• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Odd folder found on my c:drive? Threat?

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.

dfonda

Senior Golfer
Joined
Feb 25, 2004
Location
N of splat W of Torin
I noticed a folder on my C: drive It was at the top and according to its log it was made on the Nov 16th 06. Its name is 242f46cfdc5efcfea7f6020a0.
In its folder is a text file called msxml4-KB927978-enu and its 283kb of suspicous looking log entries. I have started running all the stuff in the stickies section to detect anything on my system. AVG and Windows defender show things as clean. Antivir gave me alot of warnings mostly about registry keys it couldn't open. ZA is and has been running.

Here is the beginning portion and the end portion of this log file I found.

=== Verbose logging started: 11/16/2006 2:53:32 Build type: SHIP UNICODE 3.01.4000.2435 Calling process: C:\WINDOWS\system32\msiexec.exe ===
MSI (c) (F0:8C) [02:53:32:000]: Resetting cached policy values
MSI (c) (F0:8C) [02:53:32:000]: Machine policy value 'Debug' is 0
MSI (c) (F0:8C) [02:53:32:000]: ******* RunEngine:
******* Product: c:\242f46cfdc5efcf5ea7f6020a0\msxml.msi
******* Action:
******* CommandLine: **********
MSI (c) (F0:8C) [02:53:32:015]: Client-side and UI is none or basic: Running entire install on the server.
MSI (c) (F0:8C) [02:53:32:015]: Grabbed execution mutex.
MSI (c) (F0:8C) [02:53:32:140]: Cloaking enabled.
MSI (c) (F0:8C) [02:53:32:140]: Attempting to enable all disabled priveleges before calling Install on Server
MSI (c) (F0:8C) [02:53:32:156]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (BC:F8) [02:53:32:187]: Grabbed execution mutex.
MSI (s) (BC:D0) [02:53:32:187]: Resetting cached policy values
MSI (s) (BC:D0) [02:53:32:187]: Machine policy value 'Debug' is 0
M


And the end of it.


roperty(S): PrimaryVolumeSpaceRemaining = 0
Property(S): SOURCEDIR = c:\242f46cfdc5efcf5ea7f6020a0\
Property(S): SourcedirProduct = {37477865-A3F1-4772-AD43-AAFC6BCFF99F}
Property(S): ProductToBeRegistered = 1
MSI (s) (BC:D0) [02:53:35:921]: Note: 1: 1707
MSI (s) (BC:D0) [02:53:35:921]: Product: MSXML 4.0 SP2 (KB927978) -- Installation completed successfully.

MSI (s) (BC:D0) [02:53:35:953]: Cleaning up uninstalled install packages, if any exist
MSI (s) (BC:D0) [02:53:35:953]: MainEngineThread is returning 0
MSI (s) (BC:F8) [02:53:36:062]: Destroying RemoteAPI object.
MSI (s) (BC:DC) [02:53:36:062]: Custom Action Manager thread ending.
=== Logging stopped: 11/16/2006 2:53:35 ===
MSI (c) (F0:8C) [02:53:36:062]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (c) (F0:8C) [02:53:36:062]: MainEngineThread is returning 0
=== Verbose logging stopped: 11/16/2006 2:53:36 ===
Anyone recognize this crap.It sure looks bad.
 
:DThank you Dice, I can now lay down my arms and go back to goofing off.

That repeated Grin in the log just seemed weird. Just a coincidence. I moved that log file any need for it?
 
i had the same thing, i think it was left behind from the installation. I deleted that folder, windows didn't give me any errors and after I rebooted, it didn't come back...so its all good
 
nope its perfectly fine to move those. Basically its left over temporary files from the Install. You can use Ccleaner. It'll remove them all.
 
Back