odd folders........!

[indrajit]

I’m using Win XP Pro with SP2. I have a 40 GB hard disk split in three partitions namely C (system), D and E.

Since a few days I’m noticing three folders in my D drive by the name 1eaec33d759, 5266d644c14fa3548b706e and a469cc426d55e67413d851cf20d.

All the three folders have a sub folder by the name sp1, which cannot be accessed or deleted. On clicking on sp1 it says access is denied.

Does any one have any clue what these are? I’m using eTrust EZ Antivirus (regularly updated) and it didn’t detect these as virus. I’ve scanned using stinger too.
Any suggestions?

 

[vysakh]

have u installed windows XP SP1
looks like it is a temporary folder

 

[indrajit]

I used to update Windows from net, but don't remember instaling SP1. As I said, I'v installed SP2.
But even if those are folders caused due to SP1 why are they inaccessible?

 

[NikhilVerma]

If they are in some floder named temp or msdownload.temp etc.etc then you can delete it..

Other wise if it's in program Files ... Then never delete it.... they might be essential for the running of the system...

 

[indrajit]

I already mentioned the names of the folders in the starting post. They are in my D drive, not in system drive and except for the name of the sub folders (SP1) nothing suggests they have any connection to Microsoft related products. And then again SP1 might not nescessarily be Service Pack 1.

 

[theraven]

try starting in safe mode and delete it
or get the taskmanager up
shutdown explorer.exe process
from file=> run type cmd
and now browse to ur folder and manually delete the folders using
"deltree <folder name>"

SP1 = service pack 1 or no ... the folder is not required

 

[NikhilVerma]

Just place the folders somewhere else... And If you system works fine then delete them....

It's that simple

 

[indrajit]

Just place the folders somewhere else... And If you system works fine then delete them....

It's that simple

I told this before, the folders are inaccessible, can't move or delete them. Even can't get inside the sub folders; says access is denied!

@ Raven: I'll try your suggestion and post whether it was a success or not.

 

[IG]

might be from sys restore...

 

[Ashis]

Hide Them (If possible) or delete them in Safe Mode as mention Earlier.

 

[it_waaznt_me]

Hmm.. Those folders are usualy created by WindowsUpdate .. You can safely delete them ... To find which program has locked that folder you can use WhoLockMe ..

 

[Aseem Nasnodkar]

I guess they r system folders of sp. I have seen them on my sys too

 

[indrajit]

try starting in safe mode and delete it
or get the taskmanager up
shutdown explorer.exe process
from file=> run type cmd
and now browse to ur folder and manually delete the folders using
"deltree <folder name>"

Tried what you said, didn't work.

Hmm.. Those folders are usualy created by WindowsUpdate .. You can safely delete them ... To find which program has locked that folder you can use WhoLockMe ..

My OS is Win XP PRO.
Installed WhoLockMe. When I right clicked on those folders and clicked on WhoLockMe nothing happened. I use PC Security to lock folders. I tried WhoLockMe on one of the folders locked by me using PC Security but this time too nothing happened.
Tried to delete the folders using TuneUp Shredder (component of TuneUp Utilities), but got the same message, "Access Denied"!

Arrrgh! HELP!

 

[busyanuj]

and now browse to ur folder and manually delete the folders using
"deltree <folder name>"

The deltree command doesn't run in XP.

My OS is Win XP PRO.
Installed WhoLockMe. When I right clicked on those folders and clicked on WhoLockMe nothing happened. I use PC Security to lock folders. I tried WhoLockMe on one of the folders locked by me using PC Security but this time too nothing happened.
Tried to delete the folders using TuneUp Shredder (component of TuneUp Utilities), but got the same message, "Access Denied"!

Arrrgh! HELP!

if you have a second OS installed, boot from it.
you will be able to delete the folder from there.

 

[indrajit]

The deltree command doesn't run in XP.

Yep! Didn't work.

I'v Win XP Pro and Red Hat Linux 8 as two OSs. Can't delete anything in windows from Linux! So that wont help. Can't format the drive cause it has got huge amount of data. And btw the folders are not harming me in any way, its just irritating!

 

[it_waaznt_me]

Hmmm... Does this thing help ... ?

 

[indrajit]

Hmmm... Does this thing help ... ?

I think "dellater" can work with a file only. Mine are folders. Tried it. Didn't work.

 

[theraven]

aah jsorry abt the deltree command
when u get to cmd after shutting down explorer ..
tru gettin into the folder by using the "cd" command
then in each folder and sub folder run "del *.*"
after all folders and sub folders are empty u can remove them by using the "Rd" command

 

[ShekharPalash]

do following things... and report...

properties>customize is accessuble or not??
is "read-only" or hidden is grayed out?

kill explorer and all WU services and try to move/delete

post ur hijackthis log... may be some naughty startup stuff using them...

check ur drives for eror... defrag them...

hey!... did u inteeeerrrupttt the process when u tried to delete them thru tune-up shredrer???

if yes, then it could create problem... i had a similar case... when i tried to delete shortcut of max payne 2 from my start menu....

access denied... no move no delete... even righclick were not working on it.... but when i uninstalled max payne 2 after 1 month that shortcut also removed....

why don't u try to uninstall some WUs if you have their backup... and WU ebsite is always there to get them... ??

also if u hav system retore enabled and have a restore point before all these irritation started.... restore it back!

but don't forget to backup ur current file

njoy.

 

[indrajit]

@Raven:

When I got inside the directory and typed “del *.*� it asked for deleting confirmation. I typed in ‘Y’ and then checked using ‘dir’. The sub directory ‘sp1’ was still there. From inside the folder I tried “rd sp1� but says ‘access is denied’.

@ShekharPalash:

Yes, properties>customize is accessible. The folders are marked read only and no option is grayed out. Tried deleting after unchecking read only, didn’t work.

What do you mean by "WU services"?

Already defraged the drives and checked using scandisk. No error.

These folders are there for quite sometime. Don’t remember how long exactly they have been there. So trying system restore is a problem cause that will cause several unwanted changes in the system.

hey!... did u inteeeerrrupttt the process when u tried to delete them thru tune-up shredrer???

Didn’t get you.

This is my HijackThis Log:

Logfile of HijackThis v1.98.2
Scan saved at 11:28:16 AM, on 11/13/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\winser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\winwd.exe
C:\WINDOWS\sdaemon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\Tapas\LOCALS~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = *www.rediff.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = *crackspider.net/ie/assist.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CHotKey] mHotkey.exe
O4 - HKLM\..\Run: [EPSON Stylus C41 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C41 Series" /O6 "USB001" /M "Stylus C41"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SDaemon] C:\WINDOWS\sdaemon.exe
O4 - HKLM\..\Run: [SWd] C:\WINDOWS\winwd.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - *www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - *v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096662908781
O17 - HKLM\System\CCS\Services\Tcpip\..\{58769E06-2020-4F49-AC41-2A23548D595F}: NameServer = 172.100.10.1