cannot delete access denied...maybe a virus?

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

cannot delete access denied...maybe a virus?

Post by brick on Sat 03 Mar 2012, 6:54 am

I posted this under software, but I am being advised to post it under virus instead. We have checked the folders and they are marked as read only and when we try to change it, it won't change. I have ran the several scans and they are coming up clean...but I just can't figure out what is going on. Here is my original post I put in software...will delete that one next. I hope someone can figure this out...
Thank you!

Brick

Please forgive me if this is in the wrong place and direct me to the proper place..thank you.

I tried to delete an empty file from "my pictures" this afternoon and got this message. " Cannot delete Access denied Make sure the disk is not full or write protected and that the file is not currently in use" I also got this message when I tried to delete a program I downloaded this evening. I have my account and the computer admin and both have full access...so I should be able to delete what i want. I have not changed anything to my knowledge. Can you help me? I have already been to the Microsoft website and tried to change ownership of the files and that did not help. I also tried to end the process in Task manager and that did not work either. I am at a lost. I use to be able to delete anything. I also turned back the clock to a time I had no issues and that did not help either.
Thank you in advance.

Edit: I would like to add I can move the empty file from my pictures to desktop, but I can not move it to recycle bin. I looked into Unlocker...and I have not used it...this is a strange situation that is affecting any program/file/folder I try to delete or rename..and I never had this issue before. Obviously I would like to figure out what changed on the computer that caused this to happen.

Edit 2: 12 noon..went to download a microsoft safety scanner. After it downloaded and I tried to execute it I got this message: :c/documents and settings/home/mydocuments/msert.exe could not be saved because you cannnot change the contents of that folder. Change the folders properties and try again or try saving to a different location." I then attempted to redownload it and then it executed and open fine. I am now running it. I am not computer smart...learning as I go. Somewhere something has changed on the computer, telling the computer that files/folders are locked and I do not have access. Could some one remotely changed my computer and gained access? if so is that a virus and why has none of the scans picked it up? Did I somehow unknowingly changed something? As of Wednesday I did not have this issue as I was able to download just fine. This occurred yesterday. I first noticed it after downloaded pictures from our digital camera to my computer. The only difference I can think of is the new Avast 7 but I don't think I have downloaded that yet. Again, I can not have successful windows updates either.
Thanks.

Brick

brick

Rookie Surfer
Rookie Surfer

Posts : 130
Joined : 2010-06-09
Operating System : xp

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by Superdave on Sat 03 Mar 2012, 7:26 am

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.



1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by brick on Sat 03 Mar 2012, 8:34 am

Hi Superdave!

Thanks so much for responding so quickly. I am in the process of scanning with the superantispyware as directed. I wanted to let you know that this morning I scanned the computer with the superantispyware and with the antimalware ( after updating them both first) and they came up clean. I started an Eset scan (including the archive) this afternoon before I posted my request for help. By the time you responded my scan was at 98 percent. I let it finish the scan as it came up with 4 virus signatures. I copied the information. I will provide the new antispyware and new antimalware scans once completed as well as the eset scan results that I have already saved and ran before the new antispyware and anitmalware. Hope that wasn't too confusing. Yesterday I was sure it was not a virus and thought I had made a change somehow, but I was encouraged today to look into the possibility it was a virus instead. It just didn't act like a virus I have dealt with before. (not letting me delete folders/programs or renaming them and giving me a message of not completing downloads because 'you cannot change the contents of that folder. Change the folder properties and try again or try saving in a different location')
After running the eset scan and deleting the virus signatures the computer still has the same issue...so that may not have made any difference at this point.
I hope I have provided enough information for you. If I have forgotten something let me know. As soon as scans are finished I will post the logs. Thanks again!
brick

brick

Rookie Surfer
Rookie Surfer

Posts : 130
Joined : 2010-06-09
Operating System : xp

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by brick on Sat 03 Mar 2012, 9:39 am

Here is the eset scan I ran:

C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\wgbcqu8j.default\Cache\4\EA\5ABC2d01 a variant of Win32/Toolbar.Babylon application deleted - quarantined
C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\wgbcqu8j.default\Cache\6\AB\92C46d01 HTML/Iframe.B.Gen virus deleted - quarantined
C:\Documents and Settings\Home\Local Settings\Temp\p_v_IubO.exe.part a variant of Win32/Toolbar.Babylon application deleted - quarantined
C:\Documents and Settings\Home\My Documents\Downloads\Unlocker1.9.1.exe a variant of Win32/Toolbar.Babylon application deleted - quarantined

brick

Rookie Surfer
Rookie Surfer

Posts : 130
Joined : 2010-06-09
Operating System : xp

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by brick on Sat 03 Mar 2012, 9:40 am

Here is the antispyware scan log:
running the malware next and will post when finished...Thanks!

SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 03/02/2012 at 05:33 PM

Application Version : 5.0.1144

Core Rules Database Version : 8300
Trace Rules Database Version: 6112

Scan type : Complete Scan
Total Scan Time : 01:14:15

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 726
Memory threats detected : 0
Registry items scanned : 33458
Registry threats detected : 0
File items scanned : 110604
File threats detected : 30

Adware.Tracking Cookie
C:\Documents and Settings\Home\Cookies\S88QF2WY.txt [ /atdmt.com ]
C:\Documents and Settings\Home\Cookies\LLOYVBO2.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\Home\Cookies\K272SK2U.txt [ /ads.pointroll.com ]
C:\Documents and Settings\Home\Cookies\F9BRTZ1V.txt [ /c1.atdmt.com ]
C:\Documents and Settings\Home\Cookies\129WVH05.txt [ /pointroll.com ]
content.oddcast.com [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y3SZPXZB ]
ia.media-imdb.com [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y3SZPXZB ]
media.ign.com [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y3SZPXZB ]
media.kohls.com.edgesuite.net [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y3SZPXZB ]
media.movieweb.com [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y3SZPXZB ]
media.mtvnservices.com [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y3SZPXZB ]
media1.break.com [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y3SZPXZB ]
s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y3SZPXZB ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y3SZPXZB ]
speed.pointroll.com [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y3SZPXZB ]
[You must be registered and logged in to see this link.] [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y3SZPXZB ]
[You must be registered and logged in to see this link.] [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y3SZPXZB ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WGBCQU8J.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WGBCQU8J.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WGBCQU8J.DEFAULT\COOKIES.SQLITE ]
.microsoftsto.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WGBCQU8J.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WGBCQU8J.DEFAULT\COOKIES.SQLITE ]
.paypal.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WGBCQU8J.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WGBCQU8J.DEFAULT\COOKIES.SQLITE ]
.dmtracker.com [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WGBCQU8J.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WGBCQU8J.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WGBCQU8J.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WGBCQU8J.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WGBCQU8J.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\HOME\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\WGBCQU8J.DEFAULT\COOKIES.SQLITE ]

brick

Rookie Surfer
Rookie Surfer

Posts : 130
Joined : 2010-06-09
Operating System : xp

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by brick on Sat 03 Mar 2012, 11:22 am

ok, here is the final log. this is from antimalware. thanks!

Malwarebytes Anti-Malware (PRO) 1.60.1.1000
[You must be registered and logged in to see this link.]

Database version: v2012.03.02.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Home :: HOME-1D0150E67D [administrator]

Protection: Enabled

3/2/2012 5:43:03 PM
mbam-log-2012-03-02 (17-43-03).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 296852
Time elapsed: 1 hour(s), 31 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

brick

Rookie Surfer
Rookie Surfer

Posts : 130
Joined : 2010-06-09
Operating System : xp

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by brick on Sat 03 Mar 2012, 11:32 am

