Don't have permission to access some programs

September 11, 2010 at 21:25:53
Specs: Windows 7
Outlook, iTunes and Nero are all locked up. It states I don't have permission to access the files. But I checked the files and the share access is fine. I had a Google Redirect Virus and I think that did it...HELP!

See More: Dont have permission to access some programs

Report •

#1
September 11, 2010 at 21:38:30
I thought it was the Google Redirect Virus I ran Avenger and then ComboFix 10...Avenger didn't find the file I was told to delete and this is what ComboFix came up with:

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\zip.exe

.
((((((((((((((((((((((((( Files Created from 2010-08-12 to 2010-09-12 )))))))))))))))))))))))))))))))
.

2010-09-12 02:04 . 2010-09-12 02:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-12 01:14 . 2010-09-12 01:14 -------- d-----w- c:\users\Harrold\AppData\Roaming\Malwarebytes
2010-09-12 01:14 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-12 01:14 . 2010-09-12 01:14 -------- dc----w- c:\programdata\Malwarebytes
2010-09-12 01:14 . 2010-09-12 01:14 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-12 01:14 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-12 01:06 . 2010-09-12 01:06 0 -c--a-w- C:\backup.reg
2010-09-12 01:06 . 2010-09-12 01:06 574 -c--a-w- C:\cleanup.bat
2010-09-12 00:15 . 2010-09-12 00:15 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-09-11 23:42 . 2010-09-12 00:24 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-09-11 23:41 . 2010-09-12 00:15 -------- dc----w- c:\programdata\Hitman Pro
2010-09-11 23:12 . 2010-09-11 23:13 -------- dc----w- c:\program files\Common Files\Nero
2010-09-11 21:30 . 2010-09-11 21:30 107520 --sha-r- c:\windows\system32\rekeywiz6.dll
2010-09-11 04:00 . 2010-09-11 04:00 -------- d-----w- c:\users\Harrold\AppData\Roaming\BigFishv1002
2010-09-11 03:59 . 2010-09-11 03:59 -------- dc----w- c:\program files\Escape Rosecliff Island
2010-09-07 02:11 . 2010-09-07 02:13 -------- d-----w- c:\programdata\RosettaStoneLtdServices
2010-09-07 02:11 . 2010-09-07 02:11 -------- dc----w- c:\program files\RosettaStoneLtdServices
2010-08-29 03:53 . 2010-08-29 03:53 -------- dc----w- c:\program files\vShare
2010-08-25 05:58 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-22 22:27 . 2010-09-11 20:26 -------- d-----w- c:\users\Harrold\AppData\Local\WinZip
2010-08-22 22:03 . 2010-08-22 22:04 -------- dc----w- c:\program files\QuickTime
2010-08-22 22:01 . 2010-08-22 22:01 -------- dc----w- c:\program files\iPod
2010-08-22 22:01 . 2010-08-22 22:02 -------- dc----w- c:\program files\iTunes
2010-08-22 21:58 . 2010-08-22 21:58 -------- dc----w- c:\program files\Bonjour
2010-08-22 21:57 . 2010-08-22 21:57 73000 -c--a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-08-22 18:20 . 2010-08-28 14:45 -------- d-----w- c:\users\Harrold\AppData\Roaming\DiskAid
2010-08-22 18:20 . 2010-08-22 18:20 -------- dc----w- c:\program files\DigiDNA
2010-08-22 06:18 . 2010-08-22 06:18 -------- d-----w- c:\users\Harrold\AppData\Local\ElevatedDiagnostics
2010-08-22 01:55 . 2010-08-22 01:55 -------- dc----w- c:\programdata\FileCure
2010-08-22 01:51 . 2010-08-22 01:56 -------- d-----w- c:\users\Harrold\AppData\Roaming\BitZipper
2010-08-22 01:49 . 2010-08-22 01:49 -------- d-----w- c:\programdata\WinZipSE
2010-08-21 17:06 . 2010-08-21 17:07 -------- dc----w- c:\program files\Nancy Drew Dossier - Resorting to Danger
2010-08-15 21:16 . 2010-08-15 21:16 18432 ----a-w- c:\windows\ss3unstl.exe
2010-08-15 21:16 . 2002-09-27 03:12 1443184 ----a-w- c:\windows\system32\The Tao Screensaver.scr
2010-08-15 12:39 . 2010-08-15 12:39 -------- dc----w- c:\program files\Wedding Dash
2010-08-14 02:25 . 2010-08-14 02:25 -------- dc----w- c:\program files\Mystery Case Files - Dire Grove

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-12 01:17 . 2010-06-11 17:58 -------- d-----w- c:\users\Harrold\AppData\Roaming\Media Player Classic
2010-09-12 01:09 . 2010-04-21 23:07 -------- d-----w- c:\programdata\NVIDIA
2010-09-12 00:09 . 2005-07-26 06:26 3811 ----a-r- c:\users\Harrold\AppData\Roaming\Harroldlog.dat
2010-09-11 23:52 . 2010-06-20 06:03 -------- dc----w- c:\program files\Nero
2010-09-11 22:56 . 2010-05-16 15:45 -------- dc----w- c:\program files\Microsoft Silverlight
2010-09-11 22:52 . 2010-04-30 16:40 -------- d-----w- c:\users\Harrold\AppData\Roaming\LimeWire
2010-09-11 03:55 . 2010-05-23 05:27 -------- dc----w- c:\program files\bfgclient
2010-09-05 15:52 . 2010-09-05 15:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-09-05 05:07 . 2010-07-05 18:32 -------- d-----w- c:\programdata\Rosetta Stone
2010-08-22 22:27 . 2010-07-05 18:26 -------- d-----w- c:\programdata\WinZip
2010-08-22 22:01 . 2010-04-22 02:47 -------- dc----w- c:\program files\Common Files\Apple
2010-08-22 18:09 . 2010-04-22 02:50 -------- d-----w- c:\users\Harrold\AppData\Roaming\Apple Computer
2010-08-22 18:08 . 2010-04-22 02:47 -------- dc----w- c:\programdata\Apple
2010-08-21 23:25 . 2010-04-22 04:14 -------- d-----w- c:\users\Harrold\AppData\Roaming\IObit
2010-08-20 01:25 . 2010-06-21 21:34 -------- dc----w- c:\program files\Flowers Story
2010-08-15 12:40 . 2010-07-03 22:58 -------- d-----w- c:\users\Harrold\AppData\Roaming\PlayFirst
2010-08-15 12:40 . 2010-07-03 22:58 -------- d-----w- c:\programdata\PlayFirst
2010-08-14 02:26 . 2010-06-29 22:35 -------- d-----w- c:\users\Harrold\AppData\Roaming\Big Fish Games
2010-08-13 01:59 . 2010-08-13 01:59 -------- dc----w- c:\program files\Mystery Case Files - Huntsville
2010-08-11 00:24 . 2010-08-11 00:24 -------- dc----w- c:\program files\Wedding Dash 4-Ever
2010-08-06 15:36 . 2010-08-06 15:36 -------- dc----w- c:\program files\Cooking Dash - DinerTown Studios
2010-07-31 21:30 . 2010-04-21 23:18 66664 ----a-r- c:\users\Harrold\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-31 20:53 . 2010-07-31 20:50 -------- d-----w- c:\users\Harrold\AppData\Roaming\Guitar Pro 6
2010-07-31 20:50 . 2010-07-31 20:50 -------- dc----w- c:\programdata\Guitar Pro 6
2010-07-31 16:19 . 2010-07-30 05:44 -------- dc----w- c:\programdata\avg9
2010-07-30 05:45 . 2010-07-30 05:45 -------- dc----w- c:\program files\AVG
2010-07-29 06:30 . 2010-08-11 23:20 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 23:20 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-01 04:46 . 2010-07-01 04:46 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 06:25 . 2010-08-11 23:19 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-22 02:47 . 2010-08-11 23:19 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-11 23:19 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-11 23:19 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-19 06:33 . 2010-08-11 23:19 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-11 23:19 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-11 23:20 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-11 23:19 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48 . 2010-08-11 23:19 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-14 06:12 . 2010-08-11 23:20 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}]
2010-08-17 20:13 431720 -c--a-w- c:\program files\vShare\vshare_toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{043C5167-00BB-4324-AF7E-62013FAEDACF}"= "c:\program files\vShare\vshare_toolbar.dll" [2010-08-17 431720]

[HKEY_CLASSES_ROOT\clsid\{043c5167-00bb-4324-af7e-62013faedacf}]
[HKEY_CLASSES_ROOT\vShare.PugiObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}]
[HKEY_CLASSES_ROOT\vShare.PugiObj]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{043C5167-00BB-4324-AF7E-62013FAEDACF}"= "c:\program files\vShare\vshare_toolbar.dll" [2010-08-17 431720]

[HKEY_CLASSES_ROOT\clsid\{043c5167-00bb-4324-af7e-62013faedacf}]
[HKEY_CLASSES_ROOT\vShare.PugiObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}]
[HKEY_CLASSES_ROOT\vShare.PugiObj]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-24 827904]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]

c:\users\Harrold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-7-12 576000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Users^Harrold^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Harrold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2008-12-24 17:26 114688 -c----w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 22:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 22:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 12:15 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-11-01 02:42 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-09 136176]
R3 CDVDService;CDVDService;c:\program files\1Step DVD Copy\CDVDService.exe [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-04-28 83496]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [2010-05-20 245760]
R3 STSService;STSService;c:\program files\SoundTaxi Media Suite\STSService.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-22 1343400]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-04-28 160720]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-04-28 64304]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-04-28 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-04-28 141792]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2009-09-03 444224]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-04-28 55456]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-04-28 312616]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2010-05-21 23096]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMD25
*Deregistered* - klmd25
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder

2010-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-09 07:19]

2010-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-09 07:19]

2010-09-06 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-04-22 01:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vShare\vshare_toolbar.dll
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-BFG-Wedding Dash - Ready, Aim, Love - c:\program files\Wedding Dash - Ready


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-09-11 19:07:25
ComboFix-quarantined-files.txt 2010-09-12 02:07

Pre-Run: 2,333,335,552 bytes free
Post-Run: 7,607,652,352 bytes free

- - End Of File - - 994A061327D8AD373DCEC01367C0090C


Report •
Related Solutions


Ask Question