Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help!


  • This topic is locked This topic is locked
4 replies to this topic

#1 joeman123

joeman123

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:chile
  • Local time:01:33 PM

Posted 18 December 2005 - 09:42 PM

hi , i have desfragmented my pc yesterday and i have encountered that a file cannot be moved.

it's called 'n_qqndrf.dat'

it's in this route: 'C:\WINDOWS\n_qqndrf.dat'

size: 4,00 GB (4.294.967.384 bytes)

size in disk: 4,00 GB (4.294.971.392 bytes)



and i don´t know what can i do.

please help me.

here's the log


Logfile of HijackThis v1.99.1
Scan saved at 23:40:57, on 18-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Logitech\QCDriver\LVCOMS.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Archivos de programa\Softwin\BitDefender8\bdoesrv.exe
C:\Archivos de programa\Softwin\BitDefender8\bdnagent.exe
C:\Archivos de programa\Softwin\BitDefender8\bdswitch.exe
C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Archivos comunes\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\Archivos comunes\Softwin\BitDefender Scan Server\bdss.exe
C:\Archivos de programa\Softwin\BitDefender8\vsserv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\devldr32.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Archivos de programa\Archivos comunes\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Archivos de programa\Softwin\BitDefender8\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Archivos de programa\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Archivos de programa\Softwin\BitDefender8\bdswitch.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Archivos de programa\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D506BC5-C330-4B7D-B3A2-3BEEC2BD20F5}: NameServer = 200.28.4.129 200.28.4.130
O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Archivos de programa\Archivos comunes\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Archivos de programa\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Archivos de programa\Archivos comunes\Softwin\BitDefender Communicator\xcommsvr.exe


thanx.

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 21 December 2005 - 03:21 PM

Try doing it in safe mode

right click the file and look at the properties to see who it belongs to
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 joeman123

joeman123
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:chile
  • Local time:01:33 PM

Posted 02 January 2006 - 03:13 PM

sorry for the delay
happy new year.
i did what you told me and that file hadn't owner:
i deleted it and my quarantine in bitdef.. had full. then i clean the quarantine and my pc have returned to normanl. look the log

Logfile of HijackThis v1.99.1
Scan saved at 17:12:21, on 02-01-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Logitech\QCDriver\LVCOMS.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\archiv~1\softwin\bitdef~1\bdswitch.exe
C:\Archivos de programa\Archivos comunes\Softwin\BitDefender Communicator\xcommsvr.exe
C:\archiv~1\softwin\bitdef~1\bdnagent.exe
C:\ARCHIV~1\softwin\BITDEF~1\bdmcon.exe
C:\Archivos de programa\Softwin\BitDefender9\bdoesrv.exe
C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
C:\Archivos de programa\Archivos comunes\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\Archivos comunes\Softwin\BitDefender Scan Server\bdss.exe
C:\Archivos de programa\Softwin\BitDefender9\vsserv.exe
C:\Archivos de programa\Microsoft Office\OFFICE11\EXCEL.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Archivos de programa\Archivos comunes\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\ARCHIV~1\softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\ARCHIV~1\softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDMCon] c:\ARCHIV~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Archivos de programa\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D506BC5-C330-4B7D-B3A2-3BEEC2BD20F5}: NameServer = 200.28.4.129 200.28.4.130
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Archivos de programa\Archivos comunes\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Archivos de programa\Archivos comunes\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Archivos de programa\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Archivos de programa\Archivos comunes\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 02 January 2006 - 04:42 PM

Log is fine
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#5 joeman123

joeman123
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:chile
  • Local time:01:33 PM

Posted 02 January 2006 - 05:40 PM

hi.
so, i think you can close this topic for now.

very thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users