WPDNSE Director - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

WPDNSE Director The directory is very big (3276 MB) an can´t be removed or accessed.

#1 longo203

  • Group: Member
  • Posts: 4
  • Joined: 18-June 07

Posted 18 June 2007 - 03:40 AM

High t5o all,

The directory named above is placed in an old user-profile of the last system. This user doesn´t exist in the system now, the data is only a kind of backup, if some data is missing. Today I checked my system-partition and recognized a lack of diskspace. I don´t know where the directory comes from and how. The system was installed new one week ago. OK, for the first here the logfile.

cu
-------------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:28:21, on 18.06.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Launch Manager\QtZgAcer.EXE
C:\Programme\PhraseExpress\PhraseExpress.exe
C:\Programme\ClocX\ClocX.exe
C:\Programme\OO Software\CleverCache\ooccctrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Programme\Grisoft\AVG7\avgcc.exe
C:\PROGRAMME\ROUTER~1\ROUTERCONTROL.EXE
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Shutdown4U\Shutdown4U.exe
C:\Programme\Weather Watcher\ww.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
C:\Programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\Programme\Symantec\Norton Commander\Nc_sched.exe
C:\Programme\Klebezettel NG\klebez.exe
C:\Programme\FreshDevices\FreshDownload\FD.EXE
C:\Programme\Buyertools Reminder\Reminder.exe
C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Runtime Software\RemoteByMail\REM.exe
C:\Programme\Sony Ericsson\Mobile\audevicemgr.exe
C:\Programme\Mozilla Thunderbird\thunderbird.exe
C:\Programme\ScrollWall\ScrollWall.exe
C:\Programme\SpeedFan\speedfan.exe
C:\Programme\Workrave\lib\Workrave.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\Programme\Intuwave Ltd\Shared\mRouterRunTime\MROUTE~2.EXE
C:\Programme\Grisoft\AVG7\avgamsvr.exe
C:\Programme\Grisoft\AVG7\avgupsvc.exe
C:\Programme\Grisoft\AVG7\avgemc.exe
C:\Dokumente und Einstellungen\longo203\LOKALE~1\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\eLock\LockServ.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\Sony Ericsson\Mobile\Connectivity Pack\CONNMN~1.EXE
C:\Programme\OO Software\CleverCache\ooccag.exe
C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Grisoft\AVG7\avgfwsrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\Programme\Buyertools Reminder\ReminderAutoBiddingSrv.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Hijackthis\HijackThis.exe
C:\PROGRAMME\MOZILLA FIREFOX\FIREFOX.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\Programme\FreshDevices\FreshDownload\FDCatch.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Buyertools - {7C7A8947-5935-4430-AC0E-E7D04697414E} - C:\Programme\Buyertools Reminder\IEBUTT~1.DLL
O2 - BHO: Hilfsobjekt für Encarta Web-Begleiter - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Encarta Web-Begleiter - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\Programme\FreshDevices\FreshDownload\fdiebar.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [PhraseExpress] C:\Programme\PhraseExpress\PhraseExpress.exe
O4 - HKLM\..\Run: [ClocX] C:\Programme\ClocX\ClocX.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ooccctrl.exe] C:\Programme\OO Software\CleverCache\ooccctrl.exe /tasktray
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [AVG7_CC] C:\Programme\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RouterControl] C:\PROGRAMME\ROUTER~1\ROUTERCONTROL.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\RunOnce: [InstallShieldSetup] "C:\Programme\InstallShield Installation Information\{FC18114B-05A0-11D6-8140-000102E745A6}\Setup.exe" -reboot"C:\Programme\InstallShield Installation Information\{FC18114B-05A0-11D6-8140-000102E745A6}\reboot.ini" -l0x7 /ODBCReboot=1 -zSetConnPKey -zRemConnPDir -zSisReg
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Shutdown4U] C:\Programme\Shutdown4U\Shutdown4U.exe -s
O4 - HKCU\..\Run: [WeatherWatcher] C:\Programme\Weather Watcher\ww.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Programme\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [NC Scheduler] C:\Programme\Symantec\Norton Commander\Nc_sched.exe /Hide
O4 - HKCU\..\Run: [Klebezettel NG] "C:\Programme\Klebezettel NG\klebez.exe"
O4 - HKCU\..\Run: [FreshDownload] "C:\Programme\FreshDevices\FreshDownload\FD.EXE"
O4 - HKCU\..\Run: [EA Core] "C:\Programme\Electronic Arts\EA Link\Core.exe" -silent
O4 - HKCU\..\Run: [Buyertools Reminder] "C:\Programme\Buyertools Reminder\Reminder.exe" /autorun
O4 - Startup: Mozilla Firefox.lnk = C:\Programme\Mozilla Firefox\firefox.exe
O4 - Startup: Mozilla Thunderbird.lnk = C:\Programme\Mozilla Thunderbird\thunderbird.exe
O4 - Startup: ScrollWall.lnk = C:\Programme\ScrollWall\ScrollWall.exe
O4 - Startup: SpeedFan.lnk = C:\Programme\SpeedFan\speedfan.exe
O4 - Startup: Workrave.lnk = C:\Programme\Workrave\lib\Workrave.exe
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O4 - Global Startup: Gomez PEER.lnk = C:\Programme\Gomez\GomezPEER\bin\GomezPEER.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: RemoteByMail.lnk = C:\Programme\Runtime Software\RemoteByMail\REM.exe
O4 - Global Startup: Telefonverbindungsmonitor.lnk = C:\Programme\Sony Ericsson\Mobile\audevicemgr.exe
O8 - Extra context menu item: In RSS Bandit abonnieren - C:\Dokumente und Einstellungen\longo203\Anwendungsdaten\RssBandit\iecontext_subscribebandit.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: RF - Formular ausfüllen - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RF - Formular speichern - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: RF - Menü anpassen - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Buyertools Reminder - {27914077-B4D6-4A0E-9763-76B6E9DD9A81} - C:\Programme\Buyertools Reminder\ReminderIE.exe
O9 - Extra button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Suchleiste - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: FreshDownload - {C5E6117D-2446-4574-A22E-5F86E1119E1D} - C:\Programme\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1181486323890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1181496525835
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Programme\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Programme\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Programme\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\Programme\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Programme\OO Software\CleverCache\ooccag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

#2 OldTimer

  • Group: Global Moderator
  • Posts: 3,261
  • Joined: 11-March 05

Posted 24 June 2007 - 06:28 PM

Hello longo203 and welcome to the G2G HijackThis forum. I don't see any signs of viruses or malware in the log. It is clean.

The WPDNSE folder is used by Windows Media Player. Normally, it cannot be deleted but if it is, it will be re-created after the next system bootup. Files are placed in the folder whenever a transfer is made to or from a portable media device and should be removed when the system is restarted. If they are not, you should be able to empty the folder from Safe Mode.

Cheers.

OT

#3 longo203

  • Group: Member
  • Posts: 4
  • Joined: 18-June 07

Posted 24 June 2007 - 07:29 PM

View PostOldTimer, on Jun 25 2007, 02:28 AM, said:

Hello longo203 and welcome to the G2G HijackThis forum. I don't see any signs of viruses or malware in the log. It is clean.

The WPDNSE folder is used by Windows Media Player. Normally, it cannot be deleted but if it is, it will be re-created after the next system bootup. Files are placed in the folder whenever a transfer is made to or from a portable media device and should be removed when the system is restarted. If they are not, you should be able to empty the folder from Safe Mode.

Cheers.

OT


Hi OT,

That`s one of the problems. I triewd it in safe mode, but without successa.

There is 1 file in

C:\Dokumente und Einstellungen\Longo\Lokale Einstellungen\Temp

named WPDNSE with 3276 MB

nd 1 file in

C:\Acer\download\LockManagement

named RecoveryManagement with 3276 MB.

They have differnt timestamps.

The user longo is from the installation before and not used now.

I have uninstalled the acer-utilities.

I`ve also renemed folders in the path.

Sorry, but no effect.

Uh, any idea, :-).


cherrs.

#4 OldTimer

  • Group: Global Moderator
  • Posts: 3,261
  • Joined: 11-March 05

Posted 25 June 2007 - 03:11 AM

Hi longo203. Since it's being protected by WMP have you tried uninstalling Windows Media Player and then deleting the files?

Cheers.

OT

#5 longo203

  • Group: Member
  • Posts: 4
  • Joined: 18-June 07

  Posted 25 June 2007 - 09:56 AM

View PostOldTimer, on Jun 25 2007, 11:11 AM, said:

Hi longo203. Since it's being protected by WMP have you tried uninstalling Windows Media Player and then deleting the files?

Cheers.

OT


Hi,

I`ve tried it, but it is impossible. For the rollback of version 11 there are "some directories" missing. I installed WMP again, but impossible to rollback.

Now?

cheers,

#6 OldTimer

  • Group: Global Moderator
  • Posts: 3,261
  • Joined: 11-March 05

Posted 25 June 2007 - 02:30 PM

Hi longo203. That's about all the advice I have to offer. Since this is not a malware related issue and deals with WMP I would suggest posting a question to the Digital Video and Audio forum and see if the techs there have any advice or ask the question at Microsoft's Media Player support site here. They might have a better insight into what exactly WMP is doing.

Cheers.

OT

#7 longo203

  • Group: Member
  • Posts: 4
  • Joined: 18-June 07

Posted 25 June 2007 - 03:21 PM

View PostOldTimer, on Jun 25 2007, 10:30 PM, said:

Hi longo203. That's about all the advice I have to offer. Since this is not a malware related issue and deals with WMP I would suggest posting a question to the Digital Video and Audio forum and see if the techs there have any advice or ask the question at Microsoft's Media Player support site here. They might have a better insight into what exactly WMP is doing.

Cheers.

OT


High,

OK, thanks a lot.

Greetings from Carinthia
Bernd

#8 OldTimer

  • Group: Global Moderator
  • Posts: 3,261
  • Joined: 11-March 05

Posted 25 June 2007 - 05:41 PM

You are welcome longo203. I'm sure one of those forums will have an answer.

I will now close this topic. If you have any future malware related questions or issues please start a new topic.

Cheers.

OT

Share this topic:


Page 1 of 1