cannot delete access denied...maybe a virus?

2 posters

GeekPolice :: GeekPolice tech support archive :: Technical Support

cannot delete access denied...maybe a virus?2nd March 2012, 7:54 pm

I posted this under software, but I am being advised to post it under virus instead. We have checked the folders and they are marked as read only and when we try to change it, it won't change. I have ran the several scans and they are coming up clean...but I just can't figure out what is going on. Here is my original post I put in software...will delete that one next. I hope someone can figure this out...
Thank you!

Brick

Please forgive me if this is in the wrong place and direct me to the proper place..thank you.

I tried to delete an empty file from "my pictures" this afternoon and got this message. " Cannot delete Access denied Make sure the disk is not full or write protected and that the file is not currently in use" I also got this message when I tried to delete a program I downloaded this evening. I have my account and the computer admin and both have full access...so I should be able to delete what i want. I have not changed anything to my knowledge. Can you help me? I have already been to the Microsoft website and tried to change ownership of the files and that did not help. I also tried to end the process in Task manager and that did not work either. I am at a lost. I use to be able to delete anything. I also turned back the clock to a time I had no issues and that did not help either.
Thank you in advance.

Edit: I would like to add I can move the empty file from my pictures to desktop, but I can not move it to recycle bin. I looked into Unlocker...and I have not used it...this is a strange situation that is affecting any program/file/folder I try to delete or rename..and I never had this issue before. Obviously I would like to figure out what changed on the computer that caused this to happen.

Edit 2: 12 noon..went to download a microsoft safety scanner. After it downloaded and I tried to execute it I got this message: :c/documents and settings/home/mydocuments/msert.exe could not be saved because you cannnot change the contents of that folder. Change the folders properties and try again or try saving to a different location." I then attempted to redownload it and then it executed and open fine. I am now running it. I am not computer smart...learning as I go. Somewhere something has changed on the computer, telling the computer that files/folders are locked and I do not have access. Could some one remotely changed my computer and gained access? if so is that a virus and why has none of the scans picked it up? Did I somehow unknowingly changed something? As of Wednesday I did not have this issue as I was able to download just fine. This occurred yesterday. I first noticed it after downloaded pictures from our digital camera to my computer. The only difference I can think of is the new Avast 7 but I don't think I have downloaded that yet. Again, I can not have successful windows updates either.
Thanks.

Brick

Re: cannot delete access denied...maybe a virus?2nd March 2012, 8:26 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
cannot delete access denied...maybe a virus? Mbamicontw5

cannot delete access denied...maybe a virus? Mbamicontw5

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.

cannot delete access denied...maybe a virus? DDS

cannot delete access denied...maybe a virus? DDS

1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt

Re: cannot delete access denied...maybe a virus?2nd March 2012, 9:34 pm

Hi Superdave!

Thanks so much for responding so quickly. I am in the process of scanning with the superantispyware as directed. I wanted to let you know that this morning I scanned the computer with the superantispyware and with the antimalware ( after updating them both first) and they came up clean. I started an Eset scan (including the archive) this afternoon before I posted my request for help. By the time you responded my scan was at 98 percent. I let it finish the scan as it came up with 4 virus signatures. I copied the information. I will provide the new antispyware and new antimalware scans once completed as well as the eset scan results that I have already saved and ran before the new antispyware and anitmalware. Hope that wasn't too confusing. Yesterday I was sure it was not a virus and thought I had made a change somehow, but I was encouraged today to look into the possibility it was a virus instead. It just didn't act like a virus I have dealt with before. (not letting me delete folders/programs or renaming them and giving me a message of not completing downloads because 'you cannot change the contents of that folder. Change the folder properties and try again or try saving in a different location')
After running the eset scan and deleting the virus signatures the computer still has the same issue...so that may not have made any difference at this point.
I hope I have provided enough information for you. If I have forgotten something let me know. As soon as scans are finished I will post the logs. Thanks again!
brick

Re: cannot delete access denied...maybe a virus?2nd March 2012, 10:39 pm

Here is the eset scan I ran:

C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\wgbcqu8j.default\Cache\4\EA\5ABC2d01 a variant of Win32/Toolbar.Babylon application deleted - quarantined
C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\wgbcqu8j.default\Cache\6\AB\92C46d01 HTML/Iframe.B.Gen virus deleted - quarantined
C:\Documents and Settings\Home\Local Settings\Temp\p_v_IubO.exe.part a variant of Win32/Toolbar.Babylon application deleted - quarantined
C:\Documents and Settings\Home\My Documents\Downloads\Unlocker1.9.1.exe a variant of Win32/Toolbar.Babylon application deleted - quarantined

Re: cannot delete access denied...maybe a virus?2nd March 2012, 10:40 pm

Here is the antispyware scan log:
running the malware next and will post when finished...Thanks!

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/02/2012 at 05:33 PM

Application Version : 5.0.1144

Core Rules Database Version : 8300
Trace Rules Database Version: 6112

Scan type : Complete Scan
Total Scan Time : 01:14:15

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 726
Memory threats detected : 0
Registry items scanned : 33458
Registry threats detected : 0
File items scanned : 110604
File threats detected : 30

Adware.Tracking Cookie
C:\Documents and Settings\Home\Cookies\S88QF2WY.txt [ /atdmt.com ]
C:\Documents and Settings\Home\Cookies\LLOYVBO2.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\Home\Cookies\K272SK2U.txt [ /ads.pointroll.com ]
C:\Documents and Settings\Home\Cookies\F9BRTZ1V.txt [ /c1.atdmt.com ]
C:\Documents and Settings\Home\Cookies\129WVH05.txt [ /pointroll.com ]
content.oddcast.com [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y3SZPXZB ]
ia.media-imdb.com [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y3SZPXZB ]
media.ign.com [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y3SZPXZB ]
media.kohls.com.edgesuite.net [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y3SZPXZB ]
media.movieweb.com [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y3SZPXZB ]
media.mtvnservices.com [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y3SZPXZB ]
media1.break.com [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y3SZPXZB ]
s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y3SZPXZB ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y3SZPXZB ]
speed.pointroll.com [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y3SZPXZB ]
www.99counters.com [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y3SZPXZB ]
www.discountcomputerelectronics.com [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y3SZPXZB ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WGBCQU8J.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WGBCQU8J.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WGBCQU8J.DEFAULT\COOKIES.SQLITE ]
.microsoftsto.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WGBCQU8J.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WGBCQU8J.DEFAULT\COOKIES.SQLITE ]
.paypal.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WGBCQU8J.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WGBCQU8J.DEFAULT\COOKIES.SQLITE ]
.dmtracker.com [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WGBCQU8J.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WGBCQU8J.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WGBCQU8J.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WGBCQU8J.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WGBCQU8J.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WGBCQU8J.DEFAULT\COOKIES.SQLITE ]

Re: cannot delete access denied...maybe a virus?3rd March 2012, 12:22 am

ok, here is the final log. this is from antimalware. thanks!

Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.02.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Home :: HOME-1D0150E67D [administrator]

Protection: Enabled

3/2/2012 5:43:03 PM
mbam-log-2012-03-02 (17-43-03).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 296852
Time elapsed: 1 hour(s), 31 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Re: cannot delete access denied...maybe a virus?3rd March 2012, 12:32 am

here is the dds reports:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Home at 19:27:58 on 2012-03-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2080 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
svchost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdmcoms.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Secunia\PSI\psia.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Lexmark 5000 Series\lxdmamon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Cloudmark\Desktop\Service\cdswin.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Cloudmark\Desktop\clients\cdshookloader.dll
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.foxnews.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
mRun: [EmbassySecurityCheck] "c:\program files\wave systems corp\embassy security setup\EMBASSYSecurityCheck.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [snpstd] c:\windows\vsnpstd.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [lxdmmon.exe] "c:\program files\lexmark 5000 series\lxdmmon.exe"
mRun: [lxdmamon] "c:\program files\lexmark 5000 series\lxdmamon.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\home\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cloudm~1.lnk - c:\program files\cloudmark\desktop\service\cdswin.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
IE: Download All by ASUS Download - c:\program files\asus\rt-n13u wireless router utilities\ASDownloadAll.htm
IE: Download using ASUS Download - c:\program files\asus\rt-n13u wireless router utilities\ASDownload.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1307981588375
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{2CDA7A26-4598-48B5-8780-03881CEE3E50} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{87D3803A-88D8-4D95-BD2B-CA6E75353575} : DhcpNameServer = 192.168.10.1
TCP: Interfaces\{C0208D1A-8316-42EA-9C37-C7C2431C8DD8} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 wvauth
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\home\application data\mozilla\firefox\profiles\wgbcqu8j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppanda3d.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-13 610648]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-13 337112]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-13 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-13 44768]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-11-11 652360]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2008-4-14 5120]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-11 20464]
S0 cerc6;cerc6; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-27 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-27 136176]
S3 vuhub;Virtual Usb Hub;c:\windows\system32\drivers\vuhub.sys [2012-1-8 66432]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-03-02 16:38:16 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-03-02 02:09:01 -------- d-----w- c:\documents and settings\home\local settings\application data\PCHealth
2012-03-01 23:47:23 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-03-01 23:47:23 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-14 20:45:26 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-14 20:45:26 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-14 20:24:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-02-03 01:59:27 -------- d-----w- c:\documents and settings\home\application data\SUPERAntiSpyware.com
2012-02-03 01:58:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-03 01:58:23 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
.
==================== Find3M ====================
.
2012-02-23 16:23:26 41184 ----a-w- c:\windows\avastSS.scr
2012-02-23 16:12:28 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-21 20:20:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-23 22:32:53 689699 ----a-w- c:\documents and settings\all users\SPL1B5.tmp
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-04 21:29:08 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2011-12-04 21:29:07 3357952 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS
.
============= FINISH: 19:28:29.29 ===============

Re: cannot delete access denied...maybe a virus?3rd March 2012, 12:33 am

Finally, the dds log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/11/2010 5:29:35 PM
System Uptime: 3/2/2012 9:29:00 AM (10 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | Microprocessor | 1662/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 195.177 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP219: 12/4/2011 11:08:35 AM - System Checkpoint
RP220: 12/4/2011 3:13:14 PM - Installed SlimDrivers
RP221: 12/4/2011 3:27:00 PM - Removed SlimDrivers
RP222: 12/4/2011 3:40:02 PM - Installed SlimDrivers
RP223: 12/4/2011 3:44:33 PM - SlimDrivers Installing Drivers
RP224: 12/4/2011 4:12:13 PM - Removed Broadcom Gigabit Integrated Controller
RP225: 12/4/2011 4:12:18 PM - Installed Broadcom NetXtreme-I Netlink Driver and Management Installer.
RP226: 12/4/2011 4:35:39 PM - Configured SigmaTel Audio
RP227: 12/4/2011 5:09:32 PM - Restore Operation
RP228: 12/5/2011 6:49:06 PM - System Checkpoint
RP229: 12/6/2011 9:33:43 PM - System Checkpoint
RP230: 12/7/2011 9:36:34 PM - System Checkpoint
RP231: 12/8/2011 9:55:20 PM - System Checkpoint
RP232: 12/9/2011 10:28:10 PM - System Checkpoint
RP233: 12/11/2011 3:49:33 PM - System Checkpoint
RP234: 12/11/2011 7:58:02 PM - Removed Adobe Reader 9.4.6.
RP235: 12/11/2011 7:58:45 PM - Installed Adobe Reader X (10.1.1).
RP236: 12/12/2011 8:14:10 PM - System Checkpoint
RP237: 12/14/2011 11:33:54 AM - System Checkpoint
RP238: 12/14/2011 10:46:52 PM - Software Distribution Service 3.0
RP239: 12/16/2011 1:09:15 PM - System Checkpoint
RP240: 12/18/2011 10:48:52 AM - System Checkpoint
RP241: 12/19/2011 11:31:37 AM - System Checkpoint
RP242: 12/20/2011 12:21:32 PM - System Checkpoint
RP243: 12/21/2011 2:21:54 PM - System Checkpoint
RP244: 12/22/2011 3:14:18 PM - System Checkpoint
RP245: 12/23/2011 1:00:38 PM - Installed WeatherBug
RP246: 12/24/2011 1:35:36 PM - System Checkpoint
RP247: 12/25/2011 8:08:44 PM - System Checkpoint
RP248: 12/27/2011 11:41:25 AM - System Checkpoint
RP249: 12/28/2011 3:11:09 PM - System Checkpoint
RP250: 12/29/2011 3:55:08 PM - System Checkpoint
RP251: 12/30/2011 4:12:40 PM - System Checkpoint
RP252: 12/31/2011 5:20:22 PM - System Checkpoint
RP253: 1/1/2012 6:07:24 PM - System Checkpoint
RP254: 1/1/2012 7:56:47 PM - Software Distribution Service 3.0
RP255: 1/2/2012 12:31:33 PM - Removed Google Earth.
RP256: 1/3/2012 1:18:39 PM - System Checkpoint
RP257: 1/4/2012 1:29:10 PM - System Checkpoint
RP258: 1/5/2012 3:52:48 PM - System Checkpoint
RP259: 1/6/2012 4:59:21 PM - System Checkpoint
RP260: 1/7/2012 5:04:56 PM - System Checkpoint
RP261: 1/8/2012 5:44:15 PM - Installed ASUS RT-N13U Wireless Router Utilities
RP262: 1/8/2012 6:11:22 PM - Installed ASUS RT-N13U Wireless Router Utilities
RP263: 1/9/2012 6:54:39 PM - System Checkpoint
RP264: 1/10/2012 9:24:40 PM - System Checkpoint
RP265: 1/11/2012 12:00:15 PM - Software Distribution Service 3.0
RP266: 1/12/2012 3:40:45 PM - System Checkpoint
RP267: 1/12/2012 9:20:51 PM - Software Distribution Service 3.0
RP268: 1/14/2012 10:49:05 AM - Online Armor installation
RP269: 1/15/2012 2:19:25 PM - System Checkpoint
RP270: 1/16/2012 2:53:06 PM - System Checkpoint
RP271: 1/17/2012 4:37:12 PM - System Checkpoint
RP272: 1/18/2012 8:29:56 PM - System Checkpoint
RP273: 1/19/2012 10:16:11 PM - Installed Notebook System Software
RP274: 1/21/2012 2:08:33 PM - System Checkpoint
RP275: 1/22/2012 2:36:53 PM - System Checkpoint
RP276: 1/25/2012 10:52:28 AM - System Checkpoint
RP277: 1/26/2012 1:06:06 PM - System Checkpoint
RP278: 1/27/2012 2:09:44 PM - System Checkpoint
RP279: 1/28/2012 2:34:27 PM - System Checkpoint
RP280: 1/28/2012 6:18:23 PM - Removed COMODO Internet Security
RP281: 1/29/2012 9:23:41 PM - System Checkpoint
RP282: 1/31/2012 2:42:30 PM - System Checkpoint
RP283: 2/1/2012 3:18:41 PM - System Checkpoint
RP284: 2/2/2012 5:01:50 PM - System Checkpoint
RP285: 2/3/2012 5:19:27 PM - System Checkpoint
RP286: 2/4/2012 6:35:50 PM - System Checkpoint
RP287: 2/5/2012 7:58:13 PM - System Checkpoint
RP288: 2/7/2012 10:31:46 AM - System Checkpoint
RP289: 2/8/2012 11:43:54 AM - System Checkpoint
RP290: 2/8/2012 8:51:03 PM - Configured ASUS RT-N13U Wireless Router Utilities
RP291: 2/8/2012 8:58:33 PM - Installed ASUS RT-N13U Wireless Router Utilities
RP292: 2/8/2012 9:16:36 PM - Removed ASUS RT-N13U Wireless Router Utilities
RP293: 2/9/2012 9:50:33 PM - System Checkpoint
RP294: 2/11/2012 11:06:11 AM - System Checkpoint
RP295: 2/12/2012 3:08:13 PM - System Checkpoint
RP296: 2/13/2012 3:58:18 PM - System Checkpoint
RP297: 2/14/2012 3:43:00 PM - Removed Skype™ 5.3
RP298: 2/14/2012 3:43:20 PM - Installed Skype™ 5.8
RP299: 2/14/2012 3:47:39 PM - Software Distribution Service 3.0
RP300: 2/15/2012 5:07:28 PM - System Checkpoint
RP301: 2/16/2012 10:30:22 PM - System Checkpoint
RP302: 2/18/2012 12:22:03 PM - System Checkpoint
RP303: 2/19/2012 12:44:12 PM - System Checkpoint
RP304: 2/20/2012 12:50:38 PM - System Checkpoint
RP305: 2/21/2012 1:13:25 PM - System Checkpoint
RP306: 2/22/2012 1:34:41 PM - System Checkpoint
RP307: 2/24/2012 12:39:06 PM - System Checkpoint
RP308: 2/25/2012 7:17:57 PM - System Checkpoint
RP309: 2/27/2012 12:43:20 PM - System Checkpoint
RP310: 2/28/2012 1:05:34 PM - System Checkpoint
RP311: 2/29/2012 5:10:20 PM - System Checkpoint
RP312: 3/1/2012 5:11:09 PM - System Checkpoint
RP313: 3/1/2012 6:23:05 PM - Restore Operation
RP314: 3/1/2012 6:46:42 PM - Restore Operation
RP315: 3/1/2012 7:36:15 PM - Software Distribution Service 3.0
RP316: 3/1/2012 8:05:41 PM - Software Distribution Service 3.0
RP317: 3/2/2012 10:42:35 AM - Software Distribution Service 3.0
RP318: 3/2/2012 10:59:05 AM - Software Distribution Service 3.0
RP319: 3/2/2012 12:00:24 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
ALPS Touch Pad Driver
Amazon MP3 Downloader 1.0.15
AuthenTec Fingerprint Sensor Minimum Install
avast! Free Antivirus
biolsp patch
Broadcom Gigabit Integrated Controller
Cloudmark DesktopOne
Conexant HDA D110 MDC V.92 Modem
Dell Drivers MSI
Dell Embassy Trust Suite by Wave Systems
Document Manager Lite
EMBASSY Security Center
EMBASSY Security Setup
EMBASSY Trust Suite by Wave Systems
ESC Home Page Plugin
ESET Online Scanner v3
Gemalto
GemSafe Standard Edition 5.1
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
Java Auto Updater
Java(TM) 6 Update 29
K-Lite Codec Pack 6.5.0 (Basic)
Lexmark 5000 Series
Malwarebytes Anti-Malware version 1.60.0.1800
Math 3 Teaching Textbook
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 9.0.1 (x86 en-US)
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NTRU TCG Software Stack
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
OpenOffice.org 3.3
OverDrive Media Console
OZ776 SCR Driver V1.1.4.202
Panda3D Game Engine
PowerDVD
Preboot Manager
Private Information Manager
Secure Update
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Security Wizards
SigmaTel Audio
Skype Toolbars
Skype™ 5.3
Spell Checker For OE 2.1
Trusted Drive Manager
tsp patch
Turbo Lister 2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
upekmsi
USB PC Camera (SN9C101)
Wave Infrastructure Installer
Wave Support Software
WeatherBug
WebFldrs XP
Windows Driver Package - Intel net (03/06/2007 9.1.1.15)
Windows Driver Package - Intel net (08/08/2007 11.1.1.22)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
.
==== Event Viewer Messages From Past Week ========
.
3/2/2012 9:30:27 AM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
3/1/2012 7:46:21 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2633880).
3/1/2012 7:41:03 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2633870).
3/1/2012 6:49:25 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
3/1/2012 6:49:25 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/1/2012 6:29:48 PM, error: System Error [1003] - Error code 1000000a, parameter1 00000000, parameter2 00000002, parameter3 00000001, parameter4 804fc717.
2/29/2012 4:48:11 PM, error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is NICKF-PC.
2/29/2012 12:23:56 PM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.10.106. The machine with the IP address 192.168.10.103 did not allow the name to be claimed by this machine.
2/26/2012 11:53:57 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxdmCATSCustConnectService service to connect.
2/26/2012 11:53:57 AM, error: Service Control Manager [7000] - The lxdmCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

Re: cannot delete access denied...maybe a virus?3rd March 2012, 12:39 am

As I was looking over the above log I noticed at the end a line that indicates that the browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is NICKF_PC.

that is my sons computer...we are both rather surprised by that and don't understand what his computer has to do with mine....

brick

Re: cannot delete access denied...maybe a virus?3rd March 2012, 2:22 am

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [URL="here http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications.html"]here[/URL[/url]] for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

cannot delete access denied...maybe a virus? NSIS_disclaimer_ENG

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

cannot delete access denied...maybe a virus? NSIS_extraction

cannot delete access denied...maybe a virus? NSIS_extraction

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

cannot delete access denied...maybe a virus? RcAuto1

cannot delete access denied...maybe a virus? RcAuto1

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

cannot delete access denied...maybe a virus? Whatnext

cannot delete access denied...maybe a virus? Whatnext

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Re: cannot delete access denied...maybe a virus?3rd March 2012, 2:49 am

It is giving me a message of " c.bat is not recognized as an internal or external command, operable program or batch file."
C:\combofix with a flasher cursor...

thanks

brick

Re: cannot delete access denied...maybe a virus?3rd March 2012, 6:55 pm

Ok. Delete your copy of ComboFix and follow the instructions below. It's almost the same but you need to rename ComboFix before downloading it.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

When saving ComboFix rename it to PCHelpForum.exe to prevent it from being blocked by malware.

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [URL="here http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications.html"]here[/URL[/url]] for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click PCHelpForum.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

cannot delete access denied...maybe a virus? NSIS_extraction

Re: cannot delete access denied...maybe a virus?3rd March 2012, 8:27 pm

The same message appeared when I attempted to run the program.

Re: cannot delete access denied...maybe a virus?3rd March 2012, 8:38 pm

Ok. We'll try one more time.

Delete your copy of ComboFix; download a fresh copy, except before you download it, rename it to blackpudding.bat

Navigate to Start --> Run, and enter the following command exactly as shown:

"%userprofile%\desktop\blackpudding.bat" /killall

See if ComboFix will run now

Re: cannot delete access denied...maybe a virus?3rd March 2012, 9:48 pm

When we attempt to navigate to the start and plug the command it gives me this message:
windows cannot find C:\documents and settings\home\desktop\blackpudding.bat Make sure you type name correctly and then try again. To search for a file check start button and then search.

We were able to rename the combofix when it downloaded to blackpudding it showed up on the desktop with an icon.

BTW: I can't delete anything...that is part of the problem with the computer...I can't deleted anything so I can't delete the combo fixes already downloaded. Should we attempt to download to another computer and insert it in this one...via disc or flashdrive sd card?

thanks

brick

Re: cannot delete access denied...maybe a virus?3rd March 2012, 11:35 pm

I can't deleted anything so I can't delete the combo fixes already downloaded.

Did you try dragging ComboFix to the Recycle Bin?

Re: cannot delete access denied...maybe a virus?3rd March 2012, 11:52 pm

Yes and I get this message....."Error deleting file or folder cannot delete access denied Make sure disk is not full or write protected and that the file is not currently in use."

we checked the c drive it has 195 gb of free space. I don't know how it would have been write protected or anything write protected. I can't delete anything at all. I can down load but then it gives me a message ( which I posted on already ) but I can re click the download and then it downloads and runs. ( with the exception of combo fix not running)
This originally made me think it was a hardware or software issue, but then I was advised it might be a virus. I am baffled.

Re: cannot delete access denied...maybe a virus?4th March 2012, 1:07 am

Can you do anything to the file such as change the name? Did you try deleting them in Safe Mode? Have you tried UnLocker?

You can download and install Unlocker .

Here's some info on how to use Unlocker.

Please update and run MBAM and post the log.

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

Save it to your desktop.
Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
Double click the setup file to run it.
Click Next to continue.
Accept the License agreement and click on next.
It will, by default, install it to your desktop folder. Click Next.
It will then open a box There will be a tab that says Automatic scan.
Under Automatic scan make sure these are checked.
Hidden Startup Objects
System Memory
Disk Boot Sectors.
My Computer.
Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Re: cannot delete access denied...maybe a virus?4th March 2012, 1:26 am

Hi Superdave,
while waiting for your response I went into safemode and I am able to delete folders and pictures etc. But only in safe mode. I restarted and down loaded a picture and tried to delete it and it denied my access to delete it again. I did download 'unlocker' but did not run it when I saw Babylon attached to it...
I can not change a name of a file either...

I did not also use unlocker because I was getting the download error too and since I could not delete anything it seemed odd to have to download a program to do what the computer use to do anyway. KWIM?

ok...I am off to do the above instructions...wish me luck.

brick

Re: cannot delete access denied...maybe a virus?4th March 2012, 1:56 am

I did download 'unlocker' but did not run it when I saw Babylon attached to it...

You don't have to accept the Babylon Toolbar. Just uncheck it.
You can try this also. It should already be on your computer.

* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.

Look through the list and let me know if anything was found infected.

Re: cannot delete access denied...maybe a virus?4th March 2012, 2:04 am

do you want quick scans or full scans?

FYI: I found I can delete a picture by holding the shift key and pressing delete. But it does not end up in the recycle folder...it is gone.

basically I get an access denied on anything I try to do at this point. It might change the wording but always access denied...so weird...

still running scans.

