cannot delete access denied...maybe a virus?

Hi Superdave! Just got done with the AVP and it came up clean. Interesting to note I was sitting and watching the scan it one file came up as 'password protected' but there was no report or way for me to figure out what the file was...
I stillhave combo fix listed as black pudding...do you want me to run that one?

brick wrote:

Hi Superdave! Just got done with the AVP and it came up clean. Interesting to note I was sitting and watching the scan it one file came up as 'password protected' but there was no report or way for me to figure out what the file was...
I stillhave combo fix listed as black pudding...do you want me to run that one?

Yes, please.

here is the combo fix listed as blackpudding log.
Thanks again!

brick

ComboFix 12-03-03.01 - Home 03/04/2012 20:39:56.1.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.3078 [GMT -5:00]
Running from: c:\documents and settings\Home\Desktop\blackpudding.bat.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\SPL1B5.tmp
c:\documents and settings\All Users\SPLBA.tmp
c:\program files\Downloaded Installers
c:\program files\Downloaded Installers\{87e60394-2e62-400d-99c0-c1bea2f9a439}\setup.msi
.
.
((((((((((((((((((((((((( Files Created from 2012-02-05 to 2012-03-05 )))))))))))))))))))))))))))))))
.
.
2012-03-03 20:25 . 2012-03-03 20:25 -------- d-----w- C:\PCHelpForum
2012-03-03 02:52 . 2012-03-03 20:25 -------- d-----w- C:\ComboFix
2012-03-03 02:50 . 2012-03-03 02:50 -------- d-----w- C:\avast! sandbox
2012-03-02 16:38 . 2012-03-02 16:38 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-03-02 02:09 . 2012-03-02 02:09 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\PCHealth
2012-03-01 23:47 . 2012-03-01 23:47 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-14 20:45 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-14 20:45 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-14 20:43 . 2012-02-14 20:43 -------- d-----w- c:\program files\Common Files\Skype
2012-02-14 20:24 . 2012-02-18 16:29 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-05 01:30 . 2011-01-13 20:30 0 ----a-w- c:\documents and settings\Home\Local Settings\Application Data\WavXMapDrive.bat
2012-02-23 16:23 . 2011-06-13 15:36 41184 ----a-w- c:\windows\avastSS.scr
2012-02-23 16:23 . 2011-06-13 15:36 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-23 16:12 . 2011-06-13 15:37 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-23 16:12 . 2011-06-13 15:37 337112 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-23 16:10 . 2011-06-13 15:37 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-23 16:10 . 2011-06-13 15:37 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-23 16:10 . 2011-06-13 15:37 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-02-23 16:10 . 2011-06-13 15:37 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-02-23 16:10 . 2011-06-13 15:37 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 16:07 . 2011-06-13 15:37 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-02-21 20:20 . 2011-06-13 16:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 16:53 . 2008-04-14 07:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-23 18:00 . 2011-12-23 18:00 18944 ----a-r- c:\documents and settings\Home\Application Data\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2011-12-23 18:00 . 2011-12-23 18:00 11264 ----a-r- c:\documents and settings\Home\Application Data\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A1630.exe
2011-12-17 19:46 . 2008-04-14 07:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2008-04-14 07:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2008-04-14 07:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2008-04-14 07:00 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 20:24 . 2010-11-11 23:30 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-15 14:44 . 2011-06-18 19:24 568832 ----a-w- c:\program files\mozilla firefox\plugins\msvcp90.dll
2011-03-15 14:44 . 2011-06-18 19:24 655872 ----a-w- c:\program files\mozilla firefox\plugins\msvcr90.dll
2012-02-18 16:29 . 2012-02-14 20:24 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-02-23 16:23 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2010-10-29 1652736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2000-01-01 405504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2000-01-01 13594624]
"nwiz"="nwiz.exe" [2000-01-01 1657376]
"NVHotkey"="nvHotkey.dll" [2000-01-01 90112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2000-01-01 86016]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2007-09-12 176128]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2007-09-14 75064]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-02-23 4031368]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-06-08 128560]
"lxdmmon.exe"="c:\program files\Lexmark 5000 Series\lxdmmon.exe" [2007-12-14 455336]
"lxdmamon"="c:\program files\Lexmark 5000 Series\lxdmamon.exe" [2007-12-14 25256]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\documents and settings\Home\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Cloudmark DesktopOne.lnk - c:\program files\Cloudmark\Desktop\Service\cdswin.exe [2011-7-28 1107040]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 21:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Home\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\WINDOWS\\system32\\lxdmcoms.exe"=
"c:\\Program Files\\Lexmark 5000 Series\\lxdmmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmtime.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Wave Systems Corp\\Security Wizards\\bin\\Secure 8021x.exe"=
"c:\\Program Files\\ASUS\\Printer Utilities\\UsbService.exe"=
"c:\\Documents and Settings\\Home\\Application Data\\Microsoft\\Installer\\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\\IconBB6A1630.exe"=
.
S0 cerc6;cerc6; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/13/2011 10:37 AM 610648]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/13/2011 10:37 AM 337112]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/13/2011 10:37 AM 20696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/27/2011 4:06 PM 136176]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/11/2010 6:30 PM 652360]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/14/2011 1:01 AM 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [10/14/2011 1:01 AM 399416]
S2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [4/14/2008 2:00 AM 5120]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/27/2011 4:06 PM 136176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/11/2010 6:30 PM 20464]
S3 vuhub;Virtual Usb Hub;c:\windows\system32\drivers\vuhub.sys [1/8/2012 5:45 PM 66432]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MDMXSDK
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-27 21:06]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-27 21:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com/
IE: Download All by ASUS Download - c:\program files\ASUS\RT-N13U Wireless Router Utilities\ASDownloadAll.htm
IE: Download using ASUS Download - c:\program files\ASUS\RT-N13U Wireless Router Utilities\ASDownload.htm
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{2CDA7A26-4598-48B5-8780-03881CEE3E50}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\wgbcqu8j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
AddRemove-Adobe Flash Player Plugin - c:\windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-04 21:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(232)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'lsass.exe'(288)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
Completion time: 2012-03-04 21:04:02
ComboFix-quarantined-files.txt 2012-03-05 02:04
.
Pre-Run: 210,582,843,392 bytes free
Post-Run: 212,043,386,880 bytes free
.
- - End Of File - - 3FC95E6C4B4731EF6D0EC912DEE28C6A

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply
*********************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
  
• Click on the Log tab.
  
• In the Write to log box select the following items.
  
  
  
  • Process << Selected
    
  • Kernel Modules << Selected
    
  • SSDT << Selected
    
  • Kernel Hooks << Selected
    
  • IRP Hooks << NOT Selected
    
  • Ports << NOT Selected
    
  • Hidden Files << Selected
    
  
  
• At the bottom of the page
  
  
  
  • Hidden Objects Only << Selected
    
  
  
• Click on the Create Log button on the bottom right.
  
• After a few seconds a new window should appear.
  
• Select Scan Root Drive. Click on the Start button.
  
• When it is complete a new window will appear to indicate that the scan is finished.
  
• The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
  

Here is the aswMBR log: off to do the next one.

Thanks so much for helping!

brick

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-05 12:10:09
-----------------------------
12:10:09.484 OS Version: Windows 5.1.2600 Service Pack 3
12:10:09.484 Number of processors: 2 586 0xE08
12:10:09.484 ComputerName: HOME-1D0150E67D UserName: Home
12:10:10.843 Initialize success
12:10:11.062 AVAST engine defs: 12030500
12:10:14.359 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:10:14.359 Disk 0 Vendor: WDC_WD2500BEVT-75ZCT2 11.01A11 Size: 238475MB BusType: 3
12:10:14.390 Disk 0 MBR read successfully
12:10:14.390 Disk 0 MBR scan
12:10:14.406 Disk 0 Windows XP default MBR code
12:10:14.406 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238472 MB offset 63
12:10:14.406 Disk 0 scanning sectors +488392065
12:10:14.484 Disk 0 scanning C:\WINDOWS\system32\drivers
12:10:21.781 Service scanning
12:10:35.250 Modules scanning
12:10:40.984 Disk 0 trace - called modules:
12:10:41.000 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
12:10:41.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af79ab8]
12:10:41.000 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\0000007f[0x8af7bf18]
12:10:41.015 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8afbdd98]
12:10:42.312 AVAST engine scan C:\WINDOWS
12:10:51.890 AVAST engine scan C:\WINDOWS\system32
12:13:08.671 AVAST engine scan C:\WINDOWS\system32\drivers
12:13:30.718 AVAST engine scan C:\Documents and Settings\Home
12:50:24.250 AVAST engine scan C:\Documents and Settings\All Users
12:54:08.609 Scan finished successfully
12:56:22.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Home\Desktop\MBR.dat"
12:56:22.015 The log file has been saved successfully to "C:\Documents and Settings\Home\Desktop\aswMBR.txt"

here is the next set:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: B436F000
Module End: B4387000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: B85D2000
Module End: B85D4000
Hidden: Yes

