Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

"Access Denied " message

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

"Access Denied " message

Unread postby NoSound » May 14th, 2009, 10:36 pm

Hello Board:

I am a recent member here. I have several problems, but hopefully by solving this first problem, all the others will be fixed also. I run Windows XP Home version. I have no sound from my external speakers. Speakers are good. I cannot enable the Background Intelligent Transfer Service as recommended by the Windows troubleshooter. I really cannot change any settings on my Services. I get an error message "Access Denied". Here's my log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:30 PM, on 5/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\TEMP\lzwizhr9.exe
C:\WINDOWS\TEMP\lzwizhr9.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\lzwizhr9.exe
C:\WINDOWS\TEMP\lzwizhr9.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=Explorer.exe "C:\Documents and Settings\All Users\Application Data\Microsoft\svchost.exe"
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Wcilavejoguma] rundll32.exe "C:\WINDOWS\asajegoh.dll",e
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\lzwizhr9.exe
O4 - HKCU\..\Run: [] C:\WINDOWS\TEMP\lzwizhr9.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Up ... b57176.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-U ... E_UNO1.cab
O16 - DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8555859218
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-L ... uncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: WUSB54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 9015 bytes


Good Luck and thank you for your help
NoSound
Regular Member
 
Posts: 16
Joined: May 14th, 2009, 10:08 pm

Re: "Access Denied " message

Unread postby MWR 3 day Mod » May 18th, 2009, 12:16 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the 72 hour bump room, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MWR 3day Robot
 
Posts: 2519
Joined: April 4th, 2008, 8:40 am

Re: "Access Denied " message

Unread postby askey127 » May 20th, 2009, 6:20 pm

Hi Nosound,
------------------------------------------------------
Please note that all instructions here are customized for this computer only. The tools used may cause damage if used on a computer with different infections.
For any outsiders reading this thread that appear to have similar problems, please post a new log in the HJT forum and wait for help.


My name is askey127 and I will be helping you remove any infection(s) that you may have.

Please observe these rules while we work:
  • Please give all responses as a reply to this thread. Do not start a new topic.
  • Please continue to respond until I give you the "All Clear"
  • If you have a problem with something, stop and ask! Don't keep going on.
  • Please don't remove, install or uninstall anything new unless I ask you to do so.
  • Don't assume that if the symptoms go away, computer is clean (Just because you can't see a problem doesn't mean it isn't there)
If you can do those things, everything should go smoothly :D

Please Note that your security programs may give warnings about some of the tools I will ask you to use. In any such case, please give permissions.
Be assured that any website links I give you are verified to be safe.
----------------------------------------------------------
Download and Install CCleaner
  • Download CCleaner from here . Choose the Slim version.
  • Double click on ccsetupXXX_slim.exe to start the installation of CCleaner. (XXX is the version number)
  • Click OK
  • Click Next
  • Click I agree
  • Click Next
  • Click Install
  • Once the installation has finished, click Finish

Retrieve the Installed Programs List from CCleaner
Open CCleaner if it's not already running.
In the Left Pane, click Tools
Verify that Uninstall is highlighted in color, or click on it.
In the lower Right, click Save to Text File.
Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
You can leave the filename as install.txt
Click Save
Please post the contents of Install.txt in your next reply.
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.
-----------------------------------------------------------
Set Options in CCleaner and run Cleaning Scan.
Open CCleaner if it's not already running.
( Do not use the Registry block to clean anything with this program. It is for experts only and it is risky).
  • Select Cleaner Settings.
    Check Internet Explorer, Windows Explorer, and System so that all items are checked. In the Advanced section, have a check only on Old PreFetch Data.
  • Click on the Options block on the left. Select Advanced.
    Uncheck Only delete files in Windows Temp folders older than 48 hours.
  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
  • Run Cleaning Scan. Click on the Cleaner block on the left. Choose the Windows tab.
    Click the Run Cleaner button. This process could take a while. When CCleaner shows how much has been removed, cleaning is finished.
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.
----------------------------------------------------------------------------------
Run MalwareBytes' Anti-Malware
Please download the Installer and save to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to both Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • If necessary, start Malwarebytes Anti-Malware again.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked if it found any malware items, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
  • The log can also be found here if you need it : Start, All Programs, Malwarebytes' Anti-Malware, Logs
    The logs are named by date stamp

So we are looking for the Uninstall list from CCleaner, and the log from Malwarebytes Anti-Malware.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13633
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: "Access Denied " message

Unread postby NoSound » May 20th, 2009, 11:38 pm

Hello Askey127:

Thanks for picking up my thread. Your instructions were superb, to the letter.
Here are the two files: 1) The install.txt file from CCleaner and 2) The log file from Malwarebytes.