Re: cannot delete access denied...maybe a virus?4th March 2012, 3:56 am

first scan I ran the windows one mrt.exe came back clean. Now running the malwarebytes one. will do the avp tool next,mostly likely in the morning. I have not used the unlocker yet. Would you like me to do that after the avp one? And would the unlocker work for when I want to move a file to a file. For example I wanted to move the skype shortcut on the desktop screen to a folder I called 'extra icons'.. It gives me an access denied message when I try to move it or delete the icon. would the unlocker work for that type of stuff too? Finally I could not open the page link with the information about unlocker. I get this issue sometimes. Another example is I can never access the cnet download pages, not through firefox and not through IE. I can access their articles but NOT their download pages and only on my pc, I can on our family desktops and the kids pcs.
Thanks again for helping me...

brick

Re: cannot delete access denied...maybe a virus?4th March 2012, 6:44 pm

Here is the malwarebytes log: next the avp one. Just to remind you that I have yet to run the blackpudding scan...
thanks,

brick

Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.04.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Home :: HOME-1D0150E67D [administrator]

Protection: Enabled

3/4/2012 11:42:34 AM
mbam-log-2012-03-04 (11-42-34).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 280526
Time elapsed: 1 hour(s), 32 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Re: cannot delete access denied...maybe a virus?4th March 2012, 7:15 pm

Ok, downloaded the avp file and once again I get this message..again dealing with folders...
'contents could not be saved because you can not change contents of that folder. ( as if I was trying...what is trying to change those contents?) change the folder properties and try again or try saving in a different location. '( usually I would save my downloads in the download folder, but this is being saved on the desktop)
Seems to me, in my limited computer knowledge, that something is changing my file/folders commands...

But I can re download it and it comes through fine...crazy....
brick

Re: cannot delete access denied...maybe a virus?4th March 2012, 7:26 pm

Please try updating and running MBAM and ComboFix in Safe Mode.

Re: cannot delete access denied...maybe a virus?5th March 2012, 1:21 am

Hi Superdave! Just got done with the AVP and it came up clean. Interesting to note I was sitting and watching the scan it one file came up as 'password protected' but there was no report or way for me to figure out what the file was...
I stillhave combo fix listed as black pudding...do you want me to run that one?

Re: cannot delete access denied...maybe a virus?5th March 2012, 1:51 am

brick wrote:

Hi Superdave! Just got done with the AVP and it came up clean. Interesting to note I was sitting and watching the scan it one file came up as 'password protected' but there was no report or way for me to figure out what the file was...
I stillhave combo fix listed as black pudding...do you want me to run that one?

Yes, please.

Re: cannot delete access denied...maybe a virus?5th March 2012, 2:15 am

here is the combo fix listed as blackpudding log.
Thanks again!

brick

ComboFix 12-03-03.01 - Home 03/04/2012 20:39:56.1.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.3078 [GMT -5:00]
Running from: c:\documents and settings\Home\Desktop\blackpudding.bat.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\SPL1B5.tmp
c:\documents and settings\All Users\SPLBA.tmp
c:\program files\Downloaded Installers
c:\program files\Downloaded Installers\{87e60394-2e62-400d-99c0-c1bea2f9a439}\setup.msi
.
.
((((((((((((((((((((((((( Files Created from 2012-02-05 to 2012-03-05 )))))))))))))))))))))))))))))))
.
.
2012-03-03 20:25 . 2012-03-03 20:25 -------- d-----w- C:\PCHelpForum
2012-03-03 02:52 . 2012-03-03 20:25 -------- d-----w- C:\ComboFix
2012-03-03 02:50 . 2012-03-03 02:50 -------- d-----w- C:\avast! sandbox
2012-03-02 16:38 . 2012-03-02 16:38 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-03-02 02:09 . 2012-03-02 02:09 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\PCHealth
2012-03-01 23:47 . 2012-03-01 23:47 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-14 20:45 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-14 20:45 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-14 20:43 . 2012-02-14 20:43 -------- d-----w- c:\program files\Common Files\Skype
2012-02-14 20:24 . 2012-02-18 16:29 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-05 01:30 . 2011-01-13 20:30 0 ----a-w- c:\documents and settings\Home\Local Settings\Application Data\WavXMapDrive.bat
2012-02-23 16:23 . 2011-06-13 15:36 41184 ----a-w- c:\windows\avastSS.scr
2012-02-23 16:23 . 2011-06-13 15:36 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-23 16:12 . 2011-06-13 15:37 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-23 16:12 . 2011-06-13 15:37 337112 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-23 16:10 . 2011-06-13 15:37 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-23 16:10 . 2011-06-13 15:37 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-23 16:10 . 2011-06-13 15:37 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-02-23 16:10 . 2011-06-13 15:37 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-02-23 16:10 . 2011-06-13 15:37 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 16:07 . 2011-06-13 15:37 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-02-21 20:20 . 2011-06-13 16:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 16:53 . 2008-04-14 07:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-23 18:00 . 2011-12-23 18:00 18944 ----a-r- c:\documents and settings\Home\Application Data\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2011-12-23 18:00 . 2011-12-23 18:00 11264 ----a-r- c:\documents and settings\Home\Application Data\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A1630.exe
2011-12-17 19:46 . 2008-04-14 07:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2008-04-14 07:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2008-04-14 07:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2008-04-14 07:00 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 20:24 . 2010-11-11 23:30 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-15 14:44 . 2011-06-18 19:24 568832 ----a-w- c:\program files\mozilla firefox\plugins\msvcp90.dll
2011-03-15 14:44 . 2011-06-18 19:24 655872 ----a-w- c:\program files\mozilla firefox\plugins\msvcr90.dll
2012-02-18 16:29 . 2012-02-14 20:24 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-02-23 16:23 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2010-10-29 1652736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2000-01-01 405504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2000-01-01 13594624]
"nwiz"="nwiz.exe" [2000-01-01 1657376]
"NVHotkey"="nvHotkey.dll" [2000-01-01 90112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2000-01-01 86016]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2007-09-12 176128]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2007-09-14 75064]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-02-23 4031368]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-06-08 128560]
"lxdmmon.exe"="c:\program files\Lexmark 5000 Series\lxdmmon.exe" [2007-12-14 455336]
"lxdmamon"="c:\program files\Lexmark 5000 Series\lxdmamon.exe" [2007-12-14 25256]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\documents and settings\Home\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Cloudmark DesktopOne.lnk - c:\program files\Cloudmark\Desktop\Service\cdswin.exe [2011-7-28 1107040]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 21:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Home\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\WINDOWS\\system32\\lxdmcoms.exe"=
"c:\\Program Files\\Lexmark 5000 Series\\lxdmmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmtime.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Wave Systems Corp\\Security Wizards\\bin\\Secure 8021x.exe"=
"c:\\Program Files\\ASUS\\Printer Utilities\\UsbService.exe"=
"c:\\Documents and Settings\\Home\\Application Data\\Microsoft\\Installer\\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\\IconBB6A1630.exe"=
.
S0 cerc6;cerc6; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/13/2011 10:37 AM 610648]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/13/2011 10:37 AM 337112]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/13/2011 10:37 AM 20696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/27/2011 4:06 PM 136176]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/11/2010 6:30 PM 652360]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/14/2011 1:01 AM 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [10/14/2011 1:01 AM 399416]
S2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [4/14/2008 2:00 AM 5120]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/27/2011 4:06 PM 136176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/11/2010 6:30 PM 20464]
S3 vuhub;Virtual Usb Hub;c:\windows\system32\drivers\vuhub.sys [1/8/2012 5:45 PM 66432]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MDMXSDK
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-27 21:06]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-27 21:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com/
IE: Download All by ASUS Download - c:\program files\ASUS\RT-N13U Wireless Router Utilities\ASDownloadAll.htm
IE: Download using ASUS Download - c:\program files\ASUS\RT-N13U Wireless Router Utilities\ASDownload.htm
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{2CDA7A26-4598-48B5-8780-03881CEE3E50}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\wgbcqu8j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
AddRemove-Adobe Flash Player Plugin - c:\windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-04 21:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(232)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'lsass.exe'(288)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
Completion time: 2012-03-04 21:04:02
ComboFix-quarantined-files.txt 2012-03-05 02:04
.
Pre-Run: 210,582,843,392 bytes free
Post-Run: 212,043,386,880 bytes free
.
- - End Of File - - 3FC95E6C4B4731EF6D0EC912DEE28C6A

