: InstallFiles.
Action ended 19:23:55: InstallFiles. Return value 1.
Action start 19:23:55: PatchFiles.
Action ended 19:23:55: PatchFiles. Return value 0.
Action start 19:23:55: DuplicateFiles.
Action ended 19:23:55: DuplicateFiles. Return value 1.
Action start 19:23:55: BindImage.
Action ended 19:23:55: BindImage. Return value 1.
Action start 19:23:55: CreateShortcuts.
Action ended 19:23:55: CreateShortcuts. Return value 0.
Action start 19:23:55: RegisterClassInfo.
Action ended 19:23:55: RegisterClassInfo. Return value 1.
Action start 19:23:55: RegisterExtensionInfo.
Action ended 19:23:55: RegisterExtensionInfo. Return value 1.
Action start 19:23:55: RegisterProgIdInfo.
Action ended 19:23:55: RegisterProgIdInfo. Return value 0.
Action start 19:23:55: RegisterMIMEInfo.
Action ended 19:23:55: RegisterMIMEInfo. Return value 0.
Action start 19:23:55: WriteRegistryValues.
Action ended 19:23:55: WriteRegistryValues. Return value 1.
Action start 19:23:55: Wdsfpca_AddRefcountMsxml.86F857F6_******************27E09.
Action ended 19:23:55: Wdsfpca_AddRefcountMsxml.86F857F6_******************27E09. Return value 1.
Action start 19:23:55: WriteIniValues.
Action ended 19:23:55: WriteIniValues. Return value 1.
Action start 19:23:55: WriteEnvironmentStrings.
Action ended 19:23:55: WriteEnvironmentStrings. Return value 1.
Action start 19:23:55: RegisterFonts.
Action ended 19:23:55: RegisterFonts. Return value 1.
Action start 19:23:55: RegisterTypeLibraries.
Action ended 19:23:55: RegisterTypeLibraries. Return value 1.
Action start 19:23:55: SelfRegModules.
Action ended 19:23:55: SelfRegModules. Return value 1.
Action start 19:23:55: RegisterComPlus.
Action ended 19:23:55: RegisterComPlus. Return value 0.
Action start 19:23:55: InstallServices.
Action ended 19:23:55: InstallServices. Return value 1.
Action start 19:23:55: StartServices.
Action ended 19:23:55: StartServices. Return value 1.
Action start 19:23:55: RegisterUser.
Action ended 19:23:55: RegisterUser. Return value 1.
Action start 19:23:55: RegisterProduct.
Action ended 19:23:55: RegisterProduct. Return value 1.
Action start 19:23:55: PublishComponents.
Action ended 19:23:55: PublishComponents. Return value 1.
Action start 19:23:55: MsiPublishAssemblies.
Action ended 19:23:55: MsiPublishAssemblies. Return value 1.
Action start 19:23:55: PublishFeatures.
Action ended 19:23:55: PublishFeatures. Return value 1.
Action start 19:23:55: PublishProduct.
Action ended 19:23:55: PublishProduct. Return value 1.
Action start 19:23:55: InstallFinalize.
<Func Name='Wdsfpca_AddRefcountMsxml'>
<Func Name='RegAddRefcountMsxml'>
Finding the key CLSID\{2933BF******************3E60}\SideBySide; the result is: 0
RefCount has the existing value: 2
Version60RefCount will create a new value with 1
AddRefcountMsxml returns the code 0
<EndFunc Name='Wdsfpca_AddRefcountMsxml' Return='0' GetLastError='0'>
Action ended 19:23:56: InstallFinalize. Return value 1.
Action start 19:23:56: RemoveExistingProducts.
Action ended 19:23:56: RemoveExistingProducts. Return value 1.
Action ended 19:23:56: INSTALL. Return value 1.
Property(S): ProductCode = {5A71************************533C}
Property(S): Manufacturer = Microsoft Corporation
Property(S): ProductVersion = 6.00.3890.0
Property(S): ProductLanguage = 1033
Property(S): UpgradeCode = {1B11************************2C7B}
Property(S): PIDTemplate = 53934<````=````=````=````=`````>@@@@@
Property(S): DiskPrompt = [1]
Property(S): INSTALLLEVEL = 100
Property(S): ALLUSERS = 1
Property(S): InstallMode = Typical
Property(S): ErrorIcon = ErrorIco
Property(S): SuccessIcon = SuccessIco
Property(S): WarningIcon = WarningIco
Property(S): LicenseIcon = LicenseIco
Property(S): SetupIcon = SetupIco
Property(S): CompleteIcon = CompleteIco
Property(S): CustomIcon = CustomIco
Property(S): RepairIcon = RepairIco
Property(S): RemoveIcon = RemoveIco
Property(S): ModifyIcon = ModifyIco
Property(S): NewIcon = NewIco
Property(S): UpIcon = UpIco
Property(S): DialogBanner = BannerBmp
Property(S): WelcomeBmp = WelcomeBmp
Property(S): ApplicationUsers = AllUsers
Property(S): Details = 0
Property(S): AgreeToLicense = No
Property(S): _IsMaintenance = Reinstall
Property(S): _IsMaintenance2 = Modify
Property(S): ReinstallModeText = omus
Property(S): Display_IsBitmapDlg = 1
Property(S): Interrupted = 0
Property(S): ProductID = none
Property(S): SQLServerText1 = 0
Property(S): SQLServerVersionText1 = 0
Property(S): SQLServerVersionText2 = 0
Property(S): SQLServerVersionText3 = 0
Property(S): CA_ERRORCOUNT = 0
Property(S): CA_WARNINGCOUNT = 0
Property(S): CA_SUCCESSCOUNT = 0
Property(S): MINIMUMOS = true
Property(S): UI_SHOWCOPYRIGHT = yes
Property(S): ShowUserRegistrationDlg = 1
Property(S): ErrorDialog = ErrorDlg
Property(S): DefaultUIFont = Tahoma8
Property(S): VersionNT = 501
Property(S): ARPHELPLINK = http://support.microsoft.com/kb/927977
Property(S): SecureCustomProperties = NEWERFOUND.72DE**************0AE1;OLDERFOUND.72DE5B**************70AE1;OLDERFOUND2.72DE5BCD_******************70AE1
Property(S): SourceDir = h:\85eb0**************5bf\
Property(S): TARGETDIR = h:\
Property(S): DesktopFolder = C:\Documents and Settings\All Users\Desktop\
Property(S): ButtonTextStyle = {\ButtonTextStyle}
Property(S): DlgTextStyle = {\DlgTextStyle}
Property(S): DlgTextStyleB = {\DlgTextStyleB}
Property(S): DlgTitleStyle = {\DlgTitleStyle}
Property(S): DlgTitleStyleB = {\DlgTitleStyleB}
Property(S): FixedStyle = {\FixedStyle}
Property(S): USERNAME = Gummy
Property(S): DialogTitleSetup = Setup
Property(S): DialogTitlePatch = Patch
Property(S): DialogTitleUpgrade = Upgrade
Property(S): Text_ArrowLeft = <
Property(S): Text_ArrowRight = >
Property(S): ButtonText_Next = Next
Property(S): ButtonText_Next_Hot = &Next
Property(S): ButtonText_Cancel = Cancel
Property(S): ButtonText_Cancel_Hot = &Cancel
Property(S): ButtonText_Back = Back
Property(S): ButtonText_Back_Hot = &Back
Property(S): ButtonText_Finish = Finish
Property(S): ButtonText_Finish_Hot = &Finish
Property(S): ButtonText_Update = Update >
Property(S): ButtonText_Update_Hot = &Update >
Property(S): ButtonText_Ok = OK
Property(S): ButtonText_Ok_Hot = &OK
Property(S): ButtonText_Yes = Yes
Property(S): ButtonText_Yes_Hot = &Yes
Property(S): ButtonText_No = No
Property(S): ButtonText_No_Hot = &No
Property(S): ButtonText_Abort = Abort
Property(S): ButtonText_Abort_Hot = &Abort
Property(S): ButtonText_Ignore = Ignore
Property(S): ButtonText_Ignore_Hot = &Ignore
Property(S): ButtonText_Retry = Retry
Property(S): ButtonText_Retry_Hot = &Retry
Property(S): ButtonText_Change = Change...
Property(S): ButtonText_Change_Hot = &Change...
Property(S): ButtonText_Help = Help
Property(S): ButtonText_Help_Hot = &Help
Property(S): ButtonText_Install = Install
Property(S): ButtonText_Install_Hot = &Install
Property(S): ButtonText_Exit = Exit
Property(S): ButtonText_Exit_Hot = &Exit
Property(S): ButtonText_Remove = Remove
Property(S): ButtonText_Remove_Hot = &Remove
Property(S): ButtonText_Space = Space
Property(S): ButtonText_Space_Hot = &Space
Property(S): ButtonText_Browse = Browse...
Property(S): ButtonText_Browse_Hot = Bro&wse...
Property(S): ButtonText_DiskCost = Disk Cost...
Property(S): ButtonText_DiskCost_Hot = &Disk Cost...
Property(S): LabelText_Status = Status
Property(S): LabelText_SerialNumber = &Serial Number:
Property(S): LabelText_UserName = &User Name
Property(S): LabelText_PersonName = Name
Property(S): LabelText_PersonOrganization = Company
Property(S): LabelText_InstallTo = Install to
Property(S): LabelText_Modify = &Modify
Property(S): LabelText_Repair = Re&pair
Property(S): LabelText_Remove = &Remove
Property(S): LabelText_Complete = &Complete
Property(S): LabelText_Custom = Cu&stom
Property(S): LabelText_NetworkLocation = &Network location:
Property(S): LabelText_LookIn = &Look in
Property(S): LabelText_FolderName = &Folder name
Property(S): LabelText_FeatureDescription = Feature description
Property(S): LabelText_CopyFilesFrom = Copy Files from
Property(S): LabelText_InstallFor = Install this application for
Property(S): HeadText_AdminWelcome = Welcome to the Install Wizard for
Property(S): HeadText_InstallWelcome = Welcome to the Install Wizard for
Property(S): HeadText_WelcomePatch = Welcome to the Patch for
Property(S): HeadText_SetupWelcome = Welcome to the
Property(S): HeadText_SetupWelcome2 = Setup
Property(S): HeadText_ResumeInstall = Resuming the Install Wizard for
Property(S): HeadText_SetupInterrupted = Setup Interrupted
Property(S): HeadText_LicenseAgreement = License Agreement
Property(S): HeadText_FeatureSelection = Feature Selection
Property(S): HeadText_NetworkLocation = Network Location
Property(S): HeadText_ProgramMaintenance = Program Maintenance
Property(S): HeadText_DiskSpaceRequirements = Disk Space Requirements
Property(S): HeadText_FilesInUse = Files in Use
Property(S): HeadText_DatabaseFolder = Database Folder
Property(S): HeadText_RegistrationInformation = Registration Information
Property(S): HeadText_CompletingSetup = Completing the
Property(S): HeadText_CompletingSetup2 = Setup
Property(S): HeadText_InstallingProduct = Installing
Property(S): HeadText_UninstallProduct = Uninstalling
Property(S): HeadText_ChangeDestinationFolder = Change Current Destination Folder
Property(S): HeadText_ReadyInstall = Ready to Install the Program
Property(S): HeadText_ReadyRepair = Ready to Repair the Program
Property(S): HeadText_ReadyModify = Ready to Modify the Program
Property(S): HeadText_RemoveProgram = Remove the Program
Property(S): HeadText_OutOfDiskSpace = Out of Disk Space
Property(S): DescText_FilesInUse = Some files that need to be updated are currently in use.
Property(S): DescText_RegistrationInformation = The following information will personalize your installation.
Property(S): DescText_ServerImage = Setup will create a server image of
Property(S): DescText_ServerImage2 = at a specified network location. To continue, click Next.
Property(S): DescText_InstallModifyRemove = Setup helps you install, modify or remove
Property(S): DescText_InstallModifyRemove2 = . To continue, click Next.
Property(S): DescText_PatchInstall = The Install Wizard will install the Patch for
Property(S): DescText_PatchInstall2 = on your computer. To continue, click Update.
Property(S): DescText_WizardComplete = The Install Wizard will complete the installation of
Property(S): DescText_WizardComplete2 = on your computer. To continue, click Next.
Property(S): DescText_CompleteSuspended = The Install Wizard will complete the suspended installation of
Property(S): DescText_CompleteSuspended2 = on your computer. To continue, click Next.
Property(S): DescText_SuccessfulInstallation = Setup has installed
Property(S): DescText_SuccessfulInstallation2 = successfully. Click Finish to exit.
Property(S): DescText_SuccessfulRemove = Setup has removed
Property(S): DescText_SuccessfulRemove2 = successfully. Click Finish to exit.
Property(S): DescText_SuccessfulRepair = Setup has repaired
Property(S): DescText_SuccessfulRepair2 = successfully. Click Finish to exit.
Property(S): DescText_SuccessfulModify = Setup has modified
Property(S): DescText_SuccessfulModify2 = successfully. Click Finish to exit.
Property(S): DescText_SetupInterrupted = Setup was interrupted before
Property(S): DescText_SetupInterrupted2 = could be completely installed.
Property(S): DescText_PreparingSetup = Setup is preparing the Install Wizard which will guide you through the program setup process. Please wait.
Property(S): DescText_FeatureSelection = Select the program features you want installed.
Property(S): DescText_ProgramFeaturesInstall = The program features you selected are being installed.
Property(S): DescText_ProgramFeaturesUninstall = The program features you selected are being uninstalled.
Property(S): DescText_ReadLicense = Please read the following license agreement carefully.
Property(S): DescText_SpecifyNetworkLocation = Specify a network location for the server image of the product.
Property(S): DescText_BrowseDestination = Browse to the destination folder.
Property(S): DescText_ModifyRepairRemove = Repair or remove the program.
Property(S): DescText_ReadyInstallation = Setup is ready to begin installation.
Property(S): DescText_ChosenRemove = You have chosen to remove the program from your system.
Property(S): DescText_DiskSpaceRequirements = The disk space required for the installation of the selected features.
Property(S): DescText_DiskExceedsAvailable = Disk space required for the installation exceeds available disk space.
Property(S): Text_ReRunSetup = Your system has not been modified. To complete installation at another time, please run setup again.
Property(S): Text_FinishExit = Click Finish to exit Setup.
Property(S): Text_RestoreState = You can either keep any existing installed elements on your system to continue this installation at a later time or you can restore your system to its original state prior to the installation.
Property(S): Text_RestoreClick = Click Restore or Continue Later to exit Setup.
Property(S): Text_InstallWait = Please wait while the Install Wizard installs
Property(S): Text_InstallWait2 = . This may take several minutes.
Property(S): Text_UninstallWaitText = Please wait while the Install Wizard uninstalls
Property(S): Text_UninstallWaitText2 = . This may take several minutes.
Property(S): Text_UninstallWait = Please wait while the Install Wizard uninstalls
Property(S): Text_UninstallWait2 = . This may take several minutes.
Property(S): Text_ProgressDone = Progress done
Property(S): Text_Copyright = WARNING: This program is protected by copyright law and international treaties.
Property(S): Text_BeginInstallation = Click Install to begin the installation.
Property(S): Text_ReviewChange = If you want to review or change any of your installation settings, click Back. Click Cancel to exit Setup.
Property(S): Text_AlterFeatureInstall = Click an icon in the following list to change how a feature is installed.
Property(S): Text_ConfirmExit = The installation is not yet complete. Are you sure you want to exit?
Property(S): Text_FeatureSelectionDescription = This feature requires 4 MB on your hard drive.
Property(S): Text_EnterNetworkLocation = Enter the network location or click Change to browse to a location. Click Install to create a server image of
Property(S): Text_EnterNetworkLocation2 = at the specified network location or click Cancel to exit Setup.
Property(S): Text_SelectDifferentDrive = The highlighted volumes do not have enough disk space available for the currently selected features. You can remove files from the highlighted volumes, choose to install less features onto local drives, or select different destination drives.
Property(S): Text_RepairInstallationErrors = Repair installation errors in the program. This option fixes missing or corrupt files, shortcuts, and registry entries.
Property(S): Text_RemoveFromComputer = Remove
Property(S): Text_RemoveFromComputer2 = from your computer.
Property(S): Text_UsingFilesRetry = The following applications are using files that need to be updated by this setup. Close these applications and click Retry to continue.
Property(S): Text_ClickRemove = Click Remove to remove
Property(S): Text_ClickRemove2 = from your computer. After removal, this program will no longer be available for use.
Property(S): Text_ReviewChangeBack = If you want to review or change any settings, click Back.
Property(S): Text_AllUsers = &Anyone who uses this computer (all users)
Property(S): Text_OnlyMe = Only for &me ([USERNAME])
Property(S): Text_NotAcceptTerms = I &do not accept the terms in the license agreement
Property(S): Text_AcceptTerms = I &accept the terms in the license agreement
Property(S): Text_RegInfoNameAndOrg = Enter your name and the name of your organization in the fields below.
Property(S): Text_RegInfoOrg = Enter the name of your organization in the field below.
Property(S): Upgrade_Confirmation = A lower version of this product has been detected on your system. Would you like to upgrade your existing installation?
Property(S): AdminMessage = Setup requires user to be in the administrator group in order to continue the installation process. Setup is aborting as the current user is not in the administrator group.
Property(S): SupportedOSMessage = Installation of this product failed because it is not supported on this operating system. For information on supported configurations, see the product documentation.
Property(S): ShortCutText = MSXML 6.0
Property(S): DialogTitle = MSXML 6.0 Parser Setup (KB927977)
Property(S): ProductName = MSXML 6.0 Parser (KB927977)
Property(S): ShortName = MSXML 6.0 Parser (KB927977)
Property(S): WrongPackage = This MSXML6.0 package is not supported on the current processor type.
Property(S): DialogPatchTitle = MSXML 6.0 Parser Patch (KB927977)
Property(S): SystemFolder = C:\WINDOWS\system32\
Property(S): WdSfpCaMainModId.41646F16_**************14B9D = 86F857F6_***************27E09
Property(S): AppGuidRegKey = Wdsfpca_Uninstall_RegKey.86F857F6_*****************27E09
Property(S): PackageCode = {7AB1985C-****************04E9}
Property(S): ProductState = -1
Property(S): PackagecodeChanging = 1
Property(S): REBOOT = ReallySuppress
Property(S): CURRENTDIRECTORY = h:\85eb*****************b5bf
Property(S): CLIENTUILEVEL = 3
Property(S): CLIENTPROCESSID = 180
Property(S): VersionDatabase = 300
Property(S): VersionMsi = 3.01
Property(S): WindowsBuild = 2600
Property(S): ServicePackLevel = 2
Property(S): ServicePackLevelMinor = 0
Property(S): MsiNTProductType = 1
Property(S): MsiNTSuitePersonal = 1
Property(S): WindowsFolder = C:\WINDOWS\
Property(S): WindowsVolume = C:\
Property(S): System16Folder = C:\WINDOWS\system\
Property(S): RemoteAdminTS = 1
Property(S): TempFolder = C:\DOCUME~1\Scotty\LOCALS~1\Temp\
Property(S): ProgramFilesFolder = C:\Program Files\
Property(S): CommonFilesFolder = C:\Program Files\Common Files\
Property(S): AppDataFolder = C:\Documents and Settings\Scotty\Application Data\
Property(S): FavoritesFolder = C:\Documents and Settings\Scotty\Favorites\
Property(S): NetHoodFolder = C:\Documents and Settings\Scotty\NetHood\
Property(S): PersonalFolder = C:\My Documents\
Property(S): PrintHoodFolder = C:\Documents and Settings\Scotty\PrintHood\
Property(S): RecentFolder = C:\Documents and Settings\Scotty\Recent\
Property(S): SendToFolder = C:\Documents and Settings\Scotty\SendTo\
Property(S): TemplateFolder = C:\Documents and Settings\All Users\Templates\
Property(S): CommonAppDataFolder = C:\Documents and Settings\All Users\Application Data\
Property(S): LocalAppDataFolder = C:\Documents and Settings\Scotty\Local Settings\Application Data\
Property(S): MyPicturesFolder = C:\My Documents\My Pictures\
Property(S): AdminToolsFolder = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\
Property(S): StartupFolder = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Property(S): ProgramMenuFolder = C:\Documents and Settings\All Users\Start Menu\Programs\
Property(S): StartMenuFolder = C:\Documents and Settings\All Users\Start Menu\
Property(S): FontsFolder = C:\WINDOWS\Fonts\
Property(S): GPTSupport = 1
Property(S): OLEAdvtSupport = 1
Property(S): ShellAdvtSupport = 1
Property(S): Intel = 15
Property(S): PhysicalMemory = 3072
Property(S): VirtualMemory = 4572
Property(S): AdminUser = 1
Property(S): LogonUser = Scotty
Property(S): UserSID = S-1-5-21-1******************************-1004
Property(S): UserLanguageID = 1033
Property(S): ComputerName = COMPUTER1
Property(S): SystemLanguageID = 1033
Property(S): ScreenX = 1280
Property(S): ScreenY = 1024
Property(S): CaptionHeight = 26
Property(S): BorderTop = 1
Property(S): BorderSide = 1
Property(S): TextHeight = 16
Property(S): ColorBits = 32
Property(S): TTCSupport = 1
Property(S): Time = 19:23:56
Property(S): Date = 8/12/2007
Property(S): MsiNetAssemblySupport = 2.0.50727.42
Property(S): MsiWin32AssemblySupport = 5.1.2600.3019
Property(S): RedirectedDllSupport = 2
Property(S): Privileged = 1
Property(S): DATABASE = C:\WINDOWS\Installer\47ce24.msi
Property(S): OriginalDatabase = h:\85eb***************b5bf\msxml6.msi
Property(S): UILevel = 2
Property(S): ROOTDRIVE = h:\
Property(S): CostingComplete = 1
Property(S): OutOfDiskSpace = 0
Property(S): OutOfNoRbDiskSpace = 0
Property(S): PrimaryVolumeSpaceAvailable = 0
Property(S): PrimaryVolumeSpaceRequired = 0
Property(S): PrimaryVolumeSpaceRemaining = 0
Property(S): SOURCEDIR = h:\85eb******************b5bf\
Property(S): SourcedirProduct = {5A710***********************533C}
Property(S): ProductToBeRegistered = 1
MSI (s) (5C:7C) [19:23:56:578]: Product: MSXML 6.0 Parser (KB927977) -- Installation completed successfully.

=== Logging stopped: 8/12/2007 19:23:56 ===

At this point, i had not even opened this partition let alone linked anything to it - it is only for Data storage. I checked the Microsoft website & tried some google variation but could not find anything relating to this.

My question: Is this a calling card of a hacker? Or is it a valid Windows/program log file? If so, why did it end up in H:/? Doesn't Windows set aside a Temp folder in the OS partition for this sort of stuff?

Thanks in advance

BC AdBot (Login to Remove)


#2 usasma


    Still visually handicapped (avatar is memory developed by my Dad

  • BSOD Kernel Dump Expert
  • 25,091 posts
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:07:57 PM

Posted 17 August 2007 - 06:05 AM

This appears to be the setup log file for MSXML 6.0 Parser (KB927977) - but it's not in the correct location according to this article: http://support.microsoft.com/kb/927977.

BUT this:

A detailed log of the installation process will be located in the file that is specified in the command. In this example, the file is c:\KB927977.log.

seems to indicate that the location of the log (and it's name) can be customized.

In short, I don't think it's malicious, but a scan never hurts! :thumbsup:
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#3 Gummy

  • Topic Starter

  • Members
  • 4 posts
  • Local time:06:57 PM

Posted 18 August 2007 - 10:33 PM

Phew, that's a relief. Thanks for that Usasma.


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users