From CCleaner:
3D Home Architect Home Design Deluxe 6
Adobe Flash Player 10 Plugin
Adobe Photoshop CS2
Adobe Reader 7.0.9
Adobe SVG Viewer 3.0
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
Bonjour
Browser Address Error Redirector
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator 2.0
Canon MP150
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
DivX
DVD Solution
Easy-WebPrint
Google Earth
Google Updater
HijackThis 2.0.2
iTunes
J2SE Runtime Environment 5.0 Update 2
LimeWire 4.18.1
Linksys Wireless-G USB Network Adapter
Macromedia Dreamweaver 8
Macromedia Extension Manager
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Digital Image Starter Edition 2006
Microsoft Office Standard Edition 2003
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
muvee Plugin 1.0
NVIDIA Drivers
OmniPage SE
PowerDVD
QuickTime
Recovery Software Suite eMachines
RollerCoaster Tycoon Deluxe
Soft Data Fax Modem with SmartCP
Trend Micro Internet Security Pro
TurboTax 2008
TurboTax Basic 2005
TurboTax Basic 2006
TurboTax Basic 2007
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
WexTech AnswerWorks
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Media Player Firefox Plugin
Yahoo! Toolbar

From Malwarebytes
Malwarebytes' Anti-Malware 1.36
Database version: 2161
Windows 5.1.2600 Service Pack 2

5/20/2009 10:40:19 PM
mbam-log-2009-05-20 (22-40-19).txt

Scan type: Quick Scan
Objects scanned: 83275
Time elapsed: 6 minute(s), 49 second(s)

Memory Processes Infected: 6
Memory Modules Infected: 0
Registry Keys Infected: 36
Registry Values Infected: 5
Registry Data Items Infected: 5
Folders Infected: 6
Files Infected: 38

Memory Processes Infected:
C:\WINDOWS\Temp\lzwizhr9.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\Temp\lzwizhr9.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\Temp\lzwizhr9.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\Temp\lzwizhr9.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\Temp\lzwizhr9.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\svchost.exe (Backdoor.Bot) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\bndblock4.band (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bndblock4.band.1 (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bndblock4.bho (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bndblock4.bho.1 (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1fe2ebe5-42ff-4586-a144-ca420c84ff6a} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f9e2be3-766d-4831-bb0e-766d5b819995} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bbb05d9e-0297-404d-a6bf-d8f2876b84a6} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d4a714f6-af40-4425-b708-ff03cbbc0a84} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8f9e2be3-766d-4831-bb0e-766d5b819995} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4b18dd50-c996-44fc-ac52-0fecff82ed58} (Spyware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{875a1348-7674-42aa-adac-b4f36a004a2d} (Adware.AdBand) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bbb05d9e-0297-404d-a6bf-d8f2876b84a6} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c2ba40a2-74f3-42bd-f434-2604812c8954} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QdrDrive (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BndBlock4.DLL (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\aldd (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SBTV (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows resurections (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{bbb05d9e-0297-404d-a6bf-d8f2876b84a6} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wcilavejoguma (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diagnostic manager (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Bot) -> Data: c:\documents and settings\all users\application data\microsoft\svchost.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe "C:\Documents and Settings\All Users\Application Data\Microsoft\svchost.exe") Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Owner\Application Data\ErrorFix (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-17 19-07-320 (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\QuarantineW\2009-05-17 19-07-320 (Rogue.ErrorFix) -> Files: 415 -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Results (Rogue.ErrorFix) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\Temp\lzwizhr9.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\instsp2.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kafawagi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kiyituhe.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kofirawa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kogujiru.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\linanotu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nozigita.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\refajako.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rodudaya.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\semasowa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yevazani.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lafijifa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\spy_ignore.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Logs\2009-05-17 18-58-270.log (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Results\Evidence.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Results\Junk.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Results\Registry.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\ErrorFix\Results\Update.db (Rogue.ErrorFix) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\asajegoh.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\a9k.bin (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jelosonu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zosusewa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jogejase.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vurotipe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM53ed09c1.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM53ed09c1.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hohejupo.dll (Trojan.vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\4140758610.exe (Trojan.Downloader) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\svchost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACjfpdbymy.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACpkdmwakn.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACywltevbi.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\UACrovhpbuh.sys (Trojan.Agent) -> Quarantined and deleted successfully.
NoSound
Regular Member
 
Posts: 16
Joined: May 14th, 2009, 10:08 pm

Re: "Access Denied " message

Unread postby askey127 » May 21st, 2009, 6:58 am

NoSound,
-----------------------------------------------
Unfortunately, you have a very dangerous infection with "backdoor" capabilities.
Notice this one in the log, that has been removed by the Malwarebytes application : C:\Documents and Settings\All Users\Application Data\Microsoft\svchost.exe (Backdoor.Bot)
This can give remote intruders complete control of your computer, which can include logging key strokes, stealing information, etc.
You are strongly advised to do the following immediately:
  • Call your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change *ALL* of your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
  • Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.
Because of the infection's backdoor functionality(i.e., remote control capability), the basic security of your PC is very likely compromised, and there is no way to be sure it can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action is to reformat the hard drive and reinstall the Windows Operating System. The reason for this is that the infection can make undetectable changes to your security settings, which may enable a re-installation of the infection after the machine is "cleaned" and reconnected to the internet. (This infection can, in effect, leave a "cellar door" unlocked so it can come back later and gain entry).

If you do not have the resources to reinstall your Windows Operating System and would like me to continue to clean your machine, I will be happy to do so. This is your choice to make.
The following articles may be of assistance in your decision: Should you have any questions, please feel free to ask.

If you still wish to continue cleaning, please proceed as follows:
-----------------------------------------------
Please Note Our Policy on the Use of P2P (Person to Person / Peer to Peer) file sharing programs
It is posted here: http://malwareremoval.com/forum/viewtopic.php?f=11&t=33112
You have the following P2P program(s) installed: LimeWire 4.18.1
This is likely why your computer is badly infected.
Uninstall the Peer to Peer program(s) so we are not wasting our time:
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present):
    LimeWire 4.18.1
NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.
----------------------------------------------------------
Remove Other Program(s) with CCleaner
Open CCleaner. In the Left Pane, click Tools. Verify that Uninstall is highlighted in color, or click on it.
Click and Highlight the Following Programs, one at a time, and click the Run Uninstaller button for each one.
Wait for completion of each one before highlighting and Uninstalling the next.
Adobe Reader 7.0.9
J2SE Runtime Environment 5.0 Update 2

Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into Keeping the program.
--------------------------------------------------------
Download the Newest Version of Adobe Reader
  • Go here and click on AdbeRdr910_en_US.exe to download the latest version of Adobe Acrobat Reader.
  • Save this file to your desktop and run it to install the latest version of Adobe Reader.

If you prefer a simple reader, without plug-ins, that is smaller and faster, take a look at the free Foxit Reader here : http://www.foxitsoftware.com/downloads/
I would recommend the older Foxit version 2.3 only, without the toolbar. Foxit version 3.0 has the undesirable ASK toolbar.
------------------------------------------------------------
Download the latest version of Java SE Runtime Environment(JRE), and install it to your computer.
It is the 5th one on the page, called Java SE Runtime Environment (JRE) 6 Update 13
Select Windows, multi-language, and check to agree to the license.
Download it, choose save, and save it to your desktop.
Then doubleclick it, and it will install the newest version of Java for you to use.
Reboot your machine.
Let me know how it goes, and/or what you decide to do.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13633
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: "Access Denied " message

Unread postby NoSound » May 22nd, 2009, 1:14 am

Hi askey27:

Thank you so much for your advice. I definitely want to reformat, but I have to look and see if I have a windows XP disk that might have come with my computer so I can reinstall. For now though, I followed your instructions on the continuation of cleaning. I uninstalled Limewire and the two other programs. Can I try and download the sound drivers from the emachines website again? Or should I try and run windows update?
NoSound
Regular Member
 
Posts: 16
Joined: May 14th, 2009, 10:08 pm

Re: "Access Denied " message

Unread postby askey127 » May 22nd, 2009, 8:30 am

I would download any and all of those drivers, and also save copies of them for after a reformat.
I would not look for any Windows updates now, but do so after your machine looks completely clean.
Any resident infections can cause corrupt system files during an update.
-----------------------------------------------------
Please do a scan with Kaspersky Online Scanner
Click on the Accept button and install any components it needs.
* The program will install and then begin downloading the latest definition files.
* After the files have been downloaded on the left side of the page in the Scan section select My Computer
* This will start the program and scan your system.
* The scan will take a while, so be patient and let it run.
* Once the scan is complete, click on View scan report
* Now, click on the Save Report as button.
* Save the file to your desktop.
* Copy and paste that information in your next post.

Graphics tutorial available here if needed:
http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13633
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: "Access Denied " message

Unread postby NoSound » May 23rd, 2009, 6:56 pm

Hi askey127:
Here's the scan results from Kaspersky:

*KASPERSKY ONLINE SCANNER 7.0 REPORT*
Saturday, May 23, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2
(build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Saturday, May 23, 2009 21:31:35
Records in database: 2228724

*Scan settings*
Scan using the following database extended
Scan archives yes
Scan mail databases yes
*Scan area* My Computer
C:\
D:\
E:\
*Scan statistics*
Files scanned 83992
Threat name 32
Infected objects 129
Suspicious objects 0
Duration of the scan 02:16:39


*File name* *Threat name* *Threats count*
C:\Documents and Settings\Owner\My Documents\LimeWire\Saved\prostitue
flang part 2 MTV.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1
C:\Documents and Settings\Owner\My Documents\LimeWire\Saved\prostitue
flang part 2.mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\10.tmp
Infected: Exploit.Java.Gimsh.b 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\11.tmp
Infected: Trojan-Downloader.Win32.Small.gvr 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\12.tmp
Infected: Trojan-Downloader.Win32.Small.gzs 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\13.tmp
Infected: not-a-virus:AdWare.Win32.Agent.vv 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\13.tmp
Infected: not-a-virus:AdWare.Win32.AdBand.h 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\13.tmp
Infected: Trojan-Downloader.Win32.Agent.jjq 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\14.tmp
Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\1471584640.exe Infected:
Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\15.tmp
Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\16.tmp
Infected: Worm.Win32.AutoRun.fjo 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\17.tmp
Infected: Worm.Win32.AutoRun.fjo 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\1775985426.exe Infected:
Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\1781922926.exe Infected:
Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\18.tmp
Infected: Packed.Win32.Krap.p 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\1809767734.exe Infected:
Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\1810080234.exe Infected:
Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\1817522734.exe Infected:
Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\1860280720.exe Infected:
Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\1A.tmp
Infected: Trojan-Downloader.Win32.Suurch.mq 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\1B.tmp
Infected: Trojan-Downloader.Win32.Suurch.mq 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\1C.tmp
Infected: Trojan-Downloader.Win32.Suurch.mq 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\1D.tmp
Infected: Trojan-Downloader.Win32.Suurch.mq 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\1E.tmp
Infected: Trojan-Downloader.Win32.Suurch.mq 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\1F.tmp
Infected: Trojan-Downloader.Win32.Suurch.mq 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\20.tmp
Infected: Trojan-Downloader.Win32.Suurch.mq 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\2075571190.exe Infected:
Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\21.tmp
Infected: Trojan-Downloader.Win32.Suurch.mq 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\22.tmp
Infected: Trojan-Downloader.Win32.Suurch.mq 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\2289224156.EXE Infected:
Trojan-Downloader.Win32.Suurch.qs 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\23.tmp
Infected: Trojan-Downloader.Win32.Suurch.mq 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\233594102.exe
Infected: Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\233906602.exe
Infected: Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\2344499404.exe Infected:
Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\24.tmp
Infected: Trojan-Downloader.Win32.FraudLoad.vmrj 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\25.tmp
Infected: Trojan-Downloader.Win32.Suurch.mq 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\26.tmp
Infected: Trojan-Downloader.Win32.Suurch.mq 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\2602205994.exe Infected:
Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\2631268494.exe Infected:
Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\27.tmp
Infected: Trojan-Downloader.Win32.Suurch.mq 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\28.tmp
Infected: Trojan-Downloader.Win32.Agent.bpcz 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\29.tmp
Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\2A.tmp
Infected: Exploit.Win32.Pidief.no 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\2B.tmp
Infected: Trojan-Downloader.Win32.Small.jmc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\2C.tmp
Infected: Trojan-Spy.Win32.Goldun.bpx 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\2D.tmp
Infected: Trojan-Spy.Win32.Goldun.bpx 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\2E.tmp
Infected: Exploit.Java.Gimsh.b 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\2F.tmp
Infected: Exploit.Java.Gimsh.b 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\30.tmp
Infected: Exploit.Java.Gimsh.b 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\31.tmp
Infected: Trojan-Downloader.Win32.Small.jmc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\32.tmp
Infected: Trojan-Spy.Win32.Goldun.bpx 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\33.tmp
Infected: Trojan-Spy.Win32.Goldun.bpx 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\3347660116.exe Infected:
Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\3348128866.exe Infected:
Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\3356094454.exe Infected:
Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\35.tmp
Infected: Trojan-Downloader.Win32.Suurch.qs 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\3533605084.exe Infected:
Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\3540792584.exe Infected:
Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\3544844498.exe Infected:
Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\3545000748.exe Infected:
Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\36.tmp
Infected: Trojan-Downloader.Win32.Suurch.qs 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\3858172882.exe Infected:
Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\4002082756.exe Infected:
Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\5.tmp
Infected: Trojan-Downloader.Win32.Suurch.mq 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\6.tmp
Infected: Trojan-Downloader.Win32.Suurch.mq 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\600799942.exe
Infected: Trojan-Downloader.Win32.Suurch.oa 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\7.tmp
Infected: Trojan-Downloader.Win32.Suurch.mq 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\7F.tmp
Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\8.tmp
Infected: Trojan-Downloader.Win32.Suurch.mq 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\9.tmp
Infected: Trojan-Downloader.Win32.Suurch.mq 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\A.tmp
Infected: Trojan-Downloader.Win32.Suurch.mq 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\A0002011.dll
Infected: Trojan.Win32.TDSS.vsz 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\A0002012.dll
Infected: Trojan.Win32.Tdss.ror 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\A0002191.dll
Infected: Trojan.Win32.Tdss.why 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\A0002192.dll
Infected: Packed.Win32.Tdss.h 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\aasuper0[1].htm Infected:
Trojan-Downloader.Win32.Boltolog.bfa 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\B.tmp
Infected: Trojan-Downloader.Win32.FraudLoad.vmrj 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\Backup\UAC11ed.RB0 Infected: Trojan.Win32.Patched.fl 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\bhrob[1].htm
Infected: Trojan.Win32.Agent2.hoc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\C.tmp
Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\cmjjtkllmv[1].htm Infected:
Trojan-Downloader.Win32.Small.jmc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\D.tmp
Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\E.tmp
Infected: Exploit.Java.Gimsh.b 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\F.tmp
Infected: Exploit.Java.Gimsh.b 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\tsstduhii[1].htm Infected: Trojan.Win32.Agent2.hoc 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\UACmsgtqsgi.dll Infected: Trojan.Win32.Tdss.ror 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\UACmsgtqsgi_12cc.VIR Infected: Trojan.Win32.Tdss.ror 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\UACmsgtqsgi_14d8.VIR Infected: Trojan.Win32.Tdss.ror 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\UACmsgtqsgi_228.VIR Infected: Trojan.Win32.Tdss.ror 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\UACmsgtqsgi_678.VIR Infected: Trojan.Win32.Tdss.ror 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\UACmsgtqsgi_6a4.VIR Infected: Trojan.Win32.Tdss.ror 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\UACmsgtqsgi_b38.VIR Infected: Trojan.Win32.Tdss.ror 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\UACmsgtqsgi_c3c.VIR Infected: Trojan.Win32.Tdss.ror 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\UACmsgtqsgi_d44.VIR Infected: Trojan.Win32.Tdss.ror 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\UACmsgtqsgi_e30.VIR Infected: Trojan.Win32.Tdss.ror 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\UACmsgtqsgi_e78.VIR Infected: Trojan.Win32.Tdss.ror 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\UACMSGTQSGI_f2c.VIR Infected: Trojan.Win32.Tdss.ror 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\UACoroowrtx.dll Infected: Trojan.Win32.Tdss.why 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\UACoroowrtx_12cc.VIR Infected: Trojan.Win32.Tdss.why 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\UACoroowrtx_14d8.VIR Infected: Trojan.Win32.Tdss.why 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\UACoroowrtx_228.VIR Infected: Trojan.Win32.Tdss.why 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\UACoroowrtx_678.VIR Infected: Trojan.Win32.Tdss.why 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\UACoroowrtx_6a4.VIR Infected: Trojan.Win32.Tdss.why 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\UACoroowrtx_b38.VIR Infected: Trojan.Win32.Tdss.why 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\UACoroowrtx_c3c.VIR Infected: Trojan.Win32.Tdss.why 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\UACoroowrtx_c58.VIR Infected: Trojan.Win32.Tdss.why 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\UACoroowrtx_d44.VIR Infected: Trojan.Win32.Tdss.why 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\UACoroowrtx_e30.VIR Infected: Trojan.Win32.Tdss.why 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\UACoroowrtx_e78.VIR Infected: Trojan.Win32.Tdss.why 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\UACpixwwrrn.dll Infected: Trojan.Win32.TDSS.vsz 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\UACpixwwrrn_14d8.VIR Infected: Trojan.Win32.TDSS.vsz 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\UACpixwwrrn_228.VIR Infected: Trojan.Win32.TDSS.vsz 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\UACpixwwrrn_678.VIR Infected: Trojan.Win32.TDSS.vsz 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\UACPIXWWRRN_8f8.VIR Infected: Trojan.Win32.TDSS.vsz 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\UACpixwwrrn_e30.VIR Infected: Trojan.Win32.TDSS.vsz 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\UACtnqoxvmd.dll Infected: Packed.Win32.Tdss.h 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\UACtnqoxvmd_14d8.VIR Infected: Packed.Win32.Tdss.h 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\UACtnqoxvmd_228.VIR Infected: Packed.Win32.Tdss.h 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\UACtnqoxvmd_678.VIR Infected: Packed.Win32.Tdss.h 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\UACtnqoxvmd_c54.VIR Infected: Packed.Win32.Tdss.h 1
C:\Program Files\Trend Micro\Internet
Security\Quarantine\UACtnqoxvmd_e30.VIR Infected: Packed.Win32.Tdss.h 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\update[1].exe
Infected: Trojan-Spy.Win32.Goldun.bdu 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\xdmane[1].htm
Infected: Trojan.Win32.Agent2.hoc 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\10.tmp
Infected: Trojan.Win32.VB.aqt 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2CD.tmp
Infected: Worm.Win32.VB.fi 1
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\EB.tmp
Infected: Trojan.Win32.VB.aqt 1
C:\WINDOWS\system32\bajukeko.exe Infected: Trojan.Win32.AntiAV.aug 1
D:\i386\Apps\App17981\comps\toolbar\toolbr.exe Infected:
not-a-virus:AdWare.Win32.SearchIt.t 1
* The selected area was scanned.*
NoSound
Regular Member
 
Posts: 16
Joined: May 14th, 2009, 10:08 pm

Re: "Access Denied " message

Unread postby askey127 » May 23rd, 2009, 8:39 pm

I don't see any live infections right now, but it re-enforces that you have had a very serious set of infections in the past.
Not only that, but you still have some stuff in the Limewire folders that are potential infectors.
Please do exactly as I say. Do NOT open any files in this folder!!
-----------------------------------------------------------
Folder Deletion
In Windows Explorer (My Computer), navigate to the folder shown below, highlight it, if found, and press Delete.
C:\Documents and Settings\Owner\My Documents\LimeWire\ <== this folder only
You may have to first open the folder, choose View, Details, and delete all the underlying files and folders before an entire folder can be deleted.
If you need to delete underlying files in a folder and are unable to do so:
Right click the file set for deletion, and check Properties to see if it's read-only. Uncheck the read-only box, click Apply and OK. Then retry Delete.
Please Note the name and location of any item you cannot delete, or any file not found.

Let me know how it goes.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13633
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: "Access Denied " message

Unread postby NoSound » May 23rd, 2009, 10:45 pm

Hi askey127:

I navigated to the folder in your last post and deleted the LimeWire folder with no problems. I did get a message that read 'The folder LimeWire contains items whose name is too long for the recycle bin. Do you want to permanently delete it?' I clicked yes to all. I wonder if these files were actually deleted because when I opened the recycle bin, there were no items from LimeWire in there. I gues it bypassed the recycle bin somehow.
NoSound
Regular Member
 
Posts: 16
Joined: May 14th, 2009, 10:08 pm

Re: "Access Denied " message

Unread postby askey127 » May 24th, 2009, 6:45 am

NoSound,
-----------------------------------------------------------
Reset System Restore Points
  • Click Start > Help and Support
  • Click on ->Undo changes to your computer with System Restore.
  • Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
  • Close Help and Support Center.
  • Click Start | Run and type Cleanmgr
  • Select (C: ) then click OK.
  • Click the More Options tab.
  • Click Clean Up in the System Restore Section.
This will remove all previous restore points except the newly created one.
This System Restore sequence is not to be done regularly, but only as a Special Case after the removal of malware.
-----------------------------------------------------------
Download and Install the BlueTack HOSTS File
A HOSTS file is a big list of bad web sites. The list has a specific format, a specific name, (name is just HOSTS with no file extension), and a specific location. Your machine always looks at that file in that location before connecting to a web site to verify the address. So the HOSTS listing can be used to "short circuit" a request to a bad website by giving it the address of your own machine.