Re: cannot delete access denied...maybe a virus?5th March 2012, 2:28 am

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

cannot delete access denied...maybe a virus? AswMBR_Scan

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

cannot delete access denied...maybe a virus? AswMBR_SaveLog

cannot delete access denied...maybe a virus? AswMBR_SaveLog

On completion of the scan click save log, save it to your desktop and post in your next reply
*********************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
At the bottom of the page
- Hidden Objects Only << Selected
Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Re: cannot delete access denied...maybe a virus?5th March 2012, 5:59 pm

Here is the aswMBR log: off to do the next one.

Thanks so much for helping!

brick

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-05 12:10:09
-----------------------------
12:10:09.484 OS Version: Windows 5.1.2600 Service Pack 3
12:10:09.484 Number of processors: 2 586 0xE08
12:10:09.484 ComputerName: HOME-1D0150E67D UserName: Home
12:10:10.843 Initialize success
12:10:11.062 AVAST engine defs: 12030500
12:10:14.359 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:10:14.359 Disk 0 Vendor: WDC_WD2500BEVT-75ZCT2 11.01A11 Size: 238475MB BusType: 3
12:10:14.390 Disk 0 MBR read successfully
12:10:14.390 Disk 0 MBR scan
12:10:14.406 Disk 0 Windows XP default MBR code
12:10:14.406 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238472 MB offset 63
12:10:14.406 Disk 0 scanning sectors +488392065
12:10:14.484 Disk 0 scanning C:\WINDOWS\system32\drivers
12:10:21.781 Service scanning
12:10:35.250 Modules scanning
12:10:40.984 Disk 0 trace - called modules:
12:10:41.000 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
12:10:41.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af79ab8]
12:10:41.000 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\0000007f[0x8af7bf18]
12:10:41.015 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8afbdd98]
12:10:42.312 AVAST engine scan C:\WINDOWS
12:10:51.890 AVAST engine scan C:\WINDOWS\system32
12:13:08.671 AVAST engine scan C:\WINDOWS\system32\drivers
12:13:30.718 AVAST engine scan C:\Documents and Settings\Home
12:50:24.250 AVAST engine scan C:\Documents and Settings\All Users
12:54:08.609 Scan finished successfully
12:56:22.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Home\Desktop\MBR.dat"
12:56:22.015 The log file has been saved successfully to "C:\Documents and Settings\Home\Desktop\aswMBR.txt"

Re: cannot delete access denied...maybe a virus?5th March 2012, 6:57 pm

here is the next set:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: B436F000
Module End: B4387000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: B85D2000
Module End: B85D4000
Hidden: Yes

Module Name: \??\C:\DOCUME~1\Home\LOCALS~1\Temp\aswMBR.sys
Service Name: aswMBR
Module Base: B2A78000
Module End: B2A84000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAddBootEntry
Address: B4467DC4
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwAllocateVirtualMemory
Address: B44F4904
Driver Base: B44E9000
Driver End: B453A000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwAssignProcessToJobObject
Address: B4468832
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwClose
Address: B4494ABD
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateEvent
Address: B446D25C
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateEventPair
Address: B446D2A8
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateIoCompletion
Address: B446D39A
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateKey
Address: B4494471
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateMutant
Address: B446D1CA
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateSection
Address: B446D2EC
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateSemaphore
Address: B446D212
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateTimer
Address: B446D354
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDeleteBootEntry
Address: B4467E10
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDeleteKey
Address: B4495183
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDeleteValueKey
Address: B4495439
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDuplicateObject
Address: B446A920
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwEnumerateKey
Address: B4494FEE
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwEnumerateValueKey
Address: B4494E59
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwFreeVirtualMemory
Address: B44F49DE
Driver Base: B44E9000
Driver End: B453A000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwLoadDriver
Address: B4467AA2
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwModifyBootEntry
Address: B4467E5C
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwNotifyChangeKey
Address: B446AC94
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwNotifyChangeMultipleKeys
Address: B4468AD6
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenEvent
Address: B446D286
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenEventPair
Address: B446D2CA
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenIoCompletion
Address: B446D3BE
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenKey
Address: B44947CD
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenMutant
Address: B446D1F0
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenProcess
Address: B446A490
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenSection
Address: B446D326
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenSemaphore
Address: B446D23A
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenThread
Address: B446A6C4
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenTimer
Address: B446D378
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwProtectVirtualMemory
Address: B44F4B4A
Driver Base: B44E9000
Driver End: B453A000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwQueryKey
Address: B4494CD4
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwQueryObject
Address: B44689A2
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwQueryValueKey
Address: B4494B26
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwRenameKey
Address: B44FE858
Driver Base: B44E9000
Driver End: B453A000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwRestoreKey
Address: B4493AE4
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetBootEntryOrder
Address: B4467EA8
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetBootOptions
Address: B4467EF4
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetSystemInformation
Address: B4467B12
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetSystemPowerState
Address: B4467CB6
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetValueKey
Address: B449528A
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwShutdownSystem
Address: B4467C5E
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSystemDebugControl
Address: B4467D26
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwTerminateProcess
Address: B44F4C0A
Driver Base: B44E9000
Driver End: B453A000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwVdmControl
Address: B4467F40
Driver Base: B444F000
Driver End: B44E9000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwWriteVirtualMemory
Address: B44F4A8A
Driver Base: B44E9000
Driver End: B453A000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: ZwCreateProcessEx
At Address: 805D117A
Jump To: B450AA76
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: ZwClose
At Address: 805BC556
Jump To: B450796C
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: PsCreateSystemThread
At Address: 805D117A
Jump To: B450AA76
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: ObMakeTemporaryObject
At Address: 805BC556
Jump To: B450796C
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: ObInsertObject
At Address: 805C2FDA
Jump To: B450942C
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: ObCloseHandle
At Address: 805BC556
Jump To: B450796C
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

Re: cannot delete access denied...maybe a virus?6th March 2012, 12:07 am

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the cannot delete access denied...maybe a virus? EsetOnline

cannot delete access denied...maybe a virus? EsetOnline

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

cannot delete access denied...maybe a virus? EsetAcceptTerms

•Click the cannot delete access denied...maybe a virus? EsetStart

button.
•Accept any security warnings from your browser.
•Check cannot delete access denied...maybe a virus? EsetScanArchives

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push cannot delete access denied...maybe a virus? EsetListThreats

cannot delete access denied...maybe a virus? EsetListThreats

•Push

cannot delete access denied...maybe a virus? EsetExport

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the cannot delete access denied...maybe a virus? EsetBack

cannot delete access denied...maybe a virus? EsetBack

button.
•Push cannot delete access denied...maybe a virus? EsetFinish

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Re: cannot delete access denied...maybe a virus?6th March 2012, 6:32 pm

Hi Superdave,
Eset scan ran, I also clicked the archive option to scan as well....The scan came up clean.

I attempted to relocated a skype folder in a folder on the desktop and it still won't let me.

Thanks for putting in all this work...I sure we can resolve this issue. Again I have not yet fully downloaded the 'unlocker' and run it. Does the unlocker unlock any locked file, folder, and let me rename them and allow me to delete them or do I have to pick and run the unlocker. The link you provided about 'unlocker' would not open.

brick

Re: cannot delete access denied...maybe a virus?6th March 2012, 7:28 pm

Thanks for putting in all this work...I sure we can resolve this issue. Again I have not yet fully downloaded the 'unlocker' and run it. Does the unlocker unlock any locked file, folder, and let me rename them and allow me to delete them or do I have to pick and run the unlocker. The link you provided about 'unlocker' would not open.

Sorry about that link. After UnLocker is installed you just need to right-click on the file or folder and click on Unlocker. Right-click again and select delete.

Re: cannot delete access denied...maybe a virus?6th March 2012, 10:41 pm

Superdave, do you think I should try the unlocker? I was also wondering, given the fact that every virus scan we have ran thus far has turned up nothing, that could this be the start of a hard drive failure rather than a virus?
Finally, if I download the unlocker and it doesn't work, what direction do you think I should go?

thanks again!

brick

Re: cannot delete access denied...maybe a virus?6th March 2012, 11:07 pm

You mentioned that you tried this but did you do it this way?

1. Turn off Simple File Sharing:
1. Click Start, and then click My Computer.
2. On the Tools menu, click Folder Options, and then click the View tab.
3. Under Advanced Settings, click to clear the Use simple file sharing (Recommended) check box, and then click OK.
2. Right-click the folder that you want to take ownership of, and then click Properties.
3. Click the Security tab, and then click OK on the Security message, if one appears.
4. Click Advanced, and then click the Owner tab.
5. In the Name list, click your user name, Administrator if you are logged in as Administrator, or click the Administrators group.

If you want to take ownership of the contents of that folder, click to select the Replace owner on subcontainers and objects check box.
6. Click OK.

Re: cannot delete access denied...maybe a virus?7th March 2012, 12:07 am

When I get to the security tab I have three items listed...
1. brick's bazinga( HOME 1Do150E67D\Admininstrators)
2. System with nothing else next to it
3. Administrators( HOME 1DO150E67D\Admininstrators)

When I click the advanced tab...under permission is the same three but under the Owner tab on the 1 and 2 are listed...no system.

all three above are listed with Full control

the "inherit from parents entries is check marked.

Effective permissions tab has nothing on the group or user name

still won't let me delete, move or rename.

brick

Re: cannot delete access denied...maybe a virus?7th March 2012, 12:24 am

something which maybe interesting. I went into effective permissions and typed in administrator and it came up with full access to all items listed. I did the same with system, full access....then with Brick's bazinga...it said there was no domain of that name. Which is my account. I actually only have two accounts listed: Brick's bazinga and guest. For some reason I no longer have the Administrators account listed at start up. I tried to make a new account as Administrators and it said one was already made up but I don't see it anywhere, except when in safe mode then the two are listed, brick's and admin. Did I some how delete the administrators account and thus affected the security? How do I find the administrators account that is supposedly still in existence but not at start up. (except in safe mode)

thank you

brick

Re: cannot delete access denied...maybe a virus?8th March 2012, 4:04 pm

BUMP

brick

Re: cannot delete access denied...maybe a virus?8th March 2012, 6:40 pm

I'm sorry but I can't help very much with those accounts. We should do some cleanup and you could perhaps start a new thread in the software forum to solve that issue.

Download this program and run it Uninstall ComboFix .It will remove ComboFix for you

To turn off Windows XP System Restore:

NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.

1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
5. Click Apply, and then click OK.
****************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
***********************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.

Re: cannot delete access denied...maybe a virus?8th March 2012, 7:56 pm

Ok, thanks Superdave! I have come to the conclusion, based on our work here that it might be a software issue or perhaps a hard drive failure situation. i have already looked into the possibility of having to replace the hard drive. I did finish the download of the 'unlocker' and it seems to work, unlocking my files, renaming them etc. I still have this message when I go to download anything it says it fails, but i double click and it works.
thank you for all your attention...

brick

Re: cannot delete access denied...maybe a virus?8th March 2012, 8:18 pm

If you want to check your harddrive, here's a good one to use. Just download the one for your make of harddrive, burn it to a Cd with an ISO burner and boot your computer with it.

Run hard drive diagnostics: tacktech.com
Make sure, you select tool, which is appropriate for the brand of your hard drive.
Depending on the program, it'll create bootable floppy, or bootable CD.
If downloaded file is of .iso type, use ImgBurn: imgburn to burn .iso file to a CD (select "Write image file to disc" option), and make the CD bootable.
For Toshiba hard drives, see here:

Note : If you do not know how to set your computer to boot from CD follow the steps [url=http://www.hiren.info/pages/bios-boot-cdrom]here[/url

Re: cannot delete access denied...maybe a virus?8th March 2012, 8:37 pm

Thanks Superdave! I will grab my son to help me with that....

do you think I should try to post this and what we have done on the software forum? or hardware one? Do you think someone there might have a solution or at least a direction?

Also, I forgot to mention...I did finally download and run the 'unlocker'. It does indeed unlock the file/folders and lets me rename a folder, sometimes I have to wait to I reboot the system. So it did the job. but frustrating to have my computer not do what it use to do...LOL!

brick

Re: cannot delete access denied...maybe a virus?8th March 2012, 11:35 pm

do you think I should try to post this and what we have done on the software forum? or hardware one? Do you think someone there might have a solution or at least a direction?

Also, I forgot to mention...I did finally download and run the 'unlocker'. It does indeed unlock the file/folders and lets me rename a folder, sometimes I have to wait to I reboot the system. So it did the job. but frustrating to have my computer not do what it use to do...LOL!

Once you run the harddrive diagnostic you will know whether or not the drive is good. As for the other; malware sometimes does so much damage that it's easier to re-install the OS than to try and fix it especially from such a long distance.

cannot delete access denied...maybe a virus?

descriptioncannot delete access denied...maybe a virus?2nd March 2012, 7:54 pm

descriptionRe: cannot delete access denied...maybe a virus?2nd March 2012, 8:26 pm

descriptionRe: cannot delete access denied...maybe a virus?2nd March 2012, 9:34 pm

descriptionRe: cannot delete access denied...maybe a virus?2nd March 2012, 10:39 pm

descriptionRe: cannot delete access denied...maybe a virus?2nd March 2012, 10:40 pm

descriptionRe: cannot delete access denied...maybe a virus?3rd March 2012, 12:22 am

descriptionRe: cannot delete access denied...maybe a virus?3rd March 2012, 12:32 am

descriptionRe: cannot delete access denied...maybe a virus?3rd March 2012, 12:33 am

descriptionRe: cannot delete access denied...maybe a virus?3rd March 2012, 12:39 am

descriptionRe: cannot delete access denied...maybe a virus?3rd March 2012, 2:22 am

descriptionRe: cannot delete access denied...maybe a virus?3rd March 2012, 2:49 am

descriptionRe: cannot delete access denied...maybe a virus?3rd March 2012, 6:55 pm

descriptionRe: cannot delete access denied...maybe a virus?3rd March 2012, 8:27 pm

descriptionRe: cannot delete access denied...maybe a virus?3rd March 2012, 8:38 pm

descriptionRe: cannot delete access denied...maybe a virus?3rd March 2012, 9:48 pm

descriptionRe: cannot delete access denied...maybe a virus?3rd March 2012, 11:35 pm

descriptionRe: cannot delete access denied...maybe a virus?3rd March 2012, 11:52 pm

descriptionRe: cannot delete access denied...maybe a virus?4th March 2012, 1:07 am

descriptionRe: cannot delete access denied...maybe a virus?4th March 2012, 1:26 am

descriptionRe: cannot delete access denied...maybe a virus?4th March 2012, 1:56 am

descriptionRe: cannot delete access denied...maybe a virus?4th March 2012, 2:04 am

descriptionRe: cannot delete access denied...maybe a virus?4th March 2012, 3:56 am

descriptionRe: cannot delete access denied...maybe a virus?4th March 2012, 6:44 pm

descriptionRe: cannot delete access denied...maybe a virus?4th March 2012, 7:15 pm

descriptionRe: cannot delete access denied...maybe a virus?4th March 2012, 7:26 pm

descriptionRe: cannot delete access denied...maybe a virus?5th March 2012, 1:21 am

descriptionRe: cannot delete access denied...maybe a virus?5th March 2012, 1:51 am

descriptionRe: cannot delete access denied...maybe a virus?5th March 2012, 2:15 am

descriptionRe: cannot delete access denied...maybe a virus?5th March 2012, 2:28 am

descriptionRe: cannot delete access denied...maybe a virus?5th March 2012, 5:59 pm

descriptionRe: cannot delete access denied...maybe a virus?5th March 2012, 6:57 pm

descriptionRe: cannot delete access denied...maybe a virus?6th March 2012, 12:07 am

descriptionRe: cannot delete access denied...maybe a virus?6th March 2012, 6:32 pm

descriptionRe: cannot delete access denied...maybe a virus?6th March 2012, 7:28 pm

descriptionRe: cannot delete access denied...maybe a virus?6th March 2012, 10:41 pm

descriptionRe: cannot delete access denied...maybe a virus?6th March 2012, 11:07 pm

descriptionRe: cannot delete access denied...maybe a virus?7th March 2012, 12:07 am

descriptionRe: cannot delete access denied...maybe a virus?7th March 2012, 12:24 am

descriptionRe: cannot delete access denied...maybe a virus?8th March 2012, 4:04 pm

descriptionRe: cannot delete access denied...maybe a virus?8th March 2012, 6:40 pm

descriptionRe: cannot delete access denied...maybe a virus?8th March 2012, 7:56 pm

descriptionRe: cannot delete access denied...maybe a virus?8th March 2012, 8:18 pm

descriptionRe: cannot delete access denied...maybe a virus?8th March 2012, 8:37 pm

descriptionRe: cannot delete access denied...maybe a virus?8th March 2012, 11:35 pm

descriptionRe: cannot delete access denied...maybe a virus?