here is the dds reports:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Home at 19:27:58 on 2012-03-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2080 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
svchost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdmcoms.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Secunia\PSI\psia.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Lexmark 5000 Series\lxdmamon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Cloudmark\Desktop\Service\cdswin.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Cloudmark\Desktop\clients\cdshookloader.dll
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = [You must be registered and logged in to see this link.]
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
mRun: [EmbassySecurityCheck] "c:\program files\wave systems corp\embassy security setup\EMBASSYSecurityCheck.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [snpstd] c:\windows\vsnpstd.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [lxdmmon.exe] "c:\program files\lexmark 5000 series\lxdmmon.exe"
mRun: [lxdmamon] "c:\program files\lexmark 5000 series\lxdmamon.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\home\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cloudm~1.lnk - c:\program files\cloudmark\desktop\service\cdswin.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
IE: Download All by ASUS Download - c:\program files\asus\rt-n13u wireless router utilities\ASDownloadAll.htm
IE: Download using ASUS Download - c:\program files\asus\rt-n13u wireless router utilities\ASDownload.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - [You must be registered and logged in to see this link.]
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{2CDA7A26-4598-48B5-8780-03881CEE3E50} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{87D3803A-88D8-4D95-BD2B-CA6E75353575} : DhcpNameServer = 192.168.10.1
TCP: Interfaces\{C0208D1A-8316-42EA-9C37-C7C2431C8DD8} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 wvauth
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\home\application data\mozilla\firefox\profiles\wgbcqu8j.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppanda3d.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-13 610648]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-13 337112]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-13 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-13 44768]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-11-11 652360]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2008-4-14 5120]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-11 20464]
S0 cerc6;cerc6; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-27 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-27 136176]
S3 vuhub;Virtual Usb Hub;c:\windows\system32\drivers\vuhub.sys [2012-1-8 66432]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-03-02 16:38:16 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-03-02 02:09:01 -------- d-----w- c:\documents and settings\home\local settings\application data\PCHealth
2012-03-01 23:47:23 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-03-01 23:47:23 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-14 20:45:26 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-14 20:45:26 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-14 20:24:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-02-03 01:59:27 -------- d-----w- c:\documents and settings\home\application data\SUPERAntiSpyware.com
2012-02-03 01:58:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-03 01:58:23 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
.
==================== Find3M ====================
.
2012-02-23 16:23:26 41184 ----a-w- c:\windows\avastSS.scr
2012-02-23 16:12:28 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-21 20:20:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-23 22:32:53 689699 ----a-w- c:\documents and settings\all users\SPL1B5.tmp
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-04 21:29:08 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2011-12-04 21:29:07 3357952 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS
.
============= FINISH: 19:28:29.29 ===============

brick

Rookie Surfer
Rookie Surfer

Posts : 130
Joined : 2010-06-09
Operating System : xp

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by brick on Sat 03 Mar 2012, 11:33 am

Finally, the dds log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/11/2010 5:29:35 PM
System Uptime: 3/2/2012 9:29:00 AM (10 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | Microprocessor | 1662/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 195.177 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP219: 12/4/2011 11:08:35 AM - System Checkpoint
RP220: 12/4/2011 3:13:14 PM - Installed SlimDrivers
RP221: 12/4/2011 3:27:00 PM - Removed SlimDrivers
RP222: 12/4/2011 3:40:02 PM - Installed SlimDrivers
RP223: 12/4/2011 3:44:33 PM - SlimDrivers Installing Drivers
RP224: 12/4/2011 4:12:13 PM - Removed Broadcom Gigabit Integrated Controller
RP225: 12/4/2011 4:12:18 PM - Installed Broadcom NetXtreme-I Netlink Driver and Management Installer.
RP226: 12/4/2011 4:35:39 PM - Configured SigmaTel Audio
RP227: 12/4/2011 5:09:32 PM - Restore Operation
RP228: 12/5/2011 6:49:06 PM - System Checkpoint
RP229: 12/6/2011 9:33:43 PM - System Checkpoint
RP230: 12/7/2011 9:36:34 PM - System Checkpoint
RP231: 12/8/2011 9:55:20 PM - System Checkpoint
RP232: 12/9/2011 10:28:10 PM - System Checkpoint
RP233: 12/11/2011 3:49:33 PM - System Checkpoint
RP234: 12/11/2011 7:58:02 PM - Removed Adobe Reader 9.4.6.
RP235: 12/11/2011 7:58:45 PM - Installed Adobe Reader X (10.1.1).
RP236: 12/12/2011 8:14:10 PM - System Checkpoint
RP237: 12/14/2011 11:33:54 AM - System Checkpoint
RP238: 12/14/2011 10:46:52 PM - Software Distribution Service 3.0
RP239: 12/16/2011 1:09:15 PM - System Checkpoint
RP240: 12/18/2011 10:48:52 AM - System Checkpoint
RP241: 12/19/2011 11:31:37 AM - System Checkpoint
RP242: 12/20/2011 12:21:32 PM - System Checkpoint
RP243: 12/21/2011 2:21:54 PM - System Checkpoint
RP244: 12/22/2011 3:14:18 PM - System Checkpoint
RP245: 12/23/2011 1:00:38 PM - Installed WeatherBug
RP246: 12/24/2011 1:35:36 PM - System Checkpoint
RP247: 12/25/2011 8:08:44 PM - System Checkpoint
RP248: 12/27/2011 11:41:25 AM - System Checkpoint
RP249: 12/28/2011 3:11:09 PM - System Checkpoint
RP250: 12/29/2011 3:55:08 PM - System Checkpoint
RP251: 12/30/2011 4:12:40 PM - System Checkpoint
RP252: 12/31/2011 5:20:22 PM - System Checkpoint
RP253: 1/1/2012 6:07:24 PM - System Checkpoint
RP254: 1/1/2012 7:56:47 PM - Software Distribution Service 3.0
RP255: 1/2/2012 12:31:33 PM - Removed Google Earth.
RP256: 1/3/2012 1:18:39 PM - System Checkpoint
RP257: 1/4/2012 1:29:10 PM - System Checkpoint
RP258: 1/5/2012 3:52:48 PM - System Checkpoint
RP259: 1/6/2012 4:59:21 PM - System Checkpoint
RP260: 1/7/2012 5:04:56 PM - System Checkpoint
RP261: 1/8/2012 5:44:15 PM - Installed ASUS RT-N13U Wireless Router Utilities
RP262: 1/8/2012 6:11:22 PM - Installed ASUS RT-N13U Wireless Router Utilities
RP263: 1/9/2012 6:54:39 PM - System Checkpoint
RP264: 1/10/2012 9:24:40 PM - System Checkpoint
RP265: 1/11/2012 12:00:15 PM - Software Distribution Service 3.0
RP266: 1/12/2012 3:40:45 PM - System Checkpoint
RP267: 1/12/2012 9:20:51 PM - Software Distribution Service 3.0
RP268: 1/14/2012 10:49:05 AM - Online Armor installation
RP269: 1/15/2012 2:19:25 PM - System Checkpoint
RP270: 1/16/2012 2:53:06 PM - System Checkpoint
RP271: 1/17/2012 4:37:12 PM - System Checkpoint
RP272: 1/18/2012 8:29:56 PM - System Checkpoint
RP273: 1/19/2012 10:16:11 PM - Installed Notebook System Software
RP274: 1/21/2012 2:08:33 PM - System Checkpoint
RP275: 1/22/2012 2:36:53 PM - System Checkpoint
RP276: 1/25/2012 10:52:28 AM - System Checkpoint
RP277: 1/26/2012 1:06:06 PM - System Checkpoint
RP278: 1/27/2012 2:09:44 PM - System Checkpoint
RP279: 1/28/2012 2:34:27 PM - System Checkpoint
RP280: 1/28/2012 6:18:23 PM - Removed COMODO Internet Security
RP281: 1/29/2012 9:23:41 PM - System Checkpoint
RP282: 1/31/2012 2:42:30 PM - System Checkpoint
RP283: 2/1/2012 3:18:41 PM - System Checkpoint
RP284: 2/2/2012 5:01:50 PM - System Checkpoint
RP285: 2/3/2012 5:19:27 PM - System Checkpoint
RP286: 2/4/2012 6:35:50 PM - System Checkpoint
RP287: 2/5/2012 7:58:13 PM - System Checkpoint
RP288: 2/7/2012 10:31:46 AM - System Checkpoint
RP289: 2/8/2012 11:43:54 AM - System Checkpoint
RP290: 2/8/2012 8:51:03 PM - Configured ASUS RT-N13U Wireless Router Utilities
RP291: 2/8/2012 8:58:33 PM - Installed ASUS RT-N13U Wireless Router Utilities
RP292: 2/8/2012 9:16:36 PM - Removed ASUS RT-N13U Wireless Router Utilities
RP293: 2/9/2012 9:50:33 PM - System Checkpoint
RP294: 2/11/2012 11:06:11 AM - System Checkpoint
RP295: 2/12/2012 3:08:13 PM - System Checkpoint
RP296: 2/13/2012 3:58:18 PM - System Checkpoint
RP297: 2/14/2012 3:43:00 PM - Removed Skype™ 5.3
RP298: 2/14/2012 3:43:20 PM - Installed Skype™ 5.8
RP299: 2/14/2012 3:47:39 PM - Software Distribution Service 3.0
RP300: 2/15/2012 5:07:28 PM - System Checkpoint
RP301: 2/16/2012 10:30:22 PM - System Checkpoint
RP302: 2/18/2012 12:22:03 PM - System Checkpoint
RP303: 2/19/2012 12:44:12 PM - System Checkpoint
RP304: 2/20/2012 12:50:38 PM - System Checkpoint
RP305: 2/21/2012 1:13:25 PM - System Checkpoint
RP306: 2/22/2012 1:34:41 PM - System Checkpoint
RP307: 2/24/2012 12:39:06 PM - System Checkpoint
RP308: 2/25/2012 7:17:57 PM - System Checkpoint
RP309: 2/27/2012 12:43:20 PM - System Checkpoint
RP310: 2/28/2012 1:05:34 PM - System Checkpoint
RP311: 2/29/2012 5:10:20 PM - System Checkpoint
RP312: 3/1/2012 5:11:09 PM - System Checkpoint
RP313: 3/1/2012 6:23:05 PM - Restore Operation
RP314: 3/1/2012 6:46:42 PM - Restore Operation
RP315: 3/1/2012 7:36:15 PM - Software Distribution Service 3.0
RP316: 3/1/2012 8:05:41 PM - Software Distribution Service 3.0
RP317: 3/2/2012 10:42:35 AM - Software Distribution Service 3.0
RP318: 3/2/2012 10:59:05 AM - Software Distribution Service 3.0
RP319: 3/2/2012 12:00:24 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
ALPS Touch Pad Driver
Amazon MP3 Downloader 1.0.15
AuthenTec Fingerprint Sensor Minimum Install
avast! Free Antivirus
biolsp patch
Broadcom Gigabit Integrated Controller
Cloudmark DesktopOne
Conexant HDA D110 MDC V.92 Modem
Dell Drivers MSI
Dell Embassy Trust Suite by Wave Systems
Document Manager Lite
EMBASSY Security Center
EMBASSY Security Setup
EMBASSY Trust Suite by Wave Systems
ESC Home Page Plugin
ESET Online Scanner v3
Gemalto
GemSafe Standard Edition 5.1
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
Java Auto Updater
Java(TM) 6 Update 29
K-Lite Codec Pack 6.5.0 (Basic)
Lexmark 5000 Series
Malwarebytes Anti-Malware version 1.60.0.1800
Math 3 Teaching Textbook
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 9.0.1 (x86 en-US)
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NTRU TCG Software Stack
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
OpenOffice.org 3.3
OverDrive Media Console
OZ776 SCR Driver V1.1.4.202
Panda3D Game Engine
PowerDVD
Preboot Manager
Private Information Manager
Secure Update
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Security Wizards
SigmaTel Audio
Skype Toolbars
Skype™ 5.3
Spell Checker For OE 2.1
Trusted Drive Manager
tsp patch
Turbo Lister 2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
upekmsi
USB PC Camera (SN9C101)
Wave Infrastructure Installer
Wave Support Software
WeatherBug
WebFldrs XP
Windows Driver Package - Intel net (03/06/2007 9.1.1.15)
Windows Driver Package - Intel net (08/08/2007 11.1.1.22)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
.
==== Event Viewer Messages From Past Week ========
.
3/2/2012 9:30:27 AM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
3/1/2012 7:46:21 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2633880).
3/1/2012 7:41:03 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2633870).
3/1/2012 6:49:25 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
3/1/2012 6:49:25 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/1/2012 6:29:48 PM, error: System Error [1003] - Error code 1000000a, parameter1 00000000, parameter2 00000002, parameter3 00000001, parameter4 804fc717.
2/29/2012 4:48:11 PM, error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is NICKF-PC.
2/29/2012 12:23:56 PM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.10.106. The machine with the IP address 192.168.10.103 did not allow the name to be claimed by this machine.
2/26/2012 11:53:57 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxdmCATSCustConnectService service to connect.
2/26/2012 11:53:57 AM, error: Service Control Manager [7000] - The lxdmCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

brick

Rookie Surfer
Rookie Surfer

Posts : 130
Joined : 2010-06-09
Operating System : xp

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by brick on Sat 03 Mar 2012, 11:39 am

As I was looking over the above log I noticed at the end a line that indicates that the browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is NICKF_PC.

that is my sons computer...we are both rather surprised by that and don't understand what his computer has to do with mine....

brick

brick

Rookie Surfer
Rookie Surfer

Posts : 130
Joined : 2010-06-09
Operating System : xp

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by Superdave on Sat 03 Mar 2012, 1:22 pm

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [URL="here[You must be registered and logged in to see this link.]here[/URL[/url]] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by brick on Sat 03 Mar 2012, 1:49 pm

It is giving me a message of " c.bat is not recognized as an internal or external command, operable program or batch file."
C:\combofix with a flasher cursor...

thanks

brick

brick

Rookie Surfer
Rookie Surfer

Posts : 130
Joined : 2010-06-09
Operating System : xp

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by Superdave on Sun 04 Mar 2012, 5:55 am

Ok. Delete your copy of ComboFix and follow the instructions below. It's almost the same but you need to rename ComboFix before downloading it.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

When saving ComboFix rename it to PCHelpForum.exe to prevent it from being blocked by malware.

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [URL="here[You must be registered and logged in to see this link.]here[/URL[/url]] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click PCHelpForum.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by brick on Sun 04 Mar 2012, 7:27 am

The same message appeared when I attempted to run the program.

brick

Rookie Surfer
Rookie Surfer

Posts : 130
Joined : 2010-06-09
Operating System : xp

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by Superdave on Sun 04 Mar 2012, 7:38 am

Ok. We'll try one more time.

Delete your copy of ComboFix; download a fresh copy, except before you download it, rename it to blackpudding.bat

Navigate to Start --> Run, and enter the following command exactly as shown:

"%userprofile%\desktop\blackpudding.bat" /killall

See if ComboFix will run now

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by brick on Sun 04 Mar 2012, 8:48 am

When we attempt to navigate to the start and plug the command it gives me this message:
windows cannot find C:\documents and settings\home\desktop\blackpudding.bat Make sure you type name correctly and then try again. To search for a file check start button and then search.

We were able to rename the combofix when it downloaded to blackpudding it showed up on the desktop with an icon.

BTW: I can't delete anything...that is part of the problem with the computer...I can't deleted anything so I can't delete the combo fixes already downloaded. Should we attempt to download to another computer and insert it in this one...via disc or flashdrive sd card?

thanks

brick

brick

Rookie Surfer
Rookie Surfer

Posts : 130
Joined : 2010-06-09
Operating System : xp

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by Superdave on Sun 04 Mar 2012, 10:35 am

I can't deleted anything so I can't delete the combo fixes already downloaded.
Did you try dragging ComboFix to the Recycle Bin?

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by brick on Sun 04 Mar 2012, 10:52 am

Yes and I get this message....."Error deleting file or folder cannot delete access denied Make sure disk is not full or write protected and that the file is not currently in use."

we checked the c drive it has 195 gb of free space. I don't know how it would have been write protected or anything write protected. I can't delete anything at all. I can down load but then it gives me a message ( which I posted on already ) but I can re click the download and then it downloads and runs. ( with the exception of combo fix not running)
This originally made me think it was a hardware or software issue, but then I was advised it might be a virus. I am baffled.

brick

Rookie Surfer
Rookie Surfer

Posts : 130
Joined : 2010-06-09
Operating System : xp

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by Superdave on Sun 04 Mar 2012, 12:07 pm

Can you do anything to the file such as change the name? Did you try deleting them in Safe Mode? Have you tried UnLocker?

You can download and install Unlocker .

Here's some info on how to use Unlocker.

Please update and run MBAM and post the log.

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

  • Save it to your desktop.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the License agreement and click on next.
  • It will, by default, install it to your desktop folder. Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by brick on Sun 04 Mar 2012, 12:26 pm

Hi Superdave,
while waiting for your response I went into safemode and I am able to delete folders and pictures etc. But only in safe mode. I restarted and down loaded a picture and tried to delete it and it denied my access to delete it again. I did download 'unlocker' but did not run it when I saw Babylon attached to it...
I can not change a name of a file either...

I did not also use unlocker because I was getting the download error too and since I could not delete anything it seemed odd to have to download a program to do what the computer use to do anyway. KWIM?

ok...I am off to do the above instructions...wish me luck.

brick

brick

Rookie Surfer
Rookie Surfer

Posts : 130
Joined : 2010-06-09
Operating System : xp

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by Superdave on Sun 04 Mar 2012, 12:56 pm

I did download 'unlocker' but did not run it when I saw Babylon attached to it...
You don't have to accept the Babylon Toolbar. Just uncheck it.
You can try this also. It should already be on your computer.


* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.

Look through the list and let me know if anything was found infected.

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by brick on Sun 04 Mar 2012, 1:04 pm

do you want quick scans or full scans?

FYI: I found I can delete a picture by holding the shift key and pressing delete. But it does not end up in the recycle folder...it is gone.

basically I get an access denied on anything I try to do at this point. It might change the wording but always access denied...so weird...

still running scans.


brick

Rookie Surfer
Rookie Surfer

Posts : 130
Joined : 2010-06-09
Operating System : xp

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by brick on Sun 04 Mar 2012, 2:56 pm

first scan I ran the windows one mrt.exe came back clean. Now running the malwarebytes one. will do the avp tool next,mostly likely in the morning. I have not used the unlocker yet. Would you like me to do that after the avp one? And would the unlocker work for when I want to move a file to a file. For example I wanted to move the skype shortcut on the desktop screen to a folder I called 'extra icons'.. It gives me an access denied message when I try to move it or delete the icon. would the unlocker work for that type of stuff too? Finally I could not open the page link with the information about unlocker. I get this issue sometimes. Another example is I can never access the cnet download pages, not through firefox and not through IE. I can access their articles but NOT their download pages and only on my pc, I can on our family desktops and the kids pcs.
Thanks again for helping me...

brick

brick

Rookie Surfer
Rookie Surfer

Posts : 130
Joined : 2010-06-09
Operating System : xp

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by brick on Mon 05 Mar 2012, 5:44 am

Here is the malwarebytes log: next the avp one. Just to remind you that I have yet to run the blackpudding scan...
thanks,

brick

Malwarebytes Anti-Malware (PRO) 1.60.1.1000
[You must be registered and logged in to see this link.]

Database version: v2012.03.04.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Home :: HOME-1D0150E67D [administrator]

Protection: Enabled

3/4/2012 11:42:34 AM
mbam-log-2012-03-04 (11-42-34).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 280526
Time elapsed: 1 hour(s), 32 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

brick

Rookie Surfer
Rookie Surfer

Posts : 130
Joined : 2010-06-09
Operating System : xp

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by brick on Mon 05 Mar 2012, 6:15 am

Ok, downloaded the avp file and once again I get this message..again dealing with folders...
'contents could not be saved because you can not change contents of that folder. ( as if I was trying...what is trying to change those contents?) change the folder properties and try again or try saving in a different location. '( usually I would save my downloads in the download folder, but this is being saved on the desktop)
Seems to me, in my limited computer knowledge, that something is changing my file/folders commands...

But I can re download it and it comes through fine...crazy....
brick

brick

Rookie Surfer
Rookie Surfer

Posts : 130
Joined : 2010-06-09
Operating System : xp

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by Superdave on Mon 05 Mar 2012, 6:26 am

Please try updating and running MBAM and ComboFix in Safe Mode.

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by Sponsored content Today at 1:14 pm


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum