Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

""WindowsSafemode" Malware Virus - removal

  • Please log in to reply




  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hi Ron,

Apologies for the late reply I have been out of the country recently.

I have attached a .jpg which hopefully makes the problem a little clearer. Before the problem I had a folder called "Company" when I look in My Documents it is completely empty, however when I try and save a folder with the name Company I get the attached message as if the folder already exists. I currently have settings to display all hidden folders so it is as if there is something a little more mischievious going on here.

I also have the same problems with My Programs, no Programs are showing up in the folder too, but I am able to access all the Microsoft office applications like .xls etc When I go to the Start button and look up My Programs I only see as per attached.

Thanks ever so much,

Attached Thumbnails

  • Slide1.JPG
  • Slide1.JPG

  • 0




    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
Copy the text in the code box

Windows Registry Editor Version 5.00



Open notepad (Start, Run, notepad, OK) and edit, paste or Ctrl + v to paste the text into the box. File, Save As, (to your desktop) "fix.reg" OK
(Make sure you put the quotes around fix.reg or it will save it as fix.reg.txt which won't work.) Close notepad.

Double-click on fix.reg and allow it to merge into the registry.

Now open Explorer and look in My Documents. Do you see a Company file or folder there now? Is there a blank line at the top of the list in the right pane? Right click on the blank line and see if you can get a property window to come up. If that works then Customize then Change Icon and select the picture that looks like a Folder and Apply.

If not: Start, Run, cmd, OK

cd  \
(prompt should change to show you are in C:\ )

attrib  -r  -s  -h  /s  *.*
(may take a while to run)


See if you can see them now. You may find the following freeware useful:


Download, Save and Run ac.exe. Allow it to install. Now open Explorer and go to you My Documents folder and right click and select Change Attributes. Make sure the Hidden and System boxes are unchecked then check Recurse Folders and Apply.

  • 0




  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hi Ron,

Thanks for this, I am now able to see the folders so much appreciated.

After running the first section I was unable to see the folder name or the blank line as described. I then tried the cmd section and this ran within a few seconds. Downloaded the software and then right clicked on My Documents but didn't have the option to change attributes.

On doing all of the above I was able to see the hidden folders which I have now changed away from being hidden. I also have a lot more icons now under Programs however oddly I don't have MS Office and the likes of .xls .ppt etc, however I do have MS Movieplayer, I also don't have the Accessories potion where you have paint, calculator etc?

Not sure whether there is anything further that can be done to retrieve?

Thanks ever so much,
  • 0



    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
I think there are still some folders hidden.
cd  \
(prompt should change to show you are in C:\)

attrib  -r  -s  -h  /s  *

This should unhide the folders.
  • 0




  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hi Ron,

Thanks for this I have run the script and have attached a copy of the output for your reference, unfortunately MS Office programs and MS Accessories are stil not showing up under My Programs.

I have a similar issue within MS Explorer in that my favourite folders are no longer visible howwever if I got to add a new folder to my favourites all my old/existing folders that are no longer visible are there to be seen however I can't right click on them and unhidden them if that is the problem, do you know to unhide favourite folders as possibly the same problem as the My Documents issue that you fixed?

All the very best,

Please see below full result of running the script provided:
Microsoft Windows XP [Version 5.1.2600]
© Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\scroft>cd \

C:\>attrib -r -s -h /s *
Access denied - C:\1a2ebf2986d8830d04891c\amd64\filterpipelineprintproc.dll
Access denied - C:\1a2ebf2986d8830d04891c\amd64\msxpsdrv.cat
Access denied - C:\1a2ebf2986d8830d04891c\amd64\msxpsdrv.inf
Access denied - C:\1a2ebf2986d8830d04891c\amd64\msxpsinc.gpd
Access denied - C:\1a2ebf2986d8830d04891c\amd64\msxpsinc.ppd
Access denied - C:\1a2ebf2986d8830d04891c\amd64\mxdwdrv.dll
Access denied - C:\1a2ebf2986d8830d04891c\amd64\xpssvcs.dll
Access denied - C:\1a2ebf2986d8830d04891c\i386\filterpipelineprintproc.dll
Access denied - C:\1a2ebf2986d8830d04891c\i386\msxpsdrv.cat
Access denied - C:\1a2ebf2986d8830d04891c\i386\msxpsdrv.inf
Access denied - C:\1a2ebf2986d8830d04891c\i386\msxpsinc.gpd
Access denied - C:\1a2ebf2986d8830d04891c\i386\msxpsinc.ppd
Access denied - C:\1a2ebf2986d8830d04891c\i386\mxdwdrv.dll
Access denied - C:\1a2ebf2986d8830d04891c\i386\xpssvcs.dll
Access denied - C:\Documents and Settings\All Users\Application Data\Microsoft\C
Access denied - C:\Documents and Settings\All Users\Application Data\Microsoft\D
r Watson\user.dmp
Access denied - C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-H
Access denied - C:\Program Files\Adobe\Reader 9.0\Resource\CMap\Identity-V
Access denied - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper
Access denied - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper
Access denied - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll
Access denied - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll

Access denied - C:\WINDOWS\Prefetch\ACMAIN.EXE-0A452B4F.pf
Access denied - C:\WINDOWS\Prefetch\ACRORD32.EXE-3A1F13AE.pf
Access denied - C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-242CE4AA.pf
Access denied - C:\WINDOWS\Prefetch\AC[1].EXE-269B1BB2.pf
Access denied - C:\WINDOWS\Prefetch\AC[1].TMP-101435D3.pf
Access denied - C:\WINDOWS\Prefetch\AC[1].TMP-3438B049.pf
Access denied - C:\WINDOWS\Prefetch\ADOBEARM.EXE-2D1B11BF.pf
Access denied - C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf
Access denied - C:\WINDOWS\Prefetch\ATTRIB.EXE-39EAFB02.pf
Access denied - C:\WINDOWS\Prefetch\AVAST.SETUP-10F48C5B.pf
Access denied - C:\WINDOWS\Prefetch\BELKINWCUI.EXE-101D877B.pf
Access denied - C:\WINDOWS\Prefetch\BILLY.EXE-35E026FE.pf
Access denied - C:\WINDOWS\Prefetch\CDFSVC.EXE-1017C895.pf
Access denied - C:\WINDOWS\Prefetch\CHROME_INSTALLER.EXE-1EEE1DD4.pf
Access denied - C:\WINDOWS\Prefetch\CHROME_UPDATER.EXE-32B399C5.pf
Access denied - C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf
Access denied - C:\WINDOWS\Prefetch\CPQSET.EXE-1E95EBCC.pf
Access denied - C:\WINDOWS\Prefetch\CS4SERVICEMANAGER.EXE-31401053.pf
Access denied - C:\WINDOWS\Prefetch\CSC.EXE-01730C27.pf
Access denied - C:\WINDOWS\Prefetch\CSRSS.EXE-12B63473.pf
Access denied - C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf
Access denied - C:\WINDOWS\Prefetch\CVTRES.EXE-2329DCD5.pf
Access denied - C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf
Access denied - C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf
Access denied - C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf
Access denied - C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf
Access denied - C:\WINDOWS\Prefetch\EXCEL.EXE-13B3F319.pf
Access denied - C:\WINDOWS\Prefetch\EXPAND.EXE-2490DB85.pf
Access denied - C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf
Access denied - C:\WINDOWS\Prefetch\FIREFOX.EXE-28641590.pf
Access denied - C:\WINDOWS\Prefetch\GOOGLECRASHHANDLER.EXE-34C2B2F4.pf
Access denied - C:\WINDOWS\Prefetch\GOOGLETOOLBARMANAGER_C8CBFED7-39E8F175.pf
Access denied - C:\WINDOWS\Prefetch\GOOGLETOOLBARNOTIFIER.EXE-3629C61D.pf
Access denied - C:\WINDOWS\Prefetch\GOOGLEUPDATE.EXE-1E123D86.pf
Access denied - C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf
Access denied - C:\WINDOWS\Prefetch\HPQWMIEX.EXE-1982D280.pf
Access denied - C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf
Access denied - C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf
Access denied - C:\WINDOWS\Prefetch\IPODSERVICE.EXE-3192DE38.pf
Access denied - C:\WINDOWS\Prefetch\JAUCHECK.EXE-0CBF467B.pf
Access denied - C:\WINDOWS\Prefetch\JAVA.EXE-0C263507.pf
Access denied - C:\WINDOWS\Prefetch\JAVAW.EXE-2DC32ABC.pf
Access denied - C:\WINDOWS\Prefetch\JAVAWS.EXE-021AC9A9.pf
Access denied - C:\WINDOWS\Prefetch\JQS.EXE-1D781F77.pf
Access denied - C:\WINDOWS\Prefetch\JQSNOTIFY.EXE-24AE4A36.pf
Access denied - C:\WINDOWS\Prefetch\Layout.ini
Access denied - C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf
Access denied - C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf
Access denied - C:\WINDOWS\Prefetch\MDNSRESPONDER.EXE-02F30C6E.pf
Access denied - C:\WINDOWS\Prefetch\MMC.EXE-39071BCC.pf
Access denied - C:\WINDOWS\Prefetch\MPNOTIFY.EXE-3631A846.pf
Access denied - C:\WINDOWS\Prefetch\MSTSC.EXE-39B7CECA.pf
Access denied - C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf
Access denied - C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf
Access denied - C:\WINDOWS\Prefetch\NVSVC32.EXE-1F9EED18.pf
Access denied - C:\WINDOWS\Prefetch\NWIZ.EXE-2D0F9FBC.pf
Access denied - C:\WINDOWS\Prefetch\OIS.EXE-337DD4BD.pf
Access denied - C:\WINDOWS\Prefetch\OLDMCDONALD.EXE-03B95AA7.pf
Access denied - C:\WINDOWS\Prefetch\OSE.EXE-108AC98F.pf
Access denied - C:\WINDOWS\Prefetch\PCARMDRV.EXE-23E30548.pf
Access denied - C:\WINDOWS\Prefetch\POWERPNT.EXE-2F940E7E.pf
Access denied - C:\WINDOWS\Prefetch\QLBCTRL.EXE-0325C50A.pf
Access denied - C:\WINDOWS\Prefetch\QLBPRES.EXE-34B537FB.pf
Access denied - C:\WINDOWS\Prefetch\QTTASK.EXE-342507FB.pf
Access denied - C:\WINDOWS\Prefetch\RADEHLPRSVC.EXE-1F4D24A9.pf
Access denied - C:\WINDOWS\Prefetch\RADESVC.EXE-1BE7DCB3.pf
Access denied - C:\WINDOWS\Prefetch\READER_SL.EXE-2B4EA1CB.pf
Access denied - C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf
Access denied - C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf
Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-12E27DD0.pf
Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-1340EF7F.pf
Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-16BBAF5D.pf
Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-1857459C.pf
Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-1BC55A4F.pf
Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2CD85FD3.pf
Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-31610E45.pf
Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-31825FB0.pf
Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-35A483DA.pf
Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-3AF10E20.pf
Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-3B7FF535.pf
Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-3CC59473.pf
Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-415F88EC.pf
Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-440B5CD4.pf
Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-44A0B4BC.pf
Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf
Access denied - C:\WINDOWS\Prefetch\RUNDLL32.EXE-483E13BB.pf
Access denied - C:\WINDOWS\Prefetch\SETUP.EXE-05BB9A14.pf
Access denied - C:\WINDOWS\Prefetch\SETUP.EXE-0ECB8EFD.pf
Access denied - C:\WINDOWS\Prefetch\SETUP.EXE-39500995.pf
Access denied - C:\WINDOWS\Prefetch\SF.BIN-16B1EB69.pf
Access denied - C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf
Access denied - C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf
Access denied - C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf
Access denied - C:\WINDOWS\Prefetch\VERSIO~2.EXE-26289E65.pf
Access denied - C:\WINDOWS\Prefetch\VMCSERVICE.EXE-24A3AE40.pf
Access denied - C:\WINDOWS\Prefetch\WINHLP32.EXE-2C18E975.pf
Access denied - C:\WINDOWS\Prefetch\WINLOGON.EXE-32C57D49.pf
Access denied - C:\WINDOWS\Prefetch\WINWORD.EXE-37F6AE09.pf
Access denied - C:\WINDOWS\Prefetch\WMIADAP.EXE-2DF425B2.pf
Access denied - C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf
Access denied - C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf
Access denied - C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf
Access denied - C:\WINDOWS\system32\Macromed\Flash\Flash10n.ocx
Unable to change attribute - C:\hiberfil.sys
Unable to change attribute - C:\pagefile.sys


Attached Thumbnails

  • Result.jpg

Edited by Ihatemalwaretoo, 30 March 2011 - 04:36 PM.

  • 0



    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
Funny that you are still not able to see the folders. The things that didn't want to change don't have anything to do with them.

Can you see the file c:\windows\system32\calc.exe ?

  • 0




  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Yes I can see this file
  • 0



    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
I sent you a PM.

  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP