Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant access programs as "You may not have the appropriate permissions to access"


  • Please log in to reply
78 replies to this topic

#1 Tonyjj

Tonyjj

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 24 September 2015 - 10:22 AM

Hi

 

I think I'm infected.  I am running Window 7.

 

I've tried installing Malwarebytes to check for malware and I get the "

ShellExecuteEx failed; code 5. Access Denied" error come up.

 

 

I've tried right clicking it and running as administrator and then I get the " I can not access the specific device, path or file. You may not have the appropriate permissions to access the item" message.

 

 

I have also noticed I now have the hao123 site as my home page and I did not set this up.  When I go into remove programs or go into Windows Task manager there are no HAO123 processes or programs to delete?

 

I have also got error messages when trying to uninstall any programme "You do not have sufficient access to uninstall *****. Please contact your system administrator".

 

 

 

I am the only user and administrator on this PC, there is no other account available to access.

 

 

I have run Norton Anti Virus and this does not find any errors.

 

 

Im a little stuck, please help.

 

 



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 AM

Posted 24 September 2015 - 10:36 AM

Hi Tonyjj :)

My name is Aura and I'll be assisting you with your issue. First, we should gather a bit more information on your system. Follow the instructions below please.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the executable file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Last 10 Event Viewer Errors;
    • List Installed Programs;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      B8oLpa3.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Tonyjj

Tonyjj
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 24 September 2015 - 10:45 AM

Thanks for the quick reply

 

Unfortunately I have saved the Mini Tool Box to my desktop but I cant run it as I get the following error "windows cannot access the specific device path or file. You may not have the appropriate permission to access the item"



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 AM

Posted 24 September 2015 - 10:46 AM

Alright, please boot in Safe Mode with Networking, and try to run it from there.

http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Tonyjj

Tonyjj
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 24 September 2015 - 10:56 AM

Thanks, it worked:

 

MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by Admin (administrator) on 24-09-2015 at 16:54:40
Running from "C:\Users\Admin\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X86)
Model: OptiPlex 745 Manufacturer: Dell Inc.
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

 

========================= IP Configuration: ================================

Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection 2 (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Admin-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : lan

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . : lan
   Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
   Physical Address. . . . . . . . . : 00-19-B9-4B-14-F8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : fd8c:34fd:cd95:7c00:b08b:a0c1:bd19:62f4(Preferred)
   Temporary IPv6 Address. . . . . . : fd8c:34fd:cd95:7c00:a9d0:49a9:19b4:961f(Preferred)
   Link-local IPv6 Address . . . . . : fe80::b08b:a0c1:bd19:62f4%16(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.7(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 24 September 2015 16:49:19
   Lease Expires . . . . . . . . . . : 25 September 2015 16:49:18
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 318773689
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-4B-D5-84-00-0C-29-50-3B-61
   DNS Servers . . . . . . . . . . . : fe80::1%16
                                       192.168.1.1
                                       192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.lan:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  fe80::1

Name:    google.com
Addresses:  2a00:1450:4009:80b::200e
   64.233.184.138
   64.233.184.113
   64.233.184.139
   64.233.184.100
   64.233.184.102
   64.233.184.101

Pinging google.com [64.233.184.113] with 32 bytes of data:
Reply from 64.233.184.113: bytes=32 time=24ms TTL=44
Reply from 64.233.184.113: bytes=32 time=25ms TTL=44

Ping statistics for 64.233.184.113:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 24ms, Maximum = 25ms, Average = 24ms
Server:  UnKnown
Address:  fe80::1

Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
   2001:4998:58:c02::a9
   2001:4998:c:a06::2:4008
   98.139.183.24
   206.190.36.45
   98.138.253.109

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=114ms TTL=52
Reply from 98.139.183.24: bytes=32 time=114ms TTL=52

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 114ms, Maximum = 114ms, Average = 114ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 16...00 19 b9 4b 14 f8 ......Broadcom NetXtreme 57xx Gigabit Controller
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 15...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.7     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.7    276
      192.168.1.7  255.255.255.255         On-link       192.168.1.7    276
    192.168.1.255  255.255.255.255         On-link       192.168.1.7    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.7    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.7    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 16     28 fd8c:34fd:cd95:7c00::/64 On-link
 16    276 fd8c:34fd:cd95:7c00:a9d0:49a9:19b4:961f/128
                                    On-link
 16    276 fd8c:34fd:cd95:7c00:b08b:a0c1:bd19:62f4/128
                                    On-link
 16    276 fe80::/64                On-link
 16    276 fe80::b08b:a0c1:bd19:62f4/128
                                    On-link
  1    306 ff00::/8                 On-link
 16    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/24/2015 04:47:50 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070005, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (09/24/2015 04:43:09 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070005, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (09/24/2015 04:42:16 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070005, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (09/24/2015 04:41:45 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070005, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (09/24/2015 04:40:38 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070005, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (09/24/2015 04:40:15 PM) (Source: Desktop Window Manager) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8007000e)

Error: (09/24/2015 04:40:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.18015, time stamp: 0x55cec14a
Faulting module name: MSHTML.dll, version: 11.0.9600.18015, time stamp: 0x55ced693
Exception code: 0xc0000005
Fault offset: 0x000953dc
Faulting process id: 0xfd4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (09/24/2015 04:28:45 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070005, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (09/24/2015 04:28:30 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070005, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (09/24/2015 03:48:36 PM) (Source: Application Error) (User: )
Description: Faulting application name: GoogleUpdate.exe, version: 1.3.26.9, time stamp: 0x54c04d6c
Faulting module name: ntdll.dll, version: 6.1.7601.18939, time stamp: 0x55afd7a8
Exception code: 0xc0000374
Fault offset: 0x000c3f83
Faulting process id: 0x15f8
Faulting application start time: 0xGoogleUpdate.exe0
Faulting application path: GoogleUpdate.exe1
Faulting module path: GoogleUpdate.exe2
Report Id: GoogleUpdate.exe3

System errors:
=============
Error: (09/24/2015 04:53:57 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/24/2015 04:53:57 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/24/2015 04:53:57 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/24/2015 04:53:57 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/24/2015 04:53:57 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/24/2015 04:53:57 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/24/2015 04:51:40 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/24/2015 04:51:40 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/24/2015 04:51:40 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/24/2015 04:51:40 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (09/24/2015 04:47:50 PM) (Source: Windows Search Service)(User: )
Description: 40x80070005Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects

Error: (09/24/2015 04:43:09 PM) (Source: Windows Search Service)(User: )
Description: 40x80070005Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects

Error: (09/24/2015 04:42:16 PM) (Source: Windows Search Service)(User: )
Description: 40x80070005Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects

Error: (09/24/2015 04:41:45 PM) (Source: Windows Search Service)(User: )
Description: 40x80070005Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects

Error: (09/24/2015 04:40:38 PM) (Source: Windows Search Service)(User: )
Description: 40x80070005Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects

Error: (09/24/2015 04:40:15 PM) (Source: Desktop Window Manager)(User: )
Description: 0x8007000e

Error: (09/24/2015 04:40:08 PM) (Source: Application Error)(User: )
Description: iexplore.exe11.0.9600.1801555cec14aMSHTML.dll11.0.9600.1801555ced693c0000005000953dcfd401d0f6ddf8eb52d7C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll881966d2-62d2-11e5-919b-0019b94b14f8

Error: (09/24/2015 04:28:45 PM) (Source: Windows Search Service)(User: )
Description: 40x80070005Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects

Error: (09/24/2015 04:28:30 PM) (Source: Windows Search Service)(User: )
Description: 40x80070005Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects

Error: (09/24/2015 03:48:36 PM) (Source: Application Error)(User: )
Description: GoogleUpdate.exe1.3.26.954c04d6cntdll.dll6.1.7601.1893955afd7a8c0000374000c3f8315f801d0f6d8174edb62C:\Program Files\Google\Update\GoogleUpdate.exeC:\Windows\SYSTEM32\ntdll.dll558314b2-62cb-11e5-919b-0019b94b14f8

=========================== Installed Programs ============================

4K Video Downloader 3.6 (HKLM\...\4K Video Downloader_is1) (Version: 3.6.1.1770 - Open Media LLC)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Acrobat.com (HKLM\...\{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}) (Version: 2.1.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\{A2BCA9F1-566C-4805-97D1-7FDC93386723}) (Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM\...\{AC76BA86-0804-1033-1959-001824147215}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
BurnAware Free 8.4 (HKLM\...\BurnAware Free_is1) (Version:  - Burnaware)
Canon Utilities Digital Photo Professional (HKLM\...\Digital Photo Professional) (Version: 3.14.0.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM\...\EOS Sample Music) (Version: 1.0.1.1 - Canon Inc.)
Canon Utilities EOS Utility 2 (HKLM\...\EOS Utility 2) (Version: 2.14.0.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM\...\ImageBrowser EX) (Version: 1.5.2.8 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM\...\Picture Style Editor) (Version: 1.14.0.0 - Canon Inc.)
Computer Security 14.121.103.0 (release) (HKLM\...\{658FDBCA-B7A1-43E4-A849-9F0812473331}) (Version: 14.121.103.0 - F-Secure Corporation) Hidden
D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Easy Photo Scan (HKLM\...\{1A6DED1E-A024-455D-AA82-203D6B3B0CBC}) (Version: 1.00.0006 - Seiko Epson Corporation)
Epson Easy Photo Print 2 (HKLM\...\{07AA1C7F-E8CA-4FDC-B975-BC9EBC22B6DE}) (Version: 2.7.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{5662F323-3D9C-4100-B60C-BC71B47DD0A1}) (Version: 3.10.0041 - Seiko Epson Corporation)
Epson E-Web Print (HKLM\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
EPSON Manuals (HKLM\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.40.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-422 423 425 Series Printer Uninstall (HKLM\...\EPSON XP-422 423 425 Series) (Version:  - SEIKO EPSON Corporation)
Free Video to DVD Converter version 5.0.61.805 (HKLM\...\Free Video to DVD Converter_is1) (Version: 5.0.61.805 - DVDVideoSoft Ltd.)
F-Secure CCF Reputation (HKLM\...\{00000000-2778-5BED-8199-52EB14D8D22F}) (Version: 2.0.1337.0 - F-Secure) Hidden
F-Secure CCF Scanning 1.51.112.309 (release) (HKLM\...\{53BA6504-F1CE-4604-970A-082021D39784}) (Version: 1.51.112.309 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.03.102 (HKLM\...\{EFE33E35-9B0B-4CF9-AF8C-CBE93BB8E6FF}) (Version: 1.03.102 - F-Secure Corporation) Hidden
F-Secure SafeSearch 1.03.159.0 (release) (HKLM\...\{B50345AE-60D0-48D7-AFD2-F0B1A07F2294}) (Version: 1.03.159.0 - F-Secure Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.99 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.15 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Junk Mail filter update (HKLM\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malware Protection Live (HKLM\...\MalwareProtectionLive) (Version:  - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MyEpson Portal (HKLM\...\{3361D415-BA35-4143-B301-661991BA6219}) (Version: 1.1.1.0 - SEIKO EPSON CORPORATION) Hidden
MyEpson Portal (HKLM\...\MyEpson Portal) (Version:  - SEIKO EPSON Corporation)
Norton Internet Security (HKLM\...\NIS) (Version: 22.5.2.15 - Symantec Corporation)
ObjectDock Free (HKLM\...\{2C13F8C1-570B-42A9-87B4-8C7903ECD602}) (Version: 2.0 - Stardock Corporation) Hidden
ObjectDock Free (HKLM\...\ObjectDock Free) (Version: 2.0 - Stardock Corporation)
Online Safety 2.115.2786.1676 (HKLM\...\{D6D865A5-2703-4B26-A0AA-30B29C0696BC}) (Version: 2.115.2786.1676 - F-Secure Corporation) Hidden
OpenOffice 4.1.1 (HKLM\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
Photo Common (HKLM\...\{B1D0122C-6BE2-47A2-82AE-0BB3F6C91C49}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Common (HKLM\...\{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Python 3.4.3 (HKLM\...\{CCD588A7-8D55-49F1-A30C-47FAB40889ED}) (Version: 3.4.16490 - Python Software Foundation)
qBittorrent 3.2.3 (HKLM\...\qBittorrent) (Version: 3.2.3 - The qBittorrent project)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Software Updater (HKLM\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
Super Safe Boost (HKLM\...\{65B66361-5AB6-44B0-B48E-F4C6114408E0}) (Version: 2.21.286.0 - F-Secure Corporation) Hidden
Super Safe Boost (HKLM\...\F-Secure ServiceEnabler 44515) (Version: 2.21.286.0 - F-Secure Corporation)
The Desktop Weather 2.0 (HKLM\...\WeatherTool) (Version: 2.0.0.10766 - ShenZhen Enode Techology co,.Ltd)
Tools Update Platform (HKLM\...\{6A128791-4857-4484-9BB2-71D4C1257200}) (Version: 1.2.0.27 - Beijing Zhihuimen Techology co,.Ltd)
Windows 7 Codec Pack 4.1.0 (HKLM\...\Windows 7 - Codec Pack) (Version: 4.1.0 - Windows 7 Codec Pack)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

========================= Devices: ================================

Name:
Description:
Class Guid:
Manufacturer:
Service:
Device ID: ROOT\SCSIADAPTER\0000
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Device ID: ROOT\LEGACY_SPLDR\0000
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

========================= Memory info: ===================================

Percentage of memory in use: 16%
Total physical RAM: 3061.61 MB
Available physical RAM: 2548 MB
Total Virtual: 3059.93 MB
Available Virtual: 2589.91 MB

========================= Partitions: =====================================

1 Drive c: (Win 7 Home Premium) (Fixed) (Total:149.01 GB) (Free:85.02 GB) NTFS

========================= Users: ========================================

User accounts for \\ADMIN-PC

Admin                    Administrator            Guest                   

**** End of log ****



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 AM

Posted 24 September 2015 - 10:58 AM

Did you ever use F-Secure as your Antivirus program in the past?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 Tonyjj

Tonyjj
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 24 September 2015 - 11:00 AM

No (not even heard of it) but this machine was bought 2nd hand from a local shop about 2 months ago so I cant say what the last owner used on it. 

 

It was a fresh install of W7 when I bought it and Ive only used Norton and also talk talk antivurus runs along side it.



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 AM

Posted 24 September 2015 - 11:06 AM

Alright let's try something. Configure a clean boot on your system (the instructions are in the link at the end of this post), then restart your computer and try to uninstall the following programs.

Acrobat.com
Adobe AIR
Malware Protection Live
Super Safe Boost
The Desktop Weather 2.0
Windows 7 Codec Pack 4.1.0

https://support.microsoft.com/en-us/kb/929135

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 Tonyjj

Tonyjj
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 24 September 2015 - 11:43 AM

restarted as a clean boot but:

 

"You do not have sufficient access to uninstall Adobe AIR. Please contact your system administrator"

 

This is the same for all the others you asked about.



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 AM

Posted 24 September 2015 - 12:11 PM

Alright. Create a new user account and make it Admin (if you don't know how, let me know). Once done, log into that user account, while still being in a clean boot mode, and try to uninstall the programs from there.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 Tonyjj

Tonyjj
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 24 September 2015 - 12:22 PM

Its not letting me alter anything on the Control Panel\All Control Panel Items\User Accounts page that has the shield symbol next to it, including the 'Manage another account" option.

 

Ive just rebooted in to safe mode with networking and getting the same response.

 

You click it and nothing happens, its as if something is blocking it. 

 

How do I get around it?



#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 AM

Posted 24 September 2015 - 12:24 PM

We'll need to remove whatever is blocking it. Boot normally and follow the instructions below please.

eA5Cpfz.pngRKill
  • Download RKill and move the executable to your Desktop;
    Note: You can find renamed versions of RKill here in case something prevents the normal one from running;
  • Right-click on RKill.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Let it complete its scan;
    JXjQHV8.png
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 Tonyjj

Tonyjj
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 24 September 2015 - 12:34 PM

tried them all and still get the same annoying message:

 

windows cannot access the specific device path or file. You may not have the appropriate permission to access the item


 



#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 AM

Posted 24 September 2015 - 12:36 PM

Forgot that you were using Norton. Disable Norton completely, then download RKill and execute it. Norton often targets BleepingComputer tools as malicious, but they aren't, it's a false positive coming from Symantec (Norton).

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 Tonyjj

Tonyjj
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 24 September 2015 - 12:57 PM

Again in normal boot with Norton turned off I still get the same message:

 

windows cannot access the specific device path or file. You may not have the appropriate permission to access the item

 

I think this is all part of the same issue, anything to do with adjusting the system seems to be f... I mean blocked






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users