Download BlueTack's HOSTS Manager here, using Internet Explorer (Firefox won't work):
http://www.bluetack.co.uk/forums/index.php?act=dscript&CODE=showdetails&f_id=5
A short distance down the page in the center, click on the Download button.
Agree to the license.
On the next page, to the right side of where it says Download Estimates, right click on the underlined word "Hosts Manager" choose "Save Target As" and download the installer Hosts20setup.exe to your desktop.
Double click the Installer on your desktop and let it Install the Hosts Manager

After the installation is complete, click on the Hosts Manager icon on your desktop. (You can delete the other Hosts Switch icon from your desktop).
When the Hosts Manager comes up, click the small down arrows on the Right side of the bar labeled "Options and Tools",
Click Disable DNS Service. This is important; otherwise your next boot-up may take a VERY long time.
When this has been done, in the left pane, click on Download.
It will load 80,000 lines or more. When it finishes, also in the left pane, click Replace, and then click Save.
You can use this manager to handle your HOSTS file download, edits, and most any other HOSTS issue.

If you have a separate third party firewall, or Winpatrol, you may have to give permissions at various times to Unlock the present default HOSTS file and install the new one.
-----------------------------------------------------------
Install WinPatrol - Download and Install the Free WinPatrol, and view Instructions here: http://www.winpatrol.com/winpatrol.html
- WinPatrol is an active program that drops a "Scotty Dog" icon into the system tray (right click to check/change status), allows you to monitor/edit startups, services, Browser helpers, and prompts for permission if any program tries to change your system.

I think your machine is as clean and safe as we can make it, within the limitations discussed earlier.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13633
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: "Access Denied " message

Unread postby NoSound » May 25th, 2009, 1:20 am

askey127:

Thank you so much for cleaning my computer. I still can't get sound from my speakers. I downloaded the motherboard drivers chipset and the Realtek audio drivers from the eMachines website, but still no sound. I still cannot enable the Background Intelligent Transfer Service (BIT). Also, access is denied when I try and enable Automatic Updates.
NoSound
Regular Member
 
Posts: 16
Joined: May 14th, 2009, 10:08 pm

Re: "Access Denied " message

Unread postby askey127 » May 25th, 2009, 6:14 am

Nosound,
-----------------------------------------------------
Download FixPolicies.exe, a self-extracting ZIP archive, and save it to your Desktop.
You can get it from here:: http://downloads.malwareremoval.com/BillCastner/FixPolicies.exe
  • Double-click FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies.
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  • A black box will briefly appear and then close.
This should restore privileges that may have been corrupted. Let me know.
askey
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13633
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: "Access Denied " message

Unread postby NoSound » May 25th, 2009, 1:43 pm

Hello askey127:

I did exactly what was in your instructions, but I still get the access denied message when trying to enable Automatic Updates.
I looked around in Device Manager and there is a yellow exclamation point on Multimedia Audio Controller. I'm confused because I downloaded all the drivers from my computer's website. Also, there are no yellow marks in the Sound, Video & Game Controllers area.
NoSound
Regular Member
 
Posts: 16
Joined: May 14th, 2009, 10:08 pm

Re: "Access Denied " message

Unread postby askey127 » May 25th, 2009, 7:06 pm

NoSound,
-----------------------------------------------------------
Please start Malwarebytes Anti-Malware again.
  • Once the program has loaded, click the Updates tab and search for updates.
    Select the Scanner tab, choose Perform Full Scan, then click Scan. It will take longer.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked if it found any malware items, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
  • The log can also be found here if you need it : Start, All Programs, Malwarebytes' Anti-Malware, Logs
    The logs are named by date stamp

Did you do something with the HOSTS file?
How is it running?
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13633
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: smartrobert and 37 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware