cannot delete access denied...maybe a virus?

Page 2 of 3 Previous  1, 2, 3  Next

View previous topic View next topic Go down

cannot delete access denied...maybe a virus?

Post by brick on Fri 02 Mar 2012, 7:54 pm

First topic message reminder :

I posted this under software, but I am being advised to post it under virus instead. We have checked the folders and they are marked as read only and when we try to change it, it won't change. I have ran the several scans and they are coming up clean...but I just can't figure out what is going on. Here is my original post I put in software...will delete that one next. I hope someone can figure this out...
Thank you!

Brick

Please forgive me if this is in the wrong place and direct me to the proper place..thank you.

I tried to delete an empty file from "my pictures" this afternoon and got this message. " Cannot delete Access denied Make sure the disk is not full or write protected and that the file is not currently in use" I also got this message when I tried to delete a program I downloaded this evening. I have my account and the computer admin and both have full access...so I should be able to delete what i want. I have not changed anything to my knowledge. Can you help me? I have already been to the Microsoft website and tried to change ownership of the files and that did not help. I also tried to end the process in Task manager and that did not work either. I am at a lost. I use to be able to delete anything. I also turned back the clock to a time I had no issues and that did not help either.
Thank you in advance.

Edit: I would like to add I can move the empty file from my pictures to desktop, but I can not move it to recycle bin. I looked into Unlocker...and I have not used it...this is a strange situation that is affecting any program/file/folder I try to delete or rename..and I never had this issue before. Obviously I would like to figure out what changed on the computer that caused this to happen.

Edit 2: 12 noon..went to download a microsoft safety scanner. After it downloaded and I tried to execute it I got this message: :c/documents and settings/home/mydocuments/msert.exe could not be saved because you cannnot change the contents of that folder. Change the folders properties and try again or try saving to a different location." I then attempted to redownload it and then it executed and open fine. I am now running it. I am not computer smart...learning as I go. Somewhere something has changed on the computer, telling the computer that files/folders are locked and I do not have access. Could some one remotely changed my computer and gained access? if so is that a virus and why has none of the scans picked it up? Did I somehow unknowingly changed something? As of Wednesday I did not have this issue as I was able to download just fine. This occurred yesterday. I first noticed it after downloaded pictures from our digital camera to my computer. The only difference I can think of is the new Avast 7 but I don't think I have downloaded that yet. Again, I can not have successful windows updates either.
Thanks.

Brick

brick

Rookie Surfer
Rookie Surfer

Posts: 130
Joined: 2010-06-09
Operating System: xp

View user profile

Back to top Go down


Re: cannot delete access denied...maybe a virus?

Post by Superdave on Sat 03 Mar 2012, 11:35 pm

I can't deleted anything so I can't delete the combo fixes already downloaded.
Did you try dragging ComboFix to the Recycle Bin?

Superdave
Tech Staff


Tech Staff

Posts: 3249
Joined: 2010-02-01
Operating System: XP Home SP3

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by brick on Sat 03 Mar 2012, 11:52 pm

Yes and I get this message....."Error deleting file or folder cannot delete access denied Make sure disk is not full or write protected and that the file is not currently in use."

we checked the c drive it has 195 gb of free space. I don't know how it would have been write protected or anything write protected. I can't delete anything at all. I can down load but then it gives me a message ( which I posted on already ) but I can re click the download and then it downloads and runs. ( with the exception of combo fix not running)
This originally made me think it was a hardware or software issue, but then I was advised it might be a virus. I am baffled.

brick

Rookie Surfer
Rookie Surfer

Posts: 130
Joined: 2010-06-09
Operating System: xp

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by Superdave on Sun 04 Mar 2012, 1:07 am

Can you do anything to the file such as change the name? Did you try deleting them in Safe Mode? Have you tried UnLocker?

You can download and install Unlocker .

Here's some info on how to use Unlocker.

Please update and run MBAM and post the log.

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

  • Save it to your desktop.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the License agreement and click on next.
  • It will, by default, install it to your desktop folder. Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Superdave
Tech Staff


Tech Staff

Posts: 3249
Joined: 2010-02-01
Operating System: XP Home SP3

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by brick on Sun 04 Mar 2012, 1:26 am

Hi Superdave,
while waiting for your response I went into safemode and I am able to delete folders and pictures etc. But only in safe mode. I restarted and down loaded a picture and tried to delete it and it denied my access to delete it again. I did download 'unlocker' but did not run it when I saw Babylon attached to it...
I can not change a name of a file either...

I did not also use unlocker because I was getting the download error too and since I could not delete anything it seemed odd to have to download a program to do what the computer use to do anyway. KWIM?

ok...I am off to do the above instructions...wish me luck.

brick

brick

Rookie Surfer
Rookie Surfer

Posts: 130
Joined: 2010-06-09
Operating System: xp

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by Superdave on Sun 04 Mar 2012, 1:56 am

I did download 'unlocker' but did not run it when I saw Babylon attached to it...
You don't have to accept the Babylon Toolbar. Just uncheck it.
You can try this also. It should already be on your computer.


* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.

Look through the list and let me know if anything was found infected.

Superdave
Tech Staff


Tech Staff

Posts: 3249
Joined: 2010-02-01
Operating System: XP Home SP3

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by brick on Sun 04 Mar 2012, 2:04 am

do you want quick scans or full scans?

FYI: I found I can delete a picture by holding the shift key and pressing delete. But it does not end up in the recycle folder...it is gone.

basically I get an access denied on anything I try to do at this point. It might change the wording but always access denied...so weird...

still running scans.


brick

Rookie Surfer
Rookie Surfer

Posts: 130
Joined: 2010-06-09
Operating System: xp

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by brick on Sun 04 Mar 2012, 3:56 am

first scan I ran the windows one mrt.exe came back clean. Now running the malwarebytes one. will do the avp tool next,mostly likely in the morning. I have not used the unlocker yet. Would you like me to do that after the avp one? And would the unlocker work for when I want to move a file to a file. For example I wanted to move the skype shortcut on the desktop screen to a folder I called 'extra icons'.. It gives me an access denied message when I try to move it or delete the icon. would the unlocker work for that type of stuff too? Finally I could not open the page link with the information about unlocker. I get this issue sometimes. Another example is I can never access the cnet download pages, not through firefox and not through IE. I can access their articles but NOT their download pages and only on my pc, I can on our family desktops and the kids pcs.
Thanks again for helping me...

brick

brick

Rookie Surfer
Rookie Surfer

Posts: 130
Joined: 2010-06-09
Operating System: xp

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by brick on Sun 04 Mar 2012, 6:44 pm

Here is the malwarebytes log: next the avp one. Just to remind you that I have yet to run the blackpudding scan...
thanks,

brick

Malwarebytes Anti-Malware (PRO) 1.60.1.1000
[You must be registered and logged in to see this link.]

Database version: v2012.03.04.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Home :: HOME-1D0150E67D [administrator]

Protection: Enabled

3/4/2012 11:42:34 AM
mbam-log-2012-03-04 (11-42-34).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 280526
Time elapsed: 1 hour(s), 32 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

brick

Rookie Surfer
Rookie Surfer

Posts: 130
Joined: 2010-06-09
Operating System: xp

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by brick on Sun 04 Mar 2012, 7:15 pm

Ok, downloaded the avp file and once again I get this message..again dealing with folders...
'contents could not be saved because you can not change contents of that folder. ( as if I was trying...what is trying to change those contents?) change the folder properties and try again or try saving in a different location. '( usually I would save my downloads in the download folder, but this is being saved on the desktop)
Seems to me, in my limited computer knowledge, that something is changing my file/folders commands...

But I can re download it and it comes through fine...crazy....
brick

brick

Rookie Surfer
Rookie Surfer

Posts: 130
Joined: 2010-06-09
Operating System: xp

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by Superdave on Sun 04 Mar 2012, 7:26 pm

Please try updating and running MBAM and ComboFix in Safe Mode.

Superdave
Tech Staff


Tech Staff

Posts: 3249
Joined: 2010-02-01
Operating System: XP Home SP3

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by brick on Mon 05 Mar 2012, 1:21 am

Hi Superdave! Just got done with the AVP and it came up clean. Interesting to note I was sitting and watching the scan it one file came up as 'password protected' but there was no report or way for me to figure out what the file was...
I stillhave combo fix listed as black pudding...do you want me to run that one?

brick

Rookie Surfer
Rookie Surfer

Posts: 130
Joined: 2010-06-09
Operating System: xp

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by Superdave on Mon 05 Mar 2012, 1:51 am

brick wrote:Hi Superdave! Just got done with the AVP and it came up clean. Interesting to note I was sitting and watching the scan it one file came up as 'password protected' but there was no report or way for me to figure out what the file was...
I stillhave combo fix listed as black pudding...do you want me to run that one?

Yes, please.

Superdave
Tech Staff


Tech Staff

Posts: 3249
Joined: 2010-02-01
Operating System: XP Home SP3

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by brick on Mon 05 Mar 2012, 2:15 am

here is the combo fix listed as blackpudding log.
Thanks again!

brick

ComboFix 12-03-03.01 - Home 03/04/2012 20:39:56.1.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.3078 [GMT -5:00]
Running from: c:\documents and settings\Home\Desktop\blackpudding.bat.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\SPL1B5.tmp
c:\documents and settings\All Users\SPLBA.tmp
c:\program files\Downloaded Installers
c:\program files\Downloaded Installers\{87e60394-2e62-400d-99c0-c1bea2f9a439}\setup.msi
.
.
((((((((((((((((((((((((( Files Created from 2012-02-05 to 2012-03-05 )))))))))))))))))))))))))))))))
.
.
2012-03-03 20:25 . 2012-03-03 20:25 -------- d-----w- C:\PCHelpForum
2012-03-03 02:52 . 2012-03-03 20:25 -------- d-----w- C:\ComboFix
2012-03-03 02:50 . 2012-03-03 02:50 -------- d-----w- C:\avast! sandbox
2012-03-02 16:38 . 2012-03-02 16:38 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-03-02 02:09 . 2012-03-02 02:09 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\PCHealth
2012-03-01 23:47 . 2012-03-01 23:47 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-14 20:45 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-14 20:45 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-14 20:43 . 2012-02-14 20:43 -------- d-----w- c:\program files\Common Files\Skype
2012-02-14 20:24 . 2012-02-18 16:29 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-05 01:30 . 2011-01-13 20:30 0 ----a-w- c:\documents and settings\Home\Local Settings\Application Data\WavXMapDrive.bat
2012-02-23 16:23 . 2011-06-13 15:36 41184 ----a-w- c:\windows\avastSS.scr
2012-02-23 16:23 . 2011-06-13 15:36 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-23 16:12 . 2011-06-13 15:37 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-23 16:12 . 2011-06-13 15:37 337112 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-23 16:10 . 2011-06-13 15:37 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-23 16:10 . 2011-06-13 15:37 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-23 16:10 . 2011-06-13 15:37 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-02-23 16:10 . 2011-06-13 15:37 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-02-23 16:10 . 2011-06-13 15:37 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 16:07 . 2011-06-13 15:37 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-02-21 20:20 . 2011-06-13 16:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 16:53 . 2008-04-14 07:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-23 18:00 . 2011-12-23 18:00 18944 ----a-r- c:\documents and settings\Home\Application Data\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2011-12-23 18:00 . 2011-12-23 18:00 11264 ----a-r- c:\documents and settings\Home\Application Data\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A1630.exe
2011-12-17 19:46 . 2008-04-14 07:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2008-04-14 07:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2008-04-14 07:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2008-04-14 07:00 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 20:24 . 2010-11-11 23:30 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-15 14:44 . 2011-06-18 19:24 568832 ----a-w- c:\program files\mozilla firefox\plugins\msvcp90.dll
2011-03-15 14:44 . 2011-06-18 19:24 655872 ----a-w- c:\program files\mozilla firefox\plugins\msvcr90.dll
2012-02-18 16:29 . 2012-02-14 20:24 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-02-23 16:23 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2010-10-29 1652736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2000-01-01 405504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2000-01-01 13594624]
"nwiz"="nwiz.exe" [2000-01-01 1657376]
"NVHotkey"="nvHotkey.dll" [2000-01-01 90112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2000-01-01 86016]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2007-09-12 176128]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2007-09-14 75064]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-02-23 4031368]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-06-08 128560]
"lxdmmon.exe"="c:\program files\Lexmark 5000 Series\lxdmmon.exe" [2007-12-14 455336]
"lxdmamon"="c:\program files\Lexmark 5000 Series\lxdmamon.exe" [2007-12-14 25256]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\documents and settings\Home\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Cloudmark DesktopOne.lnk - c:\program files\Cloudmark\Desktop\Service\cdswin.exe [2011-7-28 1107040]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 21:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Home\\Application Data\\Macromedia\\Flash Player\\[You must be registered and logged in to see this link.]
"c:\\WINDOWS\\system32\\lxdmcoms.exe"=
"c:\\Program Files\\Lexmark 5000 Series\\lxdmmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmtime.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Wave Systems Corp\\Security Wizards\\bin\\Secure 8021x.exe"=
"c:\\Program Files\\ASUS\\Printer Utilities\\UsbService.exe"=
"c:\\Documents and Settings\\Home\\Application Data\\Microsoft\\Installer\\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\\IconBB6A1630.exe"=
.
S0 cerc6;cerc6; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/13/2011 10:37 AM 610648]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/13/2011 10:37 AM 337112]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/13/2011 10:37 AM 20696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/27/2011 4:06 PM 136176]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/11/2010 6:30 PM 652360]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/14/2011 1:01 AM 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [10/14/2011 1:01 AM 399416]
S2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [4/14/2008 2:00 AM 5120]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/27/2011 4:06 PM 136176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/11/2010 6:30 PM 20464]
S3 vuhub;Virtual Usb Hub;c:\windows\system32\drivers\vuhub.sys [1/8/2012 5:45 PM 66432]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MDMXSDK
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-27 21:06]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-27 21:06]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: Download All by ASUS Download - c:\program files\ASUS\RT-N13U Wireless Router Utilities\ASDownloadAll.htm
IE: Download using ASUS Download - c:\program files\ASUS\RT-N13U Wireless Router Utilities\ASDownload.htm
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{2CDA7A26-4598-48B5-8780-03881CEE3E50}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\wgbcqu8j.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
AddRemove-Adobe Flash Player Plugin - c:\windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2012-03-04 21:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(232)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'lsass.exe'(288)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
Completion time: 2012-03-04 21:04:02
ComboFix-quarantined-files.txt 2012-03-05 02:04
.
Pre-Run: 210,582,843,392 bytes free
Post-Run: 212,043,386,880 bytes free
.
- - End Of File - - 3FC95E6C4B4731EF6D0EC912DEE28C6A

brick

Rookie Surfer
Rookie Surfer

Posts: 130
Joined: 2010-06-09
Operating System: xp

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by Superdave on Mon 05 Mar 2012, 2:28 am

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply
*********************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

[You must be registered and logged in to see this link.]

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.

    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

  • At the bottom of the page

    • Hidden Objects Only << Selected

  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Superdave
Tech Staff


Tech Staff

Posts: 3249
Joined: 2010-02-01
Operating System: XP Home SP3

View user profile

Back to top Go down

Re: cannot delete access denied...maybe a virus?

Post by brick on Mon 05 Mar 2012, 5:59 pm

Here is the aswMBR log: off to do the next one.

Thanks so much for helping!

brick

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-05 12:10:09
-----------------------------
12:10:09.484 OS Version: Windows 5.1.2600 Service Pack 3
12:10:09.484 Number of processors: 2 586 0xE08
12:10:09.484 ComputerName: HOME-1D0150E67D UserName: Home
12:10:10.843 Initialize success
12:10:11.062 AVAST engine defs: 12030500
12:10:14.359 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:10:14.359 Disk 0 Vendor: WDC_WD2500BEVT-75ZCT2 11.01A11 Size: 238475MB BusType: 3
12:10:14.390 Disk 0 MBR read successfully
12:10:14.390 Disk 0 MBR scan
12:10:14.406 Disk 0 Windows XP default MBR code
12:10:14.406 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238472 MB offset 63
12:10:14.406 Disk 0 scanning sectors +488392065
12:10:14.484 Disk 0 scanning C:\WINDOWS\system32\drivers
12:10:21.781 Service scanning
12:10:35.250 Modules scanning
12:10:40.984 Disk 0 trace - called modules:
12:10:41.000 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
12:10:41.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af79ab8]
12:10:41.000 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\0000007f[0x8af7bf18]
12:10:41.015 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8afbdd98]
12:10:42.312 AVAST engine scan C:\WINDOWS
12:10:51.890 AVAST engine scan C:\WINDOWS\system32
12:13:08.671 AVAST engine scan C:\WINDOWS\system32\drivers
12:13:30.718 AVAST engine scan C:\Documents and Settings\Home
12:50:24.250 AVAST engine scan C:\Documents and Settings\All Users
12:54:08.609 Scan finished successfully
12:56:22.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Home\Desktop\MBR.dat"
12:56:22.015 The log file has been saved successfully to "C:\Documents and Settings\Home\Desktop\aswMBR.txt"



brick

Rookie Surfer
Rookie Surfer

Posts: 130
Joined: 2010-06-09
Operating System: xp

View user profile

Back to top Go down

Page 2 of 3 Previous  1, 2, 3  Next

View previous topic View next topic Back to top


Permissions in this forum:
You cannot reply to topics in this forum