WiredWX Hobby Weather ToolsLog in

 


cannot delete access denied...maybe a virus?

2 posters

descriptioncannot delete access denied...maybe a virus? - Page 2 EmptyRe: cannot delete access denied...maybe a virus?

more_horiz
I can't deleted anything so I can't delete the combo fixes already downloaded.

Did you try dragging ComboFix to the Recycle Bin?

descriptioncannot delete access denied...maybe a virus? - Page 2 EmptyRe: cannot delete access denied...maybe a virus?

more_horiz
Yes and I get this message....."Error deleting file or folder cannot delete access denied Make sure disk is not full or write protected and that the file is not currently in use."

we checked the c drive it has 195 gb of free space. I don't know how it would have been write protected or anything write protected. I can't delete anything at all. I can down load but then it gives me a message ( which I posted on already ) but I can re click the download and then it downloads and runs. ( with the exception of combo fix not running)
This originally made me think it was a hardware or software issue, but then I was advised it might be a virus. I am baffled.

descriptioncannot delete access denied...maybe a virus? - Page 2 EmptyRe: cannot delete access denied...maybe a virus?

more_horiz
Can you do anything to the file such as change the name? Did you try deleting them in Safe Mode? Have you tried UnLocker?

You can download and install Unlocker .

Here's some info on how to use Unlocker.

Please update and run MBAM and post the log.

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

  • Save it to your desktop.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the License agreement and click on next.
  • It will, by default, install it to your desktop folder. Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

descriptioncannot delete access denied...maybe a virus? - Page 2 EmptyRe: cannot delete access denied...maybe a virus?

more_horiz
Hi Superdave,
while waiting for your response I went into safemode and I am able to delete folders and pictures etc. But only in safe mode. I restarted and down loaded a picture and tried to delete it and it denied my access to delete it again. I did download 'unlocker' but did not run it when I saw Babylon attached to it...
I can not change a name of a file either...

I did not also use unlocker because I was getting the download error too and since I could not delete anything it seemed odd to have to download a program to do what the computer use to do anyway. KWIM?

ok...I am off to do the above instructions...wish me luck.

brick

descriptioncannot delete access denied...maybe a virus? - Page 2 EmptyRe: cannot delete access denied...maybe a virus?

more_horiz
I did download 'unlocker' but did not run it when I saw Babylon attached to it...

You don't have to accept the Babylon Toolbar. Just uncheck it.
You can try this also. It should already be on your computer.


* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.

Look through the list and let me know if anything was found infected.

descriptioncannot delete access denied...maybe a virus? - Page 2 EmptyRe: cannot delete access denied...maybe a virus?

more_horiz
do you want quick scans or full scans?

FYI: I found I can delete a picture by holding the shift key and pressing delete. But it does not end up in the recycle folder...it is gone.

basically I get an access denied on anything I try to do at this point. It might change the wording but always access denied...so weird...

still running scans.

descriptioncannot delete access denied...maybe a virus? - Page 2 EmptyRe: cannot delete access denied...maybe a virus?

more_horiz
first scan I ran the windows one mrt.exe came back clean. Now running the malwarebytes one. will do the avp tool next,mostly likely in the morning. I have not used the unlocker yet. Would you like me to do that after the avp one? And would the unlocker work for when I want to move a file to a file. For example I wanted to move the skype shortcut on the desktop screen to a folder I called 'extra icons'.. It gives me an access denied message when I try to move it or delete the icon. would the unlocker work for that type of stuff too? Finally I could not open the page link with the information about unlocker. I get this issue sometimes. Another example is I can never access the cnet download pages, not through firefox and not through IE. I can access their articles but NOT their download pages and only on my pc, I can on our family desktops and the kids pcs.
Thanks again for helping me...

brick

descriptioncannot delete access denied...maybe a virus? - Page 2 EmptyRe: cannot delete access denied...maybe a virus?

more_horiz
Here is the malwarebytes log: next the avp one. Just to remind you that I have yet to run the blackpudding scan...
thanks,

brick

Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.04.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Home :: HOME-1D0150E67D [administrator]

Protection: Enabled

3/4/2012 11:42:34 AM
mbam-log-2012-03-04 (11-42-34).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 280526
Time elapsed: 1 hour(s), 32 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

descriptioncannot delete access denied...maybe a virus? - Page 2 EmptyRe: cannot delete access denied...maybe a virus?

more_horiz
Ok, downloaded the avp file and once again I get this message..again dealing with folders...
'contents could not be saved because you can not change contents of that folder. ( as if I was trying...what is trying to change those contents?) change the folder properties and try again or try saving in a different location. '( usually I would save my downloads in the download folder, but this is being saved on the desktop)
Seems to me, in my limited computer knowledge, that something is changing my file/folders commands...

But I can re download it and it comes through fine...crazy....
brick

descriptioncannot delete access denied...maybe a virus? - Page 2 EmptyRe: cannot delete access denied...maybe a virus?

more_horiz
Please try updating and running MBAM and ComboFix in Safe Mode.

descriptioncannot delete access denied...maybe a virus? - Page 2 EmptyRe: cannot delete access denied...maybe a virus?

more_horiz
Hi Superdave! Just got done with the AVP and it came up clean. Interesting to note I was sitting and watching the scan it one file came up as 'password protected' but there was no report or way for me to figure out what the file was...
I stillhave combo fix listed as black pudding...do you want me to run that one?

descriptioncannot delete access denied...maybe a virus? - Page 2 EmptyRe: cannot delete access denied...maybe a virus?

more_horiz
brick wrote:
Hi Superdave! Just got done with the AVP and it came up clean. Interesting to note I was sitting and watching the scan it one file came up as 'password protected' but there was no report or way for me to figure out what the file was...
I stillhave combo fix listed as black pudding...do you want me to run that one?


Yes, please.

descriptioncannot delete access denied...maybe a virus? - Page 2 EmptyRe: cannot delete access denied...maybe a virus?

more_horiz
here is the combo fix listed as blackpudding log.
Thanks again!

brick

ComboFix 12-03-03.01 - Home 03/04/2012 20:39:56.1.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.3078 [GMT -5:00]
Running from: c:\documents and settings\Home\Desktop\blackpudding.bat.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\SPL1B5.tmp
c:\documents and settings\All Users\SPLBA.tmp
c:\program files\Downloaded Installers
c:\program files\Downloaded Installers\{87e60394-2e62-400d-99c0-c1bea2f9a439}\setup.msi
.
.
((((((((((((((((((((((((( Files Created from 2012-02-05 to 2012-03-05 )))))))))))))))))))))))))))))))
.
.
2012-03-03 20:25 . 2012-03-03 20:25 -------- d-----w- C:\PCHelpForum
2012-03-03 02:52 . 2012-03-03 20:25 -------- d-----w- C:\ComboFix
2012-03-03 02:50 . 2012-03-03 02:50 -------- d-----w- C:\avast! sandbox
2012-03-02 16:38 . 2012-03-02 16:38 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-03-02 02:09 . 2012-03-02 02:09 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\PCHealth
2012-03-01 23:47 . 2012-03-01 23:47 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-14 20:45 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-14 20:45 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-14 20:43 . 2012-02-14 20:43 -------- d-----w- c:\program files\Common Files\Skype
2012-02-14 20:24 . 2012-02-18 16:29 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-05 01:30 . 2011-01-13 20:30 0 ----a-w- c:\documents and settings\Home\Local Settings\Application Data\WavXMapDrive.bat
2012-02-23 16:23 . 2011-06-13 15:36 41184 ----a-w- c:\windows\avastSS.scr
2012-02-23 16:23 . 2011-06-13 15:36 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-23 16:12 . 2011-06-13 15:37 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-23 16:12 . 2011-06-13 15:37 337112 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-23 16:10 . 2011-06-13 15:37 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-23 16:10 . 2011-06-13 15:37 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-23 16:10 . 2011-06-13 15:37 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-02-23 16:10 . 2011-06-13 15:37 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-02-23 16:10 . 2011-06-13 15:37 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 16:07 . 2011-06-13 15:37 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-02-21 20:20 . 2011-06-13 16:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 16:53 . 2008-04-14 07:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-23 18:00 . 2011-12-23 18:00 18944 ----a-r- c:\documents and settings\Home\Application Data\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2011-12-23 18:00 . 2011-12-23 18:00 11264 ----a-r- c:\documents and settings\Home\Application Data\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A1630.exe
2011-12-17 19:46 . 2008-04-14 07:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2008-04-14 07:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2008-04-14 07:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2008-04-14 07:00 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 20:24 . 2010-11-11 23:30 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-15 14:44 . 2011-06-18 19:24 568832 ----a-w- c:\program files\mozilla firefox\plugins\msvcp90.dll
2011-03-15 14:44 . 2011-06-18 19:24 655872 ----a-w- c:\program files\mozilla firefox\plugins\msvcr90.dll
2012-02-18 16:29 . 2012-02-14 20:24 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-02-23 16:23 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2010-10-29 1652736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2000-01-01 405504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2000-01-01 13594624]
"nwiz"="nwiz.exe" [2000-01-01 1657376]
"NVHotkey"="nvHotkey.dll" [2000-01-01 90112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2000-01-01 86016]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2007-09-12 176128]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2007-09-14 75064]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-02-23 4031368]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-06-08 128560]
"lxdmmon.exe"="c:\program files\Lexmark 5000 Series\lxdmmon.exe" [2007-12-14 455336]
"lxdmamon"="c:\program files\Lexmark 5000 Series\lxdmamon.exe" [2007-12-14 25256]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\documents and settings\Home\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Cloudmark DesktopOne.lnk - c:\program files\Cloudmark\Desktop\Service\cdswin.exe [2011-7-28 1107040]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 21:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Home\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\WINDOWS\\system32\\lxdmcoms.exe"=
"c:\\Program Files\\Lexmark 5000 Series\\lxdmmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmtime.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Wave Systems Corp\\Security Wizards\\bin\\Secure 8021x.exe"=
"c:\\Program Files\\ASUS\\Printer Utilities\\UsbService.exe"=
"c:\\Documents and Settings\\Home\\Application Data\\Microsoft\\Installer\\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\\IconBB6A1630.exe"=
.
S0 cerc6;cerc6; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/13/2011 10:37 AM 610648]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/13/2011 10:37 AM 337112]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/13/2011 10:37 AM 20696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/27/2011 4:06 PM 136176]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/11/2010 6:30 PM 652360]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/14/2011 1:01 AM 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [10/14/2011 1:01 AM 399416]
S2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [4/14/2008 2:00 AM 5120]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/27/2011 4:06 PM 136176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/11/2010 6:30 PM 20464]
S3 vuhub;Virtual Usb Hub;c:\windows\system32\drivers\vuhub.sys [1/8/2012 5:45 PM 66432]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MDMXSDK
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-27 21:06]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-27 21:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com/
IE: Download All by ASUS Download - c:\program files\ASUS\RT-N13U Wireless Router Utilities\ASDownloadAll.htm
IE: Download using ASUS Download - c:\program files\ASUS\RT-N13U Wireless Router Utilities\ASDownload.htm
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{2CDA7A26-4598-48B5-8780-03881CEE3E50}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\wgbcqu8j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
AddRemove-Adobe Flash Player Plugin - c:\windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-04 21:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(232)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'lsass.exe'(288)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
Completion time: 2012-03-04 21:04:02
ComboFix-quarantined-files.txt 2012-03-05 02:04
.
Pre-Run: 210,582,843,392 bytes free
Post-Run: 212,043,386,880 bytes free
.
- - End Of File - - 3FC95E6C4B4731EF6D0EC912DEE28C6A

descriptioncannot delete access denied...maybe a virus? - Page 2 EmptyRe: cannot delete access denied...maybe a virus?

more_horiz
Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

cannot delete access denied...maybe a virus? - Page 2 AswMBR_Scan

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

cannot delete access denied...maybe a virus? - Page 2 AswMBR_SaveLog

On completion of the scan click save log, save it to your desktop and post in your next reply
*********************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.

    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

  • At the bottom of the page

    • Hidden Objects Only << Selected

  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

descriptioncannot delete access denied...maybe a virus? - Page 2 EmptyRe: cannot delete access denied...maybe a virus?

more_horiz
Here is the aswMBR log: off to do the next one.

Thanks so much for helping!

brick

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-05 12:10:09
-----------------------------
12:10:09.484 OS Version: Windows 5.1.2600 Service Pack 3
12:10:09.484 Number of processors: 2 586 0xE08
12:10:09.484 ComputerName: HOME-1D0150E67D UserName: Home
12:10:10.843 Initialize success
12:10:11.062 AVAST engine defs: 12030500
12:10:14.359 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:10:14.359 Disk 0 Vendor: WDC_WD2500BEVT-75ZCT2 11.01A11 Size: 238475MB BusType: 3
12:10:14.390 Disk 0 MBR read successfully
12:10:14.390 Disk 0 MBR scan
12:10:14.406 Disk 0 Windows XP default MBR code
12:10:14.406 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238472 MB offset 63
12:10:14.406 Disk 0 scanning sectors +488392065
12:10:14.484 Disk 0 scanning C:\WINDOWS\system32\drivers
12:10:21.781 Service scanning
12:10:35.250 Modules scanning
12:10:40.984 Disk 0 trace - called modules:
12:10:41.000 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
12:10:41.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af79ab8]
12:10:41.000 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\0000007f[0x8af7bf18]
12:10:41.015 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8afbdd98]
12:10:42.312 AVAST engine scan C:\WINDOWS
12:10:51.890 AVAST engine scan C:\WINDOWS\system32
12:13:08.671 AVAST engine scan C:\WINDOWS\system32\drivers
12:13:30.718 AVAST engine scan C:\Documents and Settings\Home
12:50:24.250 AVAST engine scan C:\Documents and Settings\All Users
12:54:08.609 Scan finished successfully
12:56:22.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Home\Desktop\MBR.dat"
12:56:22.015 The log file has been saved successfully to "C:\Documents and Settings\Home\Desktop\aswMBR.txt"


descriptioncannot delete access denied...maybe a virus? - Page 2 EmptyRe: cannot delete access denied...maybe a virus?

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum