Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Safe mode and problem deleting a folder


  • Please log in to reply
15 replies to this topic

#1 KickAzzDude

KickAzzDude

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 30 January 2009 - 10:45 PM

Hi, I recently got infected with some virus/trojans and I think I got it out since bitdefender no longer finds anything. The problem is that now I cannot get into safe mode. It starts to list all the drivers but then it restarts my computer. Also during the virus infection I tried installing avast antivirus and apparently it wasnt successfull because it doesnt open, but it still shows up in my processes invisible with an alternative task manager. Ive tried so many different ways of trying to delete the folder but nothing works, it says Access denied or Write protected. I tried using a program called "unlocker" but that didnt work either. Any help would be greatly appreciated cuz it is really annoying me.

BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 31 January 2009 - 05:02 AM

Hi,

First let's take a look. Maybe there is still active malware on your computer.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

#3 KickAzzDude

KickAzzDude
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 31 January 2009 - 03:39 PM

I ran a quick scan and nothing came up, then a full scan and this was the log.

Malwarebytes' Anti-Malware 1.33
Database version: 1699
Windows 5.1.2600 Service Pack 3

1/31/2009 2:37:19 PM
mbam-log-2009-01-31 (14-37-19).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 150851
Time elapsed: 1 hour(s), 0 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 31 January 2009 - 03:42 PM

Hi,

Seems good. Let's try this to solve the Safe mode problem:

We need to repair some of windows' internal registration settings
  • Please download Dial-A-Fix from one of the following mirrors:
  • Extract the zip file to your desktop.
  • Double click Dial-a-Fix.exe to start the program.
  • Press the green double checkmark box (Looks like this: Posted Image)
  • UNcheck "Empty Temp Folders", as well as "Adjust Time/Date" in the prep section. The prep section should then look like this:
    Posted Image
  • When the window looks like this, press the GO button in the bottom of the window.
    Posted Image
  • Exit/Close Dial-A-Fix


#5 KickAzzDude

KickAzzDude
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 31 January 2009 - 05:49 PM

Didn't fix safe mode, it still restarts. Also there was a secondary box along with the dial-a-fix window that said "Restrictive policies"

HKEY_USERS .DEFAULT\Software\Microsoft\Windows\Currentversion\Policies\System\DisableRegistryTools
and
HKEY+USERS S-1-5-18\Sowftware\Microsoft\Windows\Currentversion\Policies\System\DisableRegistryTools

Could that be affecting anything?

#6 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 01 February 2009 - 06:24 AM

Let Dial-A-Fix fix that.

Also do this:

Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
  • Once the files are downloaded click on Next
  • Click on Scan Settings and configure as follows:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:Scan Archives
      Scan Mail Bases
  • Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
Posted Image
Posted Image
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

#7 KickAzzDude

KickAzzDude
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 01 February 2009 - 02:10 PM

I tried running Kaspersky Online Scanner but for some reason it wont update, so I am unable to start a scan. Tried downloading the latest Java Applet since it prompted me whether I wanted to run the program via Java but that didn't help.

#8 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 01 February 2009 - 02:17 PM

Hi,

We have alternatives. Do this:

Download this file: zoek.exe
Start the tool. A logfile will open after a while.
Post the contents of the logfile in your next reply.

#9 KickAzzDude

KickAzzDude
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 01 February 2009 - 05:20 PM

======C:\WINDOWS====
----a-w 0 2009-02-01 04:39:01 C:\WINDOWS\0.log
----a-w 5,178 2009-02-01 19:00:40 C:\WINDOWS\bitssetup.log
--s-a-w 2,048 2009-02-01 04:38:42 C:\WINDOWS\bootstat.dat
----a-w 373 2009-01-27 22:30:59 C:\WINDOWS\cmsetacl.log
----a-w 298,882 2009-02-01 01:59:41 C:\WINDOWS\comsetup.log
----a-w 97,726 2009-01-31 00:18:20 C:\WINDOWS\DirectX.log
----a-w 6,150 2009-02-01 01:24:58 C:\WINDOWS\DPINST.LOG
----a-w 867 2009-01-27 22:40:56 C:\WINDOWS\DtcInstall.log
----a-w 55,322 2009-02-01 01:59:41 C:\WINDOWS\ehOCGen.log
----a-w 1,000,621 2009-02-01 01:59:40 C:\WINDOWS\FaxSetup.log
----a-w 7,401 2009-01-27 21:33:43 C:\WINDOWS\IDNMitigationAPIs.log
----a-w 1,438 2009-01-31 02:02:15 C:\WINDOWS\IE4 Error Log.txt
----a-w 63,657 2009-01-27 21:34:46 C:\WINDOWS\ie7.log
----a-w 41,706 2009-01-27 21:35:36 C:\WINDOWS\ie7_main.log
----a-w 1,120,803 2009-02-01 01:59:41 C:\WINDOWS\iis6.log
----a-w 1,374 2009-02-01 01:59:25 C:\WINDOWS\imsins.BAK
----a-w 1,374 2009-02-01 01:59:41 C:\WINDOWS\imsins.log
----a-w 14,090 2009-01-27 21:47:47 C:\WINDOWS\KB886185.log
----a-w 23,606 2009-01-27 21:47:50 C:\WINDOWS\KB888302.log
----a-w 40,744 2009-01-27 21:51:36 C:\WINDOWS\KB890046.log
----a-w 26,508 2009-01-27 21:48:00 C:\WINDOWS\KB890859.log
----a-w 4,631 2009-01-27 21:40:31 C:\WINDOWS\KB892130.log
----a-w 44,378 2009-01-27 21:48:04 C:\WINDOWS\KB893756.log
----a-w 7,851 2009-01-27 21:22:42 C:\WINDOWS\KB893803v2.log
----a-w 26,415 2009-01-27 21:48:15 C:\WINDOWS\KB896423.log
----a-w 22,580 2009-01-27 21:47:54 C:\WINDOWS\KB896428.log
----a-w 8,174 2009-01-27 21:22:23 C:\WINDOWS\KB898461.log
----a-w 26,733 2009-01-27 21:48:11 C:\WINDOWS\KB899587.log
----a-w 25,211 2009-01-27 21:48:08 C:\WINDOWS\KB899591.log
----a-w 32,139 2009-01-27 21:49:40 C:\WINDOWS\KB900485.log
----a-w 31,874 2009-01-27 21:49:02 C:\WINDOWS\KB900725.log
----a-w 35,365 2009-01-27 21:48:47 C:\WINDOWS\KB901017.log
----a-w 12,082 2009-01-27 21:30:11 C:\WINDOWS\KB904942.log
----a-w 25,931 2009-01-27 21:48:51 C:\WINDOWS\KB905414.log
----a-w 28,533 2009-01-27 21:48:54 C:\WINDOWS\KB905749.log
----a-w 33,102 2009-01-27 21:49:09 C:\WINDOWS\KB908519.log
----a-w 27,781 2009-01-27 21:49:47 C:\WINDOWS\KB908531.log
----a-w 21,791 2009-01-27 21:49:06 C:\WINDOWS\KB910437.log
----a-w 29,968 2009-01-27 21:50:01 C:\WINDOWS\KB911280.log
----a-w 31,433 2009-01-27 21:49:17 C:\WINDOWS\KB911562.log
----a-w 29,134 2009-01-27 21:49:13 C:\WINDOWS\KB911927.log
----a-w 35,640 2009-01-27 21:49:58 C:\WINDOWS\KB913580.log
----a-w 27,151 2009-01-27 21:49:36 C:\WINDOWS\KB913800.log
----a-w 40,427 2009-01-27 21:50:05 C:\WINDOWS\KB914388.log
----a-w 38,347 2009-01-27 21:49:50 C:\WINDOWS\KB914389.log
----a-w 6,288 2009-01-27 21:30:18 C:\WINDOWS\KB914440.log
----a-w 9,817 2009-01-27 21:33:13 C:\WINDOWS\KB915865.log
----a-w 32,307 2009-01-27 21:50:23 C:\WINDOWS\KB916595.log
----a-w 43,479 2009-01-27 21:51:12 C:\WINDOWS\KB918118.log
----a-w 28,204 2009-01-27 21:49:54 C:\WINDOWS\KB918439.log
----a-w 32,734 2009-01-27 21:51:37 C:\WINDOWS\KB920213.log
----a-w 39,878 2009-01-27 21:50:09 C:\WINDOWS\KB920670.log
----a-w 40,762 2009-01-27 21:50:13 C:\WINDOWS\KB920683.log
----a-w 34,313 2009-01-27 21:50:27 C:\WINDOWS\KB920685.log
----a-w 34,902 2009-01-27 21:50:32 C:\WINDOWS\KB920872.log
----a-w 27,062 2009-01-27 21:50:19 C:\WINDOWS\KB922582.log
----a-w 30,925 2009-01-27 21:50:36 C:\WINDOWS\KB923191.log
----a-w 38,151 2009-01-27 21:53:48 C:\WINDOWS\KB923689.log
----a-w 30,553 2009-01-27 21:51:44 C:\WINDOWS\KB923723.log
----a-w 36,296 2009-01-27 21:50:43 C:\WINDOWS\KB923980.log
----a-w 35,702 2009-01-27 21:50:39 C:\WINDOWS\KB924270.log
----a-w 5,039 2009-01-27 21:31:30 C:\WINDOWS\KB924496.log
----a-w 36,528 2009-01-27 21:51:05 C:\WINDOWS\KB924667.log
----a-w 33,617 2009-01-27 21:52:13 C:\WINDOWS\KB925398.log
----a-w 12,063 2009-02-01 01:57:55 C:\WINDOWS\KB925766.log
----a-w 40,795 2009-01-27 21:51:21 C:\WINDOWS\KB925902.log
----a-w 34,882 2009-01-27 21:50:47 C:\WINDOWS\KB926255.log
----a-w 41,261 2009-01-27 21:51:16 C:\WINDOWS\KB926436.log
----a-w 41,867 2009-01-27 21:51:09 C:\WINDOWS\KB927779.log
----a-w 38,661 2009-01-27 21:51:02 C:\WINDOWS\KB927802.log
----a-w 35,692 2009-01-27 21:51:48 C:\WINDOWS\KB927891.log
----a-w 46,334 2009-01-27 21:50:55 C:\WINDOWS\KB928255.log
----a-w 45,104 2009-01-27 21:50:58 C:\WINDOWS\KB928843.log
----a-w 41,741 2009-01-27 21:51:53 C:\WINDOWS\KB929123.log
----a-w 8,525 2009-01-31 00:57:42 C:\WINDOWS\KB929399.log
----a-w 49,953 2009-01-27 21:51:24 C:\WINDOWS\KB930178.log
----a-w 33,960 2009-01-27 21:52:26 C:\WINDOWS\KB930494.log
----a-w 43,214 2009-01-27 21:51:41 C:\WINDOWS\KB930916.log
----a-w 41,618 2009-01-27 21:51:28 C:\WINDOWS\KB931261.log
----a-w 44,483 2009-01-27 21:51:32 C:\WINDOWS\KB932168.log
----a-w 251,578 2009-01-28 20:55:05 C:\WINDOWS\KB932716-v2.log
----a-w 49,537 2009-01-27 21:53:33 C:\WINDOWS\KB932823-v3.log
----a-w 37,780 2009-01-27 21:52:39 C:\WINDOWS\KB933729.log
----a-w 47,214 2009-01-27 21:52:00 C:\WINDOWS\KB935839.log
----a-w 40,385 2009-01-27 21:51:57 C:\WINDOWS\KB935840.log
----a-w 41,254 2009-01-27 21:54:18 C:\WINDOWS\KB936782.log
----a-w 46,011 2009-01-27 21:52:54 C:\WINDOWS\KB937894.log
----a-w 45,687 2009-01-27 21:52:34 C:\WINDOWS\KB938127-IE7.log
----a-w 43,705 2009-01-27 21:54:08 C:\WINDOWS\KB938127-v2-IE7.log
----a-w 4,024 2009-01-27 21:30:12 C:\WINDOWS\KB938127.log
----a-w 241,078 2009-01-27 22:34:14 C:\WINDOWS\KB938464.log
----a-w 42,754 2009-01-27 21:52:30 C:\WINDOWS\KB938828.log
----a-w 42,852 2009-01-29 09:03:59 C:\WINDOWS\KB941569.log
----a-w 52,985 2009-01-27 21:53:16 C:\WINDOWS\KB943055.log
----a-w 39,266 2009-01-27 21:52:46 C:\WINDOWS\KB943460.log
----a-w 53,766 2009-01-27 21:53:09 C:\WINDOWS\KB943485.log
----a-w 2,864 2009-01-27 21:27:36 C:\WINDOWS\KB944338-v2.log
----a-w 51,591 2009-01-27 21:52:50 C:\WINDOWS\KB944653.log
----a-w 51,251 2009-01-27 21:53:20 C:\WINDOWS\KB945553.log
----a-w 51,396 2009-01-27 21:53:12 C:\WINDOWS\KB946026.log
----a-w 241,113 2009-01-27 22:34:18 C:\WINDOWS\KB946648.log
----a-w 46,278 2009-01-27 21:53:29 C:\WINDOWS\KB950749.log
----a-w 236,354 2009-01-27 22:34:21 C:\WINDOWS\KB950762.log
----a-w 270,873 2009-01-27 22:34:25 C:\WINDOWS\KB950974.log
----a-w 240,618 2009-01-27 22:34:30 C:\WINDOWS\KB951066.log
----a-w 236,527 2009-01-27 22:34:34 C:\WINDOWS\KB951376-v2.log
----a-w 250,513 2009-01-27 22:34:38 C:\WINDOWS\KB951698.log
----a-w 258,125 2009-01-27 22:34:43 C:\WINDOWS\KB951748.log
----a-w 167,499 2009-01-29 09:04:05 C:\WINDOWS\KB951978.log
----a-w 60,587 2009-01-29 09:03:25 C:\WINDOWS\KB952069.log
----a-w 241,005 2009-01-27 22:34:47 C:\WINDOWS\KB952287.log
----a-w 249,624 2009-01-27 22:34:50 C:\WINDOWS\KB952954.log
----a-w 38,613 2009-01-27 21:53:54 C:\WINDOWS\KB953356.log
----a-w 241,692 2009-01-27 22:34:55 C:\WINDOWS\KB954211.log
----a-w 166,290 2009-01-29 09:03:42 C:\WINDOWS\KB954459.log
----a-w 241,468 2009-01-27 22:34:59 C:\WINDOWS\KB954600.log
----a-w 242,601 2009-01-27 22:35:03 C:\WINDOWS\KB955069.log
----a-w 97,299 2009-01-27 22:35:05 C:\WINDOWS\KB955839.log
----a-w 83,598 2009-01-27 21:35:06 C:\WINDOWS\KB956390-IE7.log
----a-w 50,239 2009-01-31 00:58:03 C:\WINDOWS\KB956391.log
----a-w 257,417 2009-01-27 22:35:10 C:\WINDOWS\KB956802.log
----a-w 243,068 2009-01-27 22:35:13 C:\WINDOWS\KB956803.log
----a-w 244,265 2009-01-27 22:35:19 C:\WINDOWS\KB956841.log
----a-w 242,779 2009-01-27 22:35:23 C:\WINDOWS\KB957097.log
----a-w 67,666 2009-01-31 00:57:59 C:\WINDOWS\KB958215-IE7.log
----a-w 243,301 2009-01-27 22:35:27 C:\WINDOWS\KB958644.log
----a-w 242,411 2009-01-27 22:35:31 C:\WINDOWS\KB958687.log
----a-w 45,661 2009-01-27 21:55:30 C:\WINDOWS\KB960714-IE7.log
----a-w 2,626 2009-02-01 04:39:18 C:\WINDOWS\medblker.Log
----a-w 127,732 2009-02-01 04:39:12 C:\WINDOWS\MedCtrOC.log
----a-w 6,153 2009-02-01 01:59:41 C:\WINDOWS\MSCompPackV1.log
----a-w 49,657 2009-02-01 01:59:40 C:\WINDOWS\msgsocm.log
----a-w 312,220 2009-02-01 01:59:37 C:\WINDOWS\msmqinst.log
----a-w 316,310 2009-01-27 21:55:09 C:\WINDOWS\msxml4-KB954430-enu.LOG
----a-w 187,247 2009-02-01 01:59:41 C:\WINDOWS\netfxocm.log
----a-w 5,844 2009-01-27 21:33:30 C:\WINDOWS\NLSDownlevelMapping.log
----a-w 0 2009-01-30 01:16:12 C:\WINDOWS\nsreg.dat
----a-w 170,512 2009-01-27 06:58:29 C:\WINDOWS\ntbtlog.txt
----a-w 180,520 2009-02-01 01:59:41 C:\WINDOWS\ntdtcsetup.log
----a-w 485,099 2009-02-01 01:59:41 C:\WINDOWS\ocgen.log
----a-w 48,228 2009-02-01 01:59:41 C:\WINDOWS\ocmsn.log
----a-w 1,523 2009-01-27 22:39:30 C:\WINDOWS\OEWABLog.txt
----a-w 12,546 2009-01-31 02:06:17 C:\WINDOWS\Partizan.txt
----a-w 115,679 2009-02-01 01:59:41 C:\WINDOWS\plusoc.log
----a-w 31 2009-01-27 08:58:31 C:\WINDOWS\Quicken.ini
----a-w 3,364 2009-01-27 06:51:41 C:\WINDOWS\regopt.log
----a-w 26,422 2009-02-01 04:37:16 C:\WINDOWS\SchedLgU.Txt
----a-w 2,998 2009-01-27 22:30:51 C:\WINDOWS\sessmgr.setup.log
----a-w 357,484 2009-01-29 22:24:56 C:\WINDOWS\setupact.log
----a-w 916,683 2009-02-01 22:17:06 C:\WINDOWS\setupapi.log
----a-w 399 2009-01-27 06:53:10 C:\WINDOWS\setuperr.log
----a-w 1,041,246 2009-01-27 22:39:04 C:\WINDOWS\setuplog.txt
----a-w 85,876 2009-02-01 04:39:18 C:\WINDOWS\spupdsvc.log
----a-w 187 2009-01-27 22:40:48 C:\WINDOWS\spupdsvc.log.1.log
----a-w 530,170 2009-01-27 22:35:32 C:\WINDOWS\svcpack.log
----a-w 459 2009-01-31 02:05:04 C:\WINDOWS\system.ini
----a-w 49,966 2009-02-01 01:59:41 C:\WINDOWS\tabletoc.log
----a-w 458,301 2009-02-01 01:59:41 C:\WINDOWS\tsoc.log
----a-w 183,125 2009-02-01 01:57:35 C:\WINDOWS\updspapi.log
----a-w 248,387 2009-01-28 20:56:00 C:\WINDOWS\Wdf01007Inst.log
----a-w 215 2009-01-31 20:40:02 C:\WINDOWS\wiadebug.log
----a-w 49 2009-01-31 20:40:02 C:\WINDOWS\wiaservc.log
----a-w 623 2009-02-01 01:59:13 C:\WINDOWS\win.ini
----a-w 1,172,625 2009-02-01 20:46:48 C:\WINDOWS\WindowsUpdate.log
--shatr 2 2009-01-30 02:58:01 C:\WINDOWS\winstart.bat
----a-w 294,185 2009-02-01 01:58:31 C:\WINDOWS\WMFDist11.log
----a-w 20,385 2009-02-01 01:59:25 C:\WINDOWS\wmp11.log
----a-w 49,505 2009-02-01 20:00:13 C:\WINDOWS\wmsetup.log
----a-w 2,336 2009-02-01 01:59:25 C:\WINDOWS\wmsetup10.log
----a-w 316,640 2009-01-28 20:54:47 C:\WINDOWS\WMSysPr9.prx
----a-w 253,327 2009-02-01 01:57:58 C:\WINDOWS\Wudf01000Inst.log

Entries: 171 (169)
Directories: 0 Files: 171
Bytes: 19,154,597 Blocks: 37,496
======C:\WINDOWS\system32=====
----a-w 1,063 2009-01-27 06:53:11 C:\WINDOWS\System32\$winnt$.inf
----a-w 124,928 2008-10-16 20:38:34 C:\WINDOWS\System32\advpack.dll
----a-w 16,832 2009-02-01 19:01:48 C:\WINDOWS\System32\amcompat.tlb
----a-w 1,236,208 2008-11-26 17:21:30 C:\WINDOWS\System32\aswBoot.exe
----a-w 1,688 2009-01-30 02:58:01 C:\WINDOWS\System32\AUTOEXEC.NT
----a-w 97,480 2008-11-26 17:15:10 C:\WINDOWS\System32\AvastSS.scr
----a-w 81,984 2009-02-01 22:14:45 C:\WINDOWS\System32\bdod.bin
----a-w 332 2009-01-31 00:36:35 C:\WINDOWS\System32\BDUpdateV1.xml
----a-w 92,696 2008-10-16 20:09:44 C:\WINDOWS\System32\cdm.dll
----a-w 2,626 2009-01-30 02:58:01 C:\WINDOWS\System32\CONFIG.NT
----a-w 410,984 2009-02-01 18:56:10 C:\WINDOWS\System32\deploytk.dll
----a-w 684,032 2008-11-06 16:33:52 C:\WINDOWS\System32\DivX.dll
----a-w 729,088 2008-11-06 16:33:44 C:\WINDOWS\System32\divxdec.ax
----a-w 352,401 2008-11-06 16:33:44 C:\WINDOWS\System32\DivXMedia.ax
----a-w 524,288 2008-11-06 16:37:36 C:\WINDOWS\System32\DivXsm.exe
----a-w 4,816 2008-11-06 16:37:36 C:\WINDOWS\System32\divxsm.tlb
----a-w 12,288 2008-11-06 16:33:02 C:\WINDOWS\System32\DivXWMPExtType.dll
----a-w 823,296 2008-11-06 16:33:54 C:\WINDOWS\System32\divx_xx07.dll
----a-w 815,104 2008-11-06 16:33:54 C:\WINDOWS\System32\divx_xx0a.dll
----a-w 823,296 2008-11-06 16:33:54 C:\WINDOWS\System32\divx_xx0c.dll
----a-w 802,816 2008-11-06 16:33:54 C:\WINDOWS\System32\divx_xx11.dll
----a-w 86,016 2008-12-11 00:33:26 C:\WINDOWS\System32\dpl100.dll
----a-w 416 2008-11-06 16:34:00 C:\WINDOWS\System32\dpl100.dll.manifest
----a-w 294,912 2008-12-09 02:28:52 C:\WINDOWS\System32\dpu11.dll
----a-w 593,920 2008-12-09 02:28:52 C:\WINDOWS\System32\dpuGUI11.dll
----a-w 344,064 2008-12-09 02:28:52 C:\WINDOWS\System32\dpus11.dll
----a-w 57,344 2008-12-09 02:28:52 C:\WINDOWS\System32\dpv11.dll
----a-w 200,704 2008-12-11 00:33:26 C:\WINDOWS\System32\dtu100.dll
----a-w 416 2008-11-06 16:34:00 C:\WINDOWS\System32\dtu100.dll.manifest
------w 347,136 2008-10-16 20:38:34 C:\WINDOWS\System32\dxtmsft.dll
------w 214,528 2008-10-16 20:38:34 C:\WINDOWS\System32\dxtrans.dll
------w 133,120 2008-10-16 20:38:35 C:\WINDOWS\System32\extmgr.dll
----a-w 307,600 2009-01-29 22:21:03 C:\WINDOWS\System32\FNTCACHE.DAT
----a-w 286,720 2008-10-23 12:36:14 C:\WINDOWS\System32\gdi32.dll
----a-w 63,488 2008-10-16 20:38:35 C:\WINDOWS\System32\icardie.dll
------w 70,656 2008-10-16 13:11:09 C:\WINDOWS\System32\ie4uinit.exe
------w 153,088 2008-10-16 20:38:35 C:\WINDOWS\System32\ieakeng.dll
------w 230,400 2008-10-16 20:38:35 C:\WINDOWS\System32\ieaksie.dll
------w 161,792 2008-10-15 07:04:53 C:\WINDOWS\System32\ieakui.dll
----a-w 383,488 2008-10-16 20:38:35 C:\WINDOWS\System32\ieapfltr.dll
------w 384,512 2008-10-16 20:38:35 C:\WINDOWS\System32\iedkcs32.dll
----a-w 6,066,176 2008-10-16 20:38:37 C:\WINDOWS\System32\ieframe.dll
------w 44,544 2008-10-16 20:38:37 C:\WINDOWS\System32\iernonce.dll
----a-w 267,776 2008-10-16 20:38:37 C:\WINDOWS\System32\iertutil.dll
----a-w 13,824 2008-10-16 13:11:09 C:\WINDOWS\System32\ieudinit.exe
------w 1,831,424 2008-10-16 20:38:37 C:\WINDOWS\System32\inetcpl.cpl
----a-w 144,792 2009-02-01 18:56:11 C:\WINDOWS\System32\java.exe
----a-w 73,728 2009-02-01 18:56:11 C:\WINDOWS\System32\javacpl.cpl
----a-w 144,792 2009-02-01 18:56:11 C:\WINDOWS\System32\javaw.exe
----a-w 148,888 2009-02-01 18:56:11 C:\WINDOWS\System32\javaws.exe
------w 27,648 2008-10-16 20:38:37 C:\WINDOWS\System32\jsproxy.dll
----a-w 1,486,192 2009-01-07 23:20:24 C:\WINDOWS\System32\LegitCheckControl.DLL
----a-w 1,044,480 2008-11-06 16:35:00 C:\WINDOWS\System32\libdivx.dll
----a-w 20,853,704 2009-01-09 23:35:30 C:\WINDOWS\System32\MRT.exe
----a-w 459,264 2008-10-16 20:38:37 C:\WINDOWS\System32\msfeeds.dll
----a-w 52,224 2008-10-16 20:38:37 C:\WINDOWS\System32\msfeedsbs.dll
----a-w 3,593,216 2008-12-13 06:40:02 C:\WINDOWS\System32\mshtml.dll
------w 477,696 2008-10-16 20:38:38 C:\WINDOWS\System32\mshtmled.dll
------w 193,024 2008-10-16 20:38:38 C:\WINDOWS\System32\msrating.dll
------w 671,232 2008-10-16 20:38:39 C:\WINDOWS\System32\mstime.dll
----a-w 1,106,944 2008-09-04 17:15:04 C:\WINDOWS\System32\msxml3.dll
----a-w 1,286,152 2008-09-30 22:43:34 C:\WINDOWS\System32\msxml4.dll
------w 1,307,648 2008-09-10 01:14:56 C:\WINDOWS\System32\msxml6.dll
----a-w 268,648 2008-10-16 20:06:48 C:\WINDOWS\System32\mucltui.dll
----a-w 27,496 2008-10-16 20:06:48 C:\WINDOWS\System32\mucltui.dll.mui
----a-w 208,744 2008-10-16 20:06:48 C:\WINDOWS\System32\muweb.dll
----a-w 337,408 2008-10-15 16:34:24 C:\WINDOWS\System32\netapi32.dll
----a-w 23,392 2009-02-01 19:01:48 C:\WINDOWS\System32\nscompat.tlb
------w 102,912 2008-10-16 20:38:39 C:\WINDOWS\System32\occache.dll
----a-w 260 2009-01-31 02:05:55 C:\WINDOWS\System32\PARTIZAN.TXT
----a-w 63,220 2009-01-30 03:37:27 C:\WINDOWS\System32\perfc009.dat
----a-w 402,736 2009-01-30 03:37:27 C:\WINDOWS\System32\perfh009.dat
----a-w 473,400 2009-01-30 03:37:27 C:\WINDOWS\System32\PerfStringBackup.INI
------w 44,544 2008-10-16 20:38:39 C:\WINDOWS\System32\pngfilt.dll
----a-w 850 2009-01-30 20:37:30 C:\WINDOWS\System32\ProductTweaks.xml
------w 551,672 2008-11-06 16:37:28 C:\WINDOWS\System32\Px.dll
------w 129,784 2008-11-06 16:37:28 C:\WINDOWS\System32\pxafs.dll
------w 66,296 2008-11-06 16:37:28 C:\WINDOWS\System32\pxcpya64.exe
------w 120,056 2008-11-06 16:37:28 C:\WINDOWS\System32\pxcpyi64.exe
------w 518,904 2008-11-06 16:37:28 C:\WINDOWS\System32\pxdrv.dll
------w 72,440 2008-11-06 16:37:30 C:\WINDOWS\System32\pxhpinst.exe
------w 64,760 2008-11-06 16:37:28 C:\WINDOWS\System32\pxinsa64.exe
------w 118,520 2008-11-06 16:37:28 C:\WINDOWS\System32\pxinsi64.exe
------w 187,128 2008-11-06 16:37:30 C:\WINDOWS\System32\PxMas.dll
------w 1,628,920 2008-11-06 16:37:28 C:\WINDOWS\System32\PxSFS.DLL
------w 379,640 2008-11-06 16:37:28 C:\WINDOWS\System32\PxWave.dll
----a-w 3,596,288 2008-11-06 16:37:32 C:\WINDOWS\System32\qt-dx331.dll
----a-w 49,480 2008-12-03 04:37:20 C:\WINDOWS\System32\sirenacm.dll
----a-w 261 2009-01-27 22:40:48 C:\WINDOWS\System32\spupdwxp.log
----a-w 200,704 2008-11-06 16:35:00 C:\WINDOWS\System32\ssldivx.dll
----a-w 247,326 2008-10-03 10:02:42 C:\WINDOWS\System32\strmdll.dll
----a-w 0 2009-01-27 23:34:54 C:\WINDOWS\System32\TVersityMediaServer.log
----a-w 259,584 2009-01-29 04:14:54 C:\WINDOWS\System32\TweakUI.exe
----a-w 192,512 2008-10-09 21:31:54 C:\WINDOWS\System32\txmlutil.dll
----a-w 211,792 2009-01-27 21:55:22 C:\WINDOWS\System32\TZLog.log
----a-w 105,984 2008-10-16 20:38:39 C:\WINDOWS\System32\url.dll
----a-w 1,160,192 2008-10-16 20:38:39 C:\WINDOWS\System32\urlmon.dll
----a-w 385 2009-01-30 20:37:29 C:\WINDOWS\System32\user_gensett.xml
----a-w 1,585,664 2008-11-06 16:37:46 C:\WINDOWS\System32\VC80CRTRedist.msi
------w 88,824 2008-11-06 16:37:28 C:\WINDOWS\System32\VXBLOCK.dll
----a-w 1,112,288 2008-09-12 20:39:18 C:\WINDOWS\System32\WdfCoInstaller01007.dll
----a-w 233,472 2008-10-16 20:38:39 C:\WINDOWS\System32\webcheck.dll
----a-w 1,846,400 2008-09-15 12:12:56 C:\WINDOWS\System32\win32k.sys
----a-w 826,368 2008-10-16 20:38:40 C:\WINDOWS\System32\wininet.dll
----a-w 1,158 2009-02-01 01:56:31 C:\WINDOWS\System32\wpa.dbl
----a-w 561,688 2008-10-16 20:12:20 C:\WINDOWS\System32\wuapi.dll
----a-w 23,576 2008-10-16 20:07:44 C:\WINDOWS\System32\wuapi.dll.mui
----a-w 51,224 2008-10-16 20:09:44 C:\WINDOWS\System32\wuauclt.exe
----a-w 213,528 2008-10-16 20:12:20 C:\WINDOWS\System32\wuaucpl.cpl
----a-w 23,576 2008-10-16 20:07:46 C:\WINDOWS\System32\wuaucpl.cpl.mui
----a-w 1,809,944 2008-10-16 20:13:40 C:\WINDOWS\System32\wuaueng.dll
----a-w 18,456 2008-10-16 20:07:14 C:\WINDOWS\System32\wuaueng.dll.mui
----a-w 323,608 2008-10-16 20:12:22 C:\WINDOWS\System32\wucltui.dll
----a-w 31,768 2008-10-16 20:09:40 C:\WINDOWS\System32\wucltui.dll.mui
----a-w 34,328 2008-10-16 20:08:58 C:\WINDOWS\System32\wups.dll
----a-w 43,544 2008-10-16 20:09:44 C:\WINDOWS\System32\wups2.dll
----a-w 202,776 2008-10-16 20:13:40 C:\WINDOWS\System32\wuweb.dll
----a-w 60,032 2008-11-10 18:23:38 C:\WINDOWS\System32\ZuneBusEnum.exe
----a-w 243,840 2008-11-10 18:23:42 C:\WINDOWS\System32\ZuneWlanCfgSvc.exe

Entries: 119 (119)
Directories: 0 Files: 119
Bytes: 74,400,234 Blocks: 145,350
======C:\WINDOWS\system32\drivers=====
--sha-r 1,877 2009-01-27 08:48:40 C:\WINDOWS\System32\drivers\103C_HP_CPC_ER950AA-ABA a1314n_YC_0Pavi_QMXF602_E61NAemMPC2_48_IAmberine M_SASUSTek Computer INC._V1.03_B3.13_T051115_WXP2_L409_M2047_J250_7AMD_8Athlon 64 X2 Dual Core_91.99_#060309_N10EC8139_Z11C10620_G.MRK
----a-w 26,944 2008-11-26 17:15:35 C:\WINDOWS\System32\drivers\aavmker4.sys
----a-w 20,560 2008-11-26 17:17:25 C:\WINDOWS\System32\drivers\aswFsBlk.sys
----a-w 93,296 2008-11-26 17:18:25 C:\WINDOWS\System32\drivers\aswmon.sys
----a-w 94,032 2008-11-26 17:18:18 C:\WINDOWS\System32\drivers\aswmon2.sys
----a-w 23,152 2008-11-26 17:16:29 C:\WINDOWS\System32\drivers\aswRdr.sys
----a-w 111,184 2008-11-26 17:17:36 C:\WINDOWS\System32\drivers\aswSP.sys
----a-w 50,864 2008-11-26 17:16:38 C:\WINDOWS\System32\drivers\aswTdi.sys
----a-w 111,112 2008-09-18 17:09:12 C:\WINDOWS\System32\drivers\bdfm.sys
----a-w 104,328 2009-01-31 00:06:18 C:\WINDOWS\System32\drivers\bdfndisf.sys
----a-w 242,184 2009-01-31 00:06:19 C:\WINDOWS\System32\drivers\bdfsfltr.sys
----a-w 82,696 2009-01-31 00:06:18 C:\WINDOWS\System32\drivers\BDVEDISK.sys
------w 9,336 2008-11-06 16:37:28 C:\WINDOWS\System32\drivers\cdr4_xp.sys
------w 9,464 2008-11-06 16:37:30 C:\WINDOWS\System32\drivers\cdralw2k.sys
----a-w 15,504 2009-01-14 22:11:28 C:\WINDOWS\System32\drivers\mbam.sys
----a-w 38,496 2009-01-14 22:11:32 C:\WINDOWS\System32\drivers\mbamswissarmy.sys
----a-w 455,296 2008-10-24 11:21:09 C:\WINDOWS\System32\drivers\mrxsmb.sys
---ha-w 0 2009-01-28 20:56:01 C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
---ha-w 0 2009-01-28 20:56:04 C:\WINDOWS\System32\drivers\Msft_Kernel_zumbus_01007.Wdf
------w 43,528 2008-11-06 16:37:28 C:\WINDOWS\System32\drivers\pxhelp20.sys
----a-w 716,272 2009-01-28 00:11:47 C:\WINDOWS\System32\drivers\sptd.sys
----a-w 333,952 2008-12-11 10:57:09 C:\WINDOWS\System32\drivers\srv.sys
----a-w 40,832 2008-11-10 18:09:32 C:\WINDOWS\System32\drivers\zumbus.sys

Entries: 23 (20)
Directories: 0 Files: 23
Bytes: 2,624,909 Blocks: 5,140
======C:\WINDOWS\Tasks======
----a-w 460 2009-02-01 04:38:50 C:\WINDOWS\Tasks\RegCure Program Check.job
----a-w 394 2009-01-30 22:58:47 C:\WINDOWS\Tasks\RegCure.job
---ha-w 6 2009-02-01 04:38:48 C:\WINDOWS\Tasks\SA.DAT

Entries: 3 (2)
Directories: 0 Files: 3
Bytes: 860 Blocks: 3
=======C:\Program Files=====
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
=======C:=====
--sha-r 208 2009-01-31 02:05:04 C:\boot.ini
---ha-w 462 2009-01-27 21:46:35 C:\IPH.PH
--sha-r 250,048 2009-01-27 22:28:04 C:\ntldr
--sha-w 2,145,386,496 2009-02-01 04:38:38 C:\pagefile.sys

Entries: 4 (0)
Directories: 0 Files: 4
Bytes: 2,145,637,214 Blocks: 4,190,699
======C:\Documents and Settings\HP_Administrator\Application Data======
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
======C:\Documents and Settings\HP_Administrator======
---ha-w 2,621,440 2009-02-01 04:37:12 C:\Documents and Settings\HP_Administrator\NTUSER.DAT
---ha-w 86,016 2009-02-01 22:19:29 C:\Documents and Settings\HP_Administrator\ntuser.dat.LOG
--sh--w 178 2009-02-01 04:37:12 C:\Documents and Settings\HP_Administrator\ntuser.ini

Entries: 3 (0)
Directories: 0 Files: 3
Bytes: 2,707,634 Blocks: 5,289
======C:\WINDOWS\Downloaded Program Files====
---h--w 65 2009-02-01 19:01:56 C:\WINDOWS\Downloaded Program Files\desktop.ini
----a-w 1,887,080 2008-10-05 02:16:46 C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
----a-w 3,094 2009-01-27 21:46:16 C:\WINDOWS\Downloaded Program Files\install.log
----a-w 1,065 2008-11-26 02:06:56 C:\WINDOWS\Downloaded Program Files\jinstall-6u11.inf
----a-w 367 2009-01-07 23:10:06 C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
----a-w 247 2008-10-05 02:08:34 C:\WINDOWS\Downloaded Program Files\swflash.inf
----a-w 38,428 2009-01-27 21:46:16 C:\WINDOWS\Downloaded Program Files\unagiuninst.exe

Entries: 7 (6)
Directories: 0 Files: 7
Bytes: 1,930,346 Blocks: 3,775
=============

#10 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 02 February 2009 - 10:12 AM

Hi,

Go to www.virustotal.com
Copy/paste (do NOT use "browse") this into the "File"-field: C:\WINDOWS\winstart.bat
Click the "Upload file" button, and wait untill the results appear. Copy the results into your next reply.

Do this also for these files:
C:\WINDOWS\System32\aswBoot.exe
C:\WINDOWS\System32\ieudinit.exe


#11 KickAzzDude

KickAzzDude
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 02 February 2009 - 12:45 PM

None of those files were infected.

File WIN51AP.SP2 received on 02.02.2009 18:40:28 (CET)
Current status: finished

Result: 0/39 (0.00%)

File aswBoot.exe received on 02.02.2009 18:41:39 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/39 (0%)

File ieudinit.exe_ received on 02.02.2009 18:42:59 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/39 (0%)

#12 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 02 February 2009 - 01:23 PM

Hi,

Which problems do you still have precisely? :thumbsup:

#13 KickAzzDude

KickAzzDude
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 02 February 2009 - 09:52 PM

Both, I still cannot get safe mode to work and the avira antivirus folder wont come off of my comp. All the files inside are write protected which is why I want safe mode to work.

#14 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 03 February 2009 - 01:37 AM

Hi,

I don't think about an infection, so I will recommend you to ask this in this section of the forums: http://www.bleepingcomputer.com/forums/f/56/windows-xp-home-and-professional/
I think they can help you better out there. :thumbsup:

You can give a link there to this topic.

Good luck!

#15 KickAzzDude

KickAzzDude
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 03 February 2009 - 05:43 PM

Ok, thank you. I will try the other section of the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users