Module Name: \??\C:\DOCUME~1\Home\LOCALS~1\Temp\aswMBR.sys
Service Name: aswMBR
Module Base: B2A78000
Module End: B2A84000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAddBootEntry
Address: B4467DC4
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwAllocateVirtualMemory
Address: B44F4904
Driver Base: B44E9000
Driver End: B453A000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwAssignProcessToJobObject
Address: B4468832
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwClose
Address: B4494ABD
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateEvent
Address: B446D25C
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateEventPair
Address: B446D2A8
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateIoCompletion
Address: B446D39A
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateKey
Address: B4494471
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateMutant
Address: B446D1CA
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateSection
Address: B446D2EC
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateSemaphore
Address: B446D212
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateTimer
Address: B446D354
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDeleteBootEntry
Address: B4467E10
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDeleteKey
Address: B4495183
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDeleteValueKey
Address: B4495439
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDuplicateObject
Address: B446A920
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwEnumerateKey
Address: B4494FEE
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwEnumerateValueKey
Address: B4494E59
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwFreeVirtualMemory
Address: B44F49DE
Driver Base: B44E9000
Driver End: B453A000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwLoadDriver
Address: B4467AA2
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwModifyBootEntry
Address: B4467E5C
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwNotifyChangeKey
Address: B446AC94
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwNotifyChangeMultipleKeys
Address: B4468AD6
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenEvent
Address: B446D286
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenEventPair
Address: B446D2CA
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenIoCompletion
Address: B446D3BE
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenKey
Address: B44947CD
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenMutant
Address: B446D1F0
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenProcess
Address: B446A490
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenSection
Address: B446D326
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenSemaphore
Address: B446D23A
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenThread
Address: B446A6C4
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenTimer
Address: B446D378
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwProtectVirtualMemory
Address: B44F4B4A
Driver Base: B44E9000
Driver End: B453A000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwQueryKey
Address: B4494CD4
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwQueryObject
Address: B44689A2
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwQueryValueKey
Address: B4494B26
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwRenameKey
Address: B44FE858
Driver Base: B44E9000
Driver End: B453A000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwRestoreKey
Address: B4493AE4
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetBootEntryOrder
Address: B4467EA8
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetBootOptions
Address: B4467EF4
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetSystemInformation
Address: B4467B12
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetSystemPowerState
Address: B4467CB6
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetValueKey
Address: B449528A
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwShutdownSystem
Address: B4467C5E
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSystemDebugControl
Address: B4467D26
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwTerminateProcess
Address: B44F4C0A
Driver Base: B44E9000
Driver End: B453A000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwVdmControl
Address: B4467F40
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwWriteVirtualMemory
Address: B44F4A8A
Driver Base: B44E9000
Driver End: B453A000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: ZwCreateProcessEx
At Address: 805D117A
Jump To: B450AA76
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: ZwClose
At Address: 805BC556
Jump To: B450796C
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: PsCreateSystemThread
At Address: 805D117A
Jump To: B450AA76
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: ObMakeTemporaryObject
At Address: 805BC556
Jump To: B450796C
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: ObInsertObject
At Address: 805C2FDA
Jump To: B450942C
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: ObCloseHandle
At Address: 805BC556
Jump To: B450796C
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Hi Superdave,
Eset scan ran, I also clicked the archive option to scan as well....The scan came up clean.

I attempted to relocated a skype folder in a folder on the desktop and it still won't let me.

Thanks for putting in all this work...I sure we can resolve this issue. Again I have not yet fully downloaded the 'unlocker' and run it. Does the unlocker unlock any locked file, folder, and let me rename them and allow me to delete them or do I have to pick and run the unlocker. The link you provided about 'unlocker' would not open.

brick

Thanks for putting in all this work...I sure we can resolve this issue. Again I have not yet fully downloaded the 'unlocker' and run it. Does the unlocker unlock any locked file, folder, and let me rename them and allow me to delete them or do I have to pick and run the unlocker. The link you provided about 'unlocker' would not open.

Sorry about that link. After UnLocker is installed you just need to right-click on the file or folder and click on Unlocker. Right-click again and select delete.

Superdave, do you think I should try the unlocker? I was also wondering, given the fact that every virus scan we have ran thus far has turned up nothing, that could this be the start of a hard drive failure rather than a virus?
Finally, if I download the unlocker and it doesn't work, what direction do you think I should go?

thanks again!

brick

You mentioned that you tried this but did you do it this way?

1. Turn off Simple File Sharing:
1. Click Start, and then click My Computer.
2. On the Tools menu, click Folder Options, and then click the View tab.
3. Under Advanced Settings, click to clear the Use simple file sharing (Recommended) check box, and then click OK.
2. Right-click the folder that you want to take ownership of, and then click Properties.
3. Click the Security tab, and then click OK on the Security message, if one appears.
4. Click Advanced, and then click the Owner tab.
5. In the Name list, click your user name, Administrator if you are logged in as Administrator, or click the Administrators group.

If you want to take ownership of the contents of that folder, click to select the Replace owner on subcontainers and objects check box.
6. Click OK.

When I get to the security tab I have three items listed...
1. brick's bazinga( HOME 1Do150E67D\Admininstrators)
2. System with nothing else next to it
3. Administrators( HOME 1DO150E67D\Admininstrators)

When I click the advanced tab...under permission is the same three but under the Owner tab on the 1 and 2 are listed...no system.

all three above are listed with Full control

the "inherit from parents entries is check marked.

Effective permissions tab has nothing on the group or user name

still won't let me delete, move or rename.

brick

something which maybe interesting. I went into effective permissions and typed in administrator and it came up with full access to all items listed. I did the same with system, full access....then with Brick's bazinga...it said there was no domain of that name. Which is my account. I actually only have two accounts listed: Brick's bazinga and guest. For some reason I no longer have the Administrators account listed at start up. I tried to make a new account as Administrators and it said one was already made up but I don't see it anywhere, except when in safe mode then the two are listed, brick's and admin. Did I some how delete the administrators account and thus affected the security? How do I find the administrators account that is supposedly still in existence but not at start up. (except in safe mode)

thank you

brick

BUMP

brick

I'm sorry but I can't help very much with those accounts. We should do some cleanup and you could perhaps start a new thread in the software forum to solve that issue.

Download this program and run it Uninstall ComboFix .It will remove ComboFix for you

To turn off Windows XP System Restore:

NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.

1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
5. Click Apply, and then click OK.
****************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
***********************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.

Ok, thanks Superdave! I have come to the conclusion, based on our work here that it might be a software issue or perhaps a hard drive failure situation. i have already looked into the possibility of having to replace the hard drive. I did finish the download of the 'unlocker' and it seems to work, unlocking my files, renaming them etc. I still have this message when I go to download anything it says it fails, but i double click and it works.
thank you for all your attention...

brick

If you want to check your harddrive, here's a good one to use. Just download the one for your make of harddrive, burn it to a Cd with an ISO burner and boot your computer with it.

Run hard drive diagnostics: tacktech.com
Make sure, you select tool, which is appropriate for the brand of your hard drive.
Depending on the program, it'll create bootable floppy, or bootable CD.
If downloaded file is of .iso type, use ImgBurn: imgburn to burn .iso file to a CD (select "Write image file to disc" option), and make the CD bootable.
For Toshiba hard drives, see here:

Note : If you do not know how to set your computer to boot from CD follow the steps [url=http://www.hiren.info/pages/bios-boot-cdrom]here[/url

Thanks Superdave! I will grab my son to help me with that....

do you think I should try to post this and what we have done on the software forum? or hardware one? Do you think someone there might have a solution or at least a direction?

Also, I forgot to mention...I did finally download and run the 'unlocker'. It does indeed unlock the file/folders and lets me rename a folder, sometimes I have to wait to I reboot the system. So it did the job. but frustrating to have my computer not do what it use to do...LOL!

brick

do you think I should try to post this and what we have done on the software forum? or hardware one? Do you think someone there might have a solution or at least a direction?

Also, I forgot to mention...I did finally download and run the 'unlocker'. It does indeed unlock the file/folders and lets me rename a folder, sometimes I have to wait to I reboot the system. So it did the job. but frustrating to have my computer not do what it use to do...LOL!

Once you run the harddrive diagnostic you will know whether or not the drive is good. As for the other; malware sometimes does so much damage that it's easier to re-install the OS than to try and fix it especially from such a long distance.