Can not delete files and folder from the computer

Discussion in 'Computer Memory and Hard Drives' started by oekoeloe, Aug 12, 2013.

  1. oekoeloe

    oekoeloe New Member

    Messages:
    111
    Hello,

    I want to reinstall Google Chrome because it got corrupted. The thing is, it doesn't remember last session tabs.
    And ofcourse, after uninstalling, I can't delete 2 files and 1 folder.
    "C:\Users\Name\Appdata\Local\Google\Chrome\User Data\Default\"

    \Old_Cache_000\
    Last Session
    Last Tabs

    Here is what I tried to delete them:
    1. Regular deleting. "Try again?" Error: 0x80070570
    2. Delete in command prompt. Says: "Directory is not empty" or "Access Denied" even running as Admin.
    3. Using a program called Unlocker. Doesn't work.
    4. Safe mode: same as 1.
    5. CCleaner: Including it to be cleaned did nothing to it.

    What can I do now?

    Thank you!
     
  2. johnb35

    johnb35 Malware and Spam Assassin Staff Member

    Messages:
    32,928
  3. oekoeloe

    oekoeloe New Member

    Messages:
    111
  4. jamesd1981

    jamesd1981 Active Member

    Messages:
    2,587
  5. oekoeloe

    oekoeloe New Member

    Messages:
    111
  6. johnb35

    johnb35 Malware and Spam Assassin Staff Member

    Messages:
    32,928
    Give me the exact folder locations and filenames and I can give you a combofix script to delete them.
     
  7. oekoeloe

    oekoeloe New Member

    Messages:
    111
    "C:\Users\Michael\Appdata\Local\Google\Chrome\User Data\Default\old\Last Session"
    "C:\Users\Michael\Appdata\Local\Google\Chrome\User Data\Default\Last Tabs"
    "C:\Users\Michael\Appdata\Local\Google\Chrome\User Data\Default\old\"
    (I did manage to rename this folder but not delete)
     
  8. johnb35

    johnb35 Malware and Spam Assassin Staff Member

    Messages:
    32,928
    At work right now but will give you a script to run this afternoon when I get home.
     
  9. johnb35

    johnb35 Malware and Spam Assassin Staff Member

    Messages:
    32,928
    Please download combofix from here and save it to your desktop.

    http://www.bleepingcomputer.com/download/combofix/dl/12/


    1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
    It must be Notepad, not Wordpad.
    2. Copy the text in the below code box

    Code:
    Folder::
    
    C:\Users\Michael\Appdata\Local\Google\Chrome\User Data\Default\old\Last Session
    C:\Users\Michael\Appdata\Local\Google\Chrome\User Data\Default\Last Tabs
    C:\Users\Michael\Appdata\Local\Google\Chrome\User Data\Default\old
    
    3. Go to the Notepad window and click Edit > Paste
    4. Then click File > Save
    5. Name the file CFScript.txt - Save the file to your Desktop
    6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


    [​IMG]

    ComboFix will begin to execute, just follow the prompts.
    After reboot (in case it asks to reboot), it will produce a log for you.
    Post that log (Combofix.txt) in your next reply.


    Or you can replace that script with this one if you just want to delete the whole chrome folder.

    Code:
    Folder::
    
    C:\Users\Michael\Appdata\Local\Google\Chrome
    
     
  10. oekoeloe

    oekoeloe New Member

    Messages:
    111
    Thanks for the fix. I'm running it now and it got stuck at:
    "Log is being prepared.
    Don't start a new program untill ComboFix is done..."

    The desktop is gone and only the background is there and the cmd ComboFix is running in. It's been like this for 15 minutes now.

    Plus, I can't use the mouse anymore. Should I just unpower and reboot?

    EDIT:
    I rebooted and it didn't delete the folder and 2 files.

    EDIT2:

    I ran it again and it finished and I have a log. But, the files and folder are still there and unchanged.
     
    Last edited: Aug 16, 2013
  11. johnb35

    johnb35 Malware and Spam Assassin Staff Member

    Messages:
    32,928
    Can you post the log? You may not have done the script right.
     
  12. oekoeloe

    oekoeloe New Member

    Messages:
    111
    I did exactly as you told. Make the script with those lines. Then, drag it onto ComboFix.exe

    ComboFix 13-08-15.03 - Michael 16-08-2013 14:16:46.2.2 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.31.1043.18.1975.958 [GMT 2:00]
    Gestart vanuit: c:\users\Michael\Desktop\ComboFix.exe
    gebruikte Opdracht switches :: c:\users\Michael\Desktop\CFScript.txt
    AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
    SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Voorgaande Run -------
    .
    c:\windows\system32\frapsvid.dll
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2013-07-16 to 2013-08-16 ))))))))))))))))))))))))))))))
    .
    .
    2013-08-16 12:27 . 2013-08-16 12:27 -------- d-----w- c:\users\Michael\AppData\Local\temp
    2013-08-16 12:27 . 2013-08-16 12:27 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-08-14 10:13 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll
    2013-08-14 10:13 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
    2013-08-14 10:13 . 2013-07-05 04:53 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-08-14 10:13 . 2013-07-08 04:20 172544 ----a-w- c:\windows\system32\wintrust.dll
    2013-08-14 10:13 . 2013-07-08 04:16 98304 ----a-w- c:\windows\system32\cryptnet.dll
    2013-08-14 10:13 . 2013-07-08 04:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll
    2013-08-14 10:13 . 2013-07-08 04:16 992768 ----a-w- c:\windows\system32\crypt32.dll
    2013-08-14 10:13 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll
    2013-08-14 10:13 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll
    2013-08-14 10:13 . 2013-07-08 04:55 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-08-14 10:13 . 2013-07-08 04:55 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-08-14 10:13 . 2013-07-09 12:10 1205168 ----a-w- c:\windows\system32\ntdll.dll
    2013-08-12 14:14 . 2013-08-12 14:14 3888 ----a-w- c:\windows\system32\drivers\NTHANDLE.SYS
    2013-08-12 13:23 . 2013-08-12 13:28 -------- d-----w- c:\users\Michael\AppData\Local\SoftThinks
    2013-08-12 13:21 . 2013-08-12 13:21 -------- d-----w- c:\users\Michael\AppData\Roaming\SampleView
    2013-08-12 13:17 . 2007-03-19 13:03 241664 ----a-w- c:\windows\system32\HPEvents.dll
    2013-08-12 13:17 . 2005-10-10 09:03 266240 ----a-w- c:\windows\system32\ShellvRTF64.dll
    2013-08-12 13:17 . 2003-03-19 02:03 544768 ----a-w- c:\windows\system32\msvcr71d.dll
    2013-08-12 13:17 . 2002-09-20 18:42 122880 ----a-w- c:\windows\system32\ShellvRTF.dll
    2013-08-12 12:43 . 2013-08-12 12:53 -------- d-----w- c:\program files\Belarc
    2013-08-12 12:38 . 2013-08-12 12:54 -------- d-----w- c:\program files\VirtualCloneDrive
    2013-08-12 12:35 . 2013-08-12 12:54 -------- d-----w- c:\program files\MagicISO
    2013-08-12 10:18 . 2013-08-12 14:51 -------- d-----w- c:\program files\Google
    2013-08-08 17:59 . 2013-08-14 10:29 -------- d-----w- c:\windows\system32\MRT
    2013-08-08 14:05 . 2013-08-08 14:06 -------- d-----w- c:\program files\Core Temp
    2013-08-08 14:02 . 2013-08-08 14:02 -------- d-----w- c:\programdata\APN
    2013-08-05 17:56 . 2013-04-17 10:10 1069056 ----a-w- c:\windows\system32\DWrite.dll
    2013-08-05 17:56 . 2013-04-17 10:10 798208 ----a-w- c:\windows\system32\FntCache.dll
    2013-08-05 17:56 . 2013-04-17 11:28 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2013-08-05 17:56 . 2013-04-17 11:28 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2013-08-05 17:56 . 2013-04-17 10:33 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2013-08-05 17:56 . 2013-04-17 11:28 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2013-08-05 17:56 . 2013-04-17 11:28 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2013-08-05 17:56 . 2013-04-17 10:34 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2013-08-05 17:56 . 2013-04-17 10:14 683008 ----a-w- c:\windows\system32\d2d1.dll
    2013-08-05 17:56 . 2013-05-08 04:04 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2013-08-05 17:56 . 2013-06-01 04:06 505344 ----a-w- c:\windows\system32\qedit.dll
    2013-08-05 17:55 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll
    2013-08-05 17:55 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe
    2013-08-05 17:55 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll
    2013-08-05 17:55 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll
    2013-08-05 17:55 . 2013-06-04 01:50 2049024 ----a-w- c:\windows\system32\win32k.sys
    2013-08-05 17:51 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll
    2013-08-05 17:51 . 2013-04-09 03:51 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-08-16 12:06 . 2008-04-17 16:25 17408 ----a-w- c:\windows\system32\rpcnetp.exe
    2013-08-16 12:06 . 2011-01-02 15:56 58288 ----a-w- c:\windows\system32\rpcnet.dll
    2013-08-15 08:31 . 2008-04-17 16:29 17408 ----a-w- c:\windows\system32\rpcnetp.dll
    2013-06-22 10:10 . 2012-04-11 10:36 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-06-22 10:10 . 2011-05-16 08:11 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-12 08:28 . 2012-07-12 08:28 2174976 ----a-w- c:\program files\Common Files\atimpenc.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-24 175128]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-24 141848]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-24 153624]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-12-27 2054360]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:\0autocheck autochk *
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-11-15 20:02 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-11-15 20:02 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
    2011-03-15 16:42 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
    2011-01-12 06:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
    2008-04-15 20:42 70912 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
    2008-04-18 13:53 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
    2009-11-11 14:11 287800 ----a-r- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
    2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    .
    S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
    .
    .
    --- Andere Services/Drivers In Geheugen ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-08-12 14:51 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2013-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-08-12 14:50]
    .
    2013-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-08-12 14:50]
    .
    .
    ------- Bijkomende Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=83&bd=all&pf=cmnb
    uInternet Settings,ProxyServer = 10.10.10.50:8080
    IE: Append Link Target to Existing PDF
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-08-16 14:27
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scannen van verborgen processen ...
    .
    scannen van verborgen autostart items ...
    .
    scannen van verborgen bestanden ...
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3535993027-2643320515-1217649130-1004\Software\SecuROM\License information*]
    "datasecu"=hex:0d,2a,1b,32,14,9d,a6,69,e8,67,98,81,86,32,a6,c3,0a,c1,40,64,e5,
    86,91,de,a0,00,f4,16,27,39,b0,8a,dd,dc,92,d4,3d,03,14,af,22,03,49,94,81,4d,\
    "rkeysecu"=hex:c4,75,a9,69,82,d8,e7,b3,d4,93,e0,8a,47,90,24,50
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
    @Denied: (2) (LocalSystem)
    "AppDataDir"="c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\"
    "DataDir"="ESET\\ESET NOD32 Antivirus\\"
    "EditionName"=" "
    "InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
    "LanguageId"=dword:00000409
    "PackageTag"=dword:00000000
    "ProductBase"=dword:00000000
    "ProductCode"="{85C70286-A56F-4834-BD24-B34EB76A93A2}"
    "ProductName"="ESET NOD32 Antivirus"
    "ProductType"="eav"
    "ProductVersion"="4.0.468.0"
    "UniqueId"="0004C8AB4EF9D729"
    "ScannerBuild"=dword:00001dd3
    "ScannerVersionId"=dword:000015fe
    "ScannerVersion"="ready"
    "FixId"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Voltooingstijd: 2013-08-16 14:32:07
    ComboFix-quarantined-files.txt 2013-08-16 12:32
    .
    Pre-Run: 54.668.910.592 bytes beschikbaar
    Post-Run: 54.589.497.344 bytes beschikbaar
    .
    - - End Of File - - 360D36AD900A0553B8010029183858D7
    82967FD6D91A60516A81EEE17D859620
     
  13. johnb35

    johnb35 Malware and Spam Assassin Staff Member

    Messages:
    32,928
    Lets try it again, and we need to add some lines to it.

    1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
    It must be Notepad, not Wordpad.
    2. Copy the text in the below code box

    Code:
    Killall::
    
    Folder::
    
    C:\Users\Michael\Appdata\Local\Google\Chrome\User Data\Default\old
    C:\Users\Michael\Appdata\Local\Google\Chrome\User Data\Default\Last Tabs
    
    
    
    Reglock::
    
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    
    3. Go to the Notepad window and click Edit > Paste
    4. Then click File > Save
    5. Name the file CFScript.txt - Save the file to your Desktop
    6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


    [​IMG]

    ComboFix will begin to execute, just follow the prompts.
    After reboot (in case it asks to reboot), it will produce a log for you.
    Post that log (Combofix.txt) in your next reply.
     
  14. oekoeloe

    oekoeloe New Member

    Messages:
    111
    The files and folder are still there




    ComboFix 13-08-16.03 - Michael 17-08-2013 11:38:14.3.2 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.31.1043.18.1975.1213 [GMT 2:00]
    Gestart vanuit: c:\users\Michael\Desktop\ComboFix.exe
    gebruikte Opdracht switches :: c:\users\Michael\Desktop\CFScript.txt
    AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
    SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Michael\Appdata\Local\Google\Chrome\User Data\Default\old . . . . konden niet verwijderd worden
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2013-07-17 to 2013-08-17 ))))))))))))))))))))))))))))))
    .
    .
    2013-08-17 09:48 . 2013-08-17 09:48 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-08-14 10:13 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll
    2013-08-14 10:13 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
    2013-08-14 10:13 . 2013-07-05 04:53 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-08-14 10:13 . 2013-07-08 04:20 172544 ----a-w- c:\windows\system32\wintrust.dll
    2013-08-14 10:13 . 2013-07-08 04:16 98304 ----a-w- c:\windows\system32\cryptnet.dll
    2013-08-14 10:13 . 2013-07-08 04:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll
    2013-08-14 10:13 . 2013-07-08 04:16 992768 ----a-w- c:\windows\system32\crypt32.dll
    2013-08-14 10:13 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll
    2013-08-14 10:13 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll
    2013-08-14 10:13 . 2013-07-08 04:55 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-08-14 10:13 . 2013-07-08 04:55 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-08-14 10:13 . 2013-07-09 12:10 1205168 ----a-w- c:\windows\system32\ntdll.dll
    2013-08-12 14:14 . 2013-08-12 14:14 3888 ----a-w- c:\windows\system32\drivers\NTHANDLE.SYS
    2013-08-12 13:23 . 2013-08-12 13:28 -------- d-----w- c:\users\Michael\AppData\Local\SoftThinks
    2013-08-12 13:21 . 2013-08-12 13:21 -------- d-----w- c:\users\Michael\AppData\Roaming\SampleView
    2013-08-12 13:17 . 2007-03-19 13:03 241664 ----a-w- c:\windows\system32\HPEvents.dll
    2013-08-12 13:17 . 2005-10-10 09:03 266240 ----a-w- c:\windows\system32\ShellvRTF64.dll
    2013-08-12 13:17 . 2003-03-19 02:03 544768 ----a-w- c:\windows\system32\msvcr71d.dll
    2013-08-12 13:17 . 2002-09-20 18:42 122880 ----a-w- c:\windows\system32\ShellvRTF.dll
    2013-08-12 12:43 . 2013-08-12 12:53 -------- d-----w- c:\program files\Belarc
    2013-08-12 12:38 . 2013-08-12 12:54 -------- d-----w- c:\program files\VirtualCloneDrive
    2013-08-12 12:35 . 2013-08-12 12:54 -------- d-----w- c:\program files\MagicISO
    2013-08-12 10:18 . 2013-08-12 14:51 -------- d-----w- c:\program files\Google
    2013-08-08 17:59 . 2013-08-14 10:29 -------- d-----w- c:\windows\system32\MRT
    2013-08-08 14:05 . 2013-08-08 14:06 -------- d-----w- c:\program files\Core Temp
    2013-08-08 14:02 . 2013-08-08 14:02 -------- d-----w- c:\programdata\APN
    2013-08-05 17:56 . 2013-04-17 10:10 1069056 ----a-w- c:\windows\system32\DWrite.dll
    2013-08-05 17:56 . 2013-04-17 10:10 798208 ----a-w- c:\windows\system32\FntCache.dll
    2013-08-05 17:56 . 2013-04-17 11:28 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2013-08-05 17:56 . 2013-04-17 11:28 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2013-08-05 17:56 . 2013-04-17 10:33 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2013-08-05 17:56 . 2013-04-17 11:28 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2013-08-05 17:56 . 2013-04-17 11:28 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2013-08-05 17:56 . 2013-04-17 10:34 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2013-08-05 17:56 . 2013-04-17 10:14 683008 ----a-w- c:\windows\system32\d2d1.dll
    2013-08-05 17:56 . 2013-05-08 04:04 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2013-08-05 17:56 . 2013-06-01 04:06 505344 ----a-w- c:\windows\system32\qedit.dll
    2013-08-05 17:55 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll
    2013-08-05 17:55 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe
    2013-08-05 17:55 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll
    2013-08-05 17:55 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll
    2013-08-05 17:55 . 2013-06-04 01:50 2049024 ----a-w- c:\windows\system32\win32k.sys
    2013-08-05 17:51 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll
    2013-08-05 17:51 . 2013-04-09 03:51 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-08-17 09:50 . 2008-04-17 16:25 17408 ----a-w- c:\windows\system32\rpcnetp.exe
    2013-08-17 09:50 . 2011-01-02 15:56 58288 ----a-w- c:\windows\system32\rpcnet.dll
    2013-08-15 08:31 . 2008-04-17 16:29 17408 ----a-w- c:\windows\system32\rpcnetp.dll
    2013-06-22 10:10 . 2012-04-11 10:36 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-06-22 10:10 . 2011-05-16 08:11 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-12 08:28 . 2012-07-12 08:28 2174976 ----a-w- c:\program files\Common Files\atimpenc.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-24 175128]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-24 141848]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-24 153624]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-12-27 2054360]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:\0autocheck autochk *
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-11-15 20:02 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-11-15 20:02 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
    2011-03-15 16:42 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
    2011-01-12 06:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
    2008-04-15 20:42 70912 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
    2008-04-18 13:53 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
    2009-11-11 14:11 287800 ----a-r- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
    2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    .
    S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-08-12 14:51 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2013-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-08-12 14:50]
    .
    2013-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-08-12 14:50]
    .
    .
    ------- Bijkomende Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_nl&c=83&bd=all&pf=cmnb
    uInternet Settings,ProxyServer = 10.10.10.50:8080
    IE: Append Link Target to Existing PDF
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-08-17 11:52
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scannen van verborgen processen ...
    .
    scannen van verborgen autostart items ...
    .
    scannen van verborgen bestanden ...
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3535993027-2643320515-1217649130-1004\Software\SecuROM\License information*]
    "datasecu"=hex:0d,2a,1b,32,14,9d,a6,69,e8,67,98,81,86,32,a6,c3,0a,c1,40,64,e5,
    86,91,de,a0,00,f4,16,27,39,b0,8a,dd,dc,92,d4,3d,03,14,af,22,03,49,94,81,4d,\
    "rkeysecu"=hex:c4,75,a9,69,82,d8,e7,b3,d4,93,e0,8a,47,90,24,50
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
    @Denied: (2) (LocalSystem)
    "AppDataDir"="c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\"
    "DataDir"="ESET\\ESET NOD32 Antivirus\\"
    "EditionName"=" "
    "InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
    "LanguageId"=dword:00000409
    "PackageTag"=dword:00000000
    "ProductBase"=dword:00000000
    "ProductCode"="{85C70286-A56F-4834-BD24-B34EB76A93A2}"
    "ProductName"="ESET NOD32 Antivirus"
    "ProductType"="eav"
    "ProductVersion"="4.0.468.0"
    "UniqueId"="0004C8AB4EF9D729"
    "ScannerBuild"=dword:00001dd3
    "ScannerVersionId"=dword:000015fe
    "ScannerVersion"="ready"
    "FixId"=dword:00000000
    .
    ------------------------ Andere Aktieve Processen ------------------------
    .
    c:\windows\system32\Hpservice.exe
    c:\windows\system32\AEADISRV.EXE
    c:\program files\LSI SoftModem\agrsmsvc.exe
    c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
    c:\program files\ActivIdentity\ActivClient\acevents.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\windows\system32\rpcnet.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\servicing\TrustedInstaller.exe
    c:\windows\system32\conime.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\ActivIdentity\ActivClient\acevents.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2013-08-17 11:57:33 - machine werd herstart
    ComboFix-quarantined-files.txt 2013-08-17 09:57
    ComboFix2.txt 2013-08-16 12:32
    .
    Pre-Run: 44.629.471.232 bytes beschikbaar
    Post-Run: 44.593.532.928 bytes beschikbaar
    .
    - - End Of File - - D17AA1F5F8C3C4EEB4BAE59449659BD8
    82967FD6D91A60516A81EEE17D859620
     
  15. johnb35

    johnb35 Malware and Spam Assassin Staff Member

    Messages:
    32,928
    Ok, then I can't explain why it won't delete. May have to boot to a linux live cd and delete the files from there.
     
  16. oekoeloe

    oekoeloe New Member

    Messages:
    111
    Thanks for the help!
    It got like that after getting the overheating shutdowns.
    How do I get on linux, is there a (simple) tutorial on how to get it?
     
  17. johnb35

    johnb35 Malware and Spam Assassin Staff Member

    Messages:
    32,928
  18. S.T.A.R.S.

    S.T.A.R.S. banned

    Messages:
    3,040
    There are 2 easy ways for this:

    WAY 1:

    Open CMD and type:

    chkdsk.exe C: /F /R /X /V

    If asked to reboot,confirm and reboot.
    Wait for the process to finish.
    Once it is finished,locate those folders and delete them.If it doesn't work in NORMAL MODE then try to delete them from SAFE MODE.
    This will fix errors on the drive.Errors on the drive can cause for data being unable to be deleted.Sometimes these errors on the drive can even cause weird things such as showing the that folders and files ARE there when they are actually NOT.It only graphically shows them,but they are not really on the disk anymore.


    WAY 2:

    First be sure that you have tryed WAY 1.If it did not work then do this.
    Download LINUX UBUNTU iso image and burn it to the CD using programs designed to burn ISO images on blank CD disks such as PowerISO or ImgBurn.
    Boot from that CD and load UBUNTU.DO NOT INSTALL IT.JUST LOAD IT FROM THE CD DIRECTLY.Usually you need to first choose the language.So choose ENGLISH and after that choose the option to load Ubuntu from the CD disk directly.Usually the option is called TRY UBUNTU WITHOUT ANY CHANGE TO YOUR COMPUTER.
    Once the Ubuntu has been loaded,you will see the desktop.Now go to PLACES (upper left) and then go to COMPUTER.After that click the VIEW (upper left) button and after that click SHOW HIDDEN FILES AND FOLDERS.
    After that go into your drive and after that locate those folders and files and delete them.Once you did that,close the window,open the TRASH (bottom right) and make sure that those files and folders are NOT moved to TRASH (usually when Ubuntu is loaded directly from the CD,the deleted data is deleted immediately and permanently.But you check that just in case and IF THERE IS something in TRASH,delete it ALSO)!





    Cheers!
     
  19. oekoeloe

    oekoeloe New Member

    Messages:
    111
    Got chkdsk.exe C: /F /R /X /V to work. After rebooting I was I able to delete the 2 files and folder. Thanks for everyone helping me out!
     
    Last edited: Aug 23, 2013
  20. S.T.A.R.S.

    S.T.A.R.S. banned

    Messages:
    3,040
    Awesome!:D
     

Share This Page