Author Topic: Error: Access is denied (5) (Read 10506 times)

Kiddshaw · « **on:** October 26, 2013, 11:05:00 PM »

Hello.

I'm having this issue and I don't know what to do.

I just downloaded Avast! Internet Security 2014. I ran a full system scan. I got virus clean but infected by rootkist. I tried to delete them and it said it would in the next boot. I did the restart and checked the history scan result to see if it have worked and it'll still said it would delete the files in the next boot. I choose then "Delete" and it said "Access is denied (5)" then tried Move To Chest and it said "The request is not supported (50)"

I don't know what to do. Am I clean or not?

I run 64 bit system. Windows 7.

Secondmineboy · « **Reply #1 on:** October 26, 2013, 11:09:02 PM »

These files are in the Avast Sandbox.

Try to empty out the Sandbox, in the Sandbox settings.

Kiddshaw · « **Reply #2 on:** October 26, 2013, 11:19:25 PM »

There's nothing in the sandbox :/

Eddy · « **Reply #3 on:** October 26, 2013, 11:21:09 PM »

Please follow these instructions: http://forum.avast.com/index.php?topic=53253.0

Kiddshaw · « **Reply #4 on:** October 27, 2013, 12:17:12 AM »

Almost done. Posting scan logs in 5

Kiddshaw · « **Reply #5 on:** October 27, 2013, 12:56:06 AM »

1. Adw cleaner log

2. Malwarebytes scan log

3. OTL

4. aswMBR

Kiddshaw · « **Reply #6 on:** October 27, 2013, 02:38:10 AM »

1. Adwcleaner

# AdwCleaner v3.010 - Report created 26/10/2013 at 17:31:19
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : kiddshaw - kiddshaw
# Running from : C:\Users\kiddshaw\Downloads\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\user.js
File Found : C:\windows\System32\roboot64.exe
Folder Found C:\Program Files (x86)\MyPC Backup
Folder Found C:\Program Files (x86)\MyPC Backup
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\Users\kiddshaw\AppData\Roaming\DriverCure
Folder Found C:\Users\kiddshaw\AppData\Roaming\Systweak

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\ParetoLogic
Key Found : [x64] HKCU\Software\BabSolution
Key Found : [x64] HKCU\Software\ParetoLogic
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\DealsPluginROW_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\DealsPluginROW_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_atube-catcher_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_atube-catcher_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_messenger-plus_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_messenger-plus_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_windows-live-messenger-2009_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_windows-live-messenger-2009_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_youtube-downloader-hd_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_youtube-downloader-hd_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Found : HKLM\Software\ParetoLogic
Key Found : HKLM\Software\systweak
Key Found : [x64] HKLM\SOFTWARE\IB Updater
Value Found : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720

-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\kiddshaw\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [3111 octets] - [26/10/2013 17:31:19]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3171 octets] ##########

Kiddshaw · « **Reply #7 on:** October 27, 2013, 02:38:55 AM »

2. Malwarebytes

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Versión de la Base de Datos: v2013.10.26.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
kiddshaw :: KIDDSHAW [administrador]

10/26/2013 5:47:01 PM
mbam-log-2013-10-26 (17-47-01).txt

Tipos de Análisis: Análisis Rápido
Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opciones de análisis desactivados: P2P
Objetos examinados: 208178
Tiempo transcurrido: 4 minuto(s), 47 segundo(s)

Procesos en Memoria Detectados: 0
(No se han detectado elementos maliciosos)

Módulos de Memoria Detectados: 0
(No se han detectado elementos maliciosos)

Claves del Registro Detectados: 2
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> En cuarentena y eliminado con éxito.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> En cuarentena y eliminado con éxito.

Valores del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Carpetas Detectadas: 0
(No se han detectado elementos maliciosos)

Archivos Detectados: 1
C:\Users\kiddshaw\Local Settings\Temporary Internet Files\Content.IE5\34LM103D\Setup[1].exe (PUP.Optional.LuckyLeap.A) -> En cuarentena y eliminado con éxito.

fin)

Kiddshaw · « **Reply #8 on:** October 27, 2013, 02:42:07 AM »

3. OTL scan log exceeds the maximun lenght

4. aswMBR

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-10-26 18:14:17
-----------------------------
18:14:17.727 OS Version: Windows x64 6.1.7601 Service Pack 1
18:14:17.727 Number of processors: 4 586 0x2A07
18:14:17.728 ComputerName: kiddshaw UserName:
18:14:19.827 Initialize success
18:14:19.902 AVAST engine defs: 13102602
18:14:30.980 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:14:30.983 Disk 0 Vendor: WDC_WD75 03.0 Size: 715404MB BusType: 3
18:14:31.137 Disk 0 MBR read successfully
18:14:31.143 Disk 0 MBR scan
18:14:31.150 Disk 0 Windows 7 default MBR code
18:14:31.156 Disk 0 Partition 1 00 DE Dell Utility DELL 8.0 100 MB offset 2048
18:14:31.168 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
18:14:31.183 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 700302 MB offset 30926848
18:14:31.211 Disk 0 scanning C:\windows\system32\drivers
18:14:40.947 Service scanning
18:15:16.498 Modules scanning
18:15:16.516 Disk 0 trace - called modules:
18:15:16.578 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
18:15:16.592 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005f58060]
18:15:16.603 3 CLASSPNP.SYS[fffff880011b643f] -> nt!IofCallDriver -> [0xfffffa8005bf3800]
18:15:16.609 5 ACPI.sys[fffff88000d5c7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005bf9050]
18:15:17.958 AVAST engine scan C:\windows
18:15:20.869 AVAST engine scan C:\windows\system32
18:17:33.164 AVAST engine scan C:\windows\system32\drivers
18:17:46.263 AVAST engine scan C:\Users\kiddshaw
18:37:32.943 AVAST engine scan C:\ProgramData
18:43:03.468 Scan finished successfully
18:53:54.648 Disk 0 MBR has been saved successfully to "C:\Users\kiddshaw\Desktop\MBR.dat"
18:53:54.651 The log file has been saved successfully to "C:\Users\kiddshaw\Desktop\aswMBR.txt"

Done

Pondus · « **Reply #9 on:** October 27, 2013, 02:03:08 AM »

Quote

3. OTL scan log exceeds the maximun lenght

and that is why the OTL instructions say attach log....

Kiddshaw · « **Reply #10 on:** October 27, 2013, 02:06:11 AM »

Look up, I attached it before...

Kiddshaw · « **Reply #11 on:** October 27, 2013, 02:59:12 AM »

Any solution guys? x_x

Secondmineboy · « **Reply #12 on:** October 27, 2013, 11:47:48 AM »

Under the answer box is an option attachments and other options, attach it there.

TwinHeadedEagle · « **Reply #13 on:** October 27, 2013, 12:48:14 PM »

Hello,

Please download Farbar Recovery Scan Tool by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Under Optional Scan ensure