Strange log files

**venik** · 02-05-2007, 09:38 AM

I am getting strange log files in my C:\ directory. Below are the first few lines from one of the recent files, which are generated, it seems, each time I reboot my XP pro (SP 2) 43p Thinkpad. They seem to have something to do with the MS Installer. Can anyone tell me why I am getting these, and how to stop it? I have been deleting them, with no apparent harm.
--------------------------------------

=== Verbose logging started: 2/4/2007 3:00:47 Build type: SHIP UNICODE 3.01.4000.2435 Calling process: C:\WINDOWS\system32\msiexec.exe ===
MSI (c) (18:F8) [03:00:47:812]: Resetting cached policy values
MSI (c) (18:F8) [03:00:47:812]: Machine policy value 'Debug' is 0
MSI (c) (18:F8) [03:00:47:812]: ******* RunEngine:
******* Product: c:\ecfc7a747f660c631cf660f8f3\msxml.msi
******* Action:
******* CommandLine: **********
MSI (c) (18:F8) [03:00:47:812]: Client-side and UI is none or basic: Running entire install on the server.
MSI (c) (18:F8) [03:00:47:812]: Grabbed execution mutex.
MSI (c) (18:F8) [03:00:47:828]: Cloaking enabled.
MSI (c) (18:F8) [03:00:47:828]: Attempting to enable all disabled priveleges before calling Install on Server
MSI (c) (18:F8) [03:00:47:828]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (50:40) [03:00:47:828]: Grabbed execution mutex.
MSI (s) (50:2C) [03:00:47:828]: Resetting cached policy values
MSI (s) (50:2C) [03:00:47:828]: Machine policy value 'Debug' is 0
MSI (s) (50:2C) [03:00:47:828]: ******* RunEngine:
******* Product: c:\ecfc7a747f660c631cf660f8f3\msxml.msi

***Steve R Jones*** · 02-05-2007, 10:29 AM

What are the names of the files?

**Sterling_Aug** · 02-05-2007, 10:37 AM

Originally Posted by venik

MSI (c) (18:F8) [03:00:47:828]: Cloaking enabled.

MSI (c) (18:F8) [03:00:47:828]: Attempting to enable all disabled priveleges before calling Install on Server

MSI (c) (18:F8) [03:00:47:828]: Incrementing counter to disable shutdown. Counter after increment: 0

These few lines have me very worried. I would bet a weeks paycheck that you are infected with a trojan horse virus or some very nasty spyware that is attampting to steal personal data and connect to a remote server in "who knows where, probably Russia".

I would run a full scan using Adware Away.

http://www.adwareaway.com/

**rockinup1231** · 02-05-2007, 12:37 PM

Yeah, that is definately it Sterling. It is resetting everything, and normal downloads should never do that, especially by themselves.

I think I am going to use adware away too. I have three worms (not harmful, not performance killers, just sitting there) that AVG won't kill.

**rockinup1231** · 02-05-2007, 12:46 PM

Thought I should mention that the trial version is only good for a scan.

**Strawbs** · 02-05-2007, 12:49 PM

yep! it's an odds on bet.

a-squared is a free trojan scanner! it might help if adaware away doesn't do the job.

**Sterling_Aug** · 02-05-2007, 01:02 PM

You can try searching for the older version of Adware Away (version 2.2.8.9) which had a 15 day free trial period.

If you can't find it, then I can email it to you.

Let me know.

You may also want to try Counterspy.

**rockinup1231** · 02-05-2007, 01:31 PM

I installed a-squared full (30 day trial), got to the updater, then becuase of my FREAKING faulty psu the whole system locked up and I had to reboot. Then when I tried to use the program again it said the 30 day trial was over.

I know it is my psu 'cause the cd I tried to get the cd rom drive to read resulted in the blinking light to dim out while blinking til it completely died out. But that is a different problem...

Just my luck...

**rockinup1231** · 02-05-2007, 01:45 PM

I was looking for that old version of Adware Away and couldn't find it since so far all the links to the download were to the new version.

I did however find a list of related programs, I really don'r know how good they are.

http://www.softwarelist.us/76.html

**venik** · 02-05-2007, 06:48 PM

Thanks-- I'll try these when I get home. However, I routinely run Spybot Search and Destroy and Adaware. I also have Norton AV running every night.
The name of one of the files is: ecfc7a747f660c631cf660f8f3.log, but the names vary.
I did search the MS KB-- the results were laughable, and really irrelevant, at least as far as I could see.

**venik** · 02-06-2007, 07:50 AM

I have tried A squared-- it was useless, and found nothing.

**venik** · 02-06-2007, 07:57 AM

"If you can't find it, then I can email it to you."

Thanks, Sterling-- I think it is no longer available, so if you could email it to **Email Removed so you don't get smapped to Death.** that would be great. Much appreciated.

**rockinup1231** · 02-06-2007, 08:12 AM

Venik, you should pm (private message) him that info, this is the internet, and open to the public, ya know.

**rockinup1231** · 02-06-2007, 08:13 AM

Hotmail will block the file venik, he sent it to me, I guess Hotmail does that to all apps.

**Sterling_Aug** · 02-06-2007, 09:06 AM

http://www.softpedia.com/get/Interne...are-Away.shtml

Thread: Strange log files

Thread Tools

Search Thread

Display

Strange log files

Posting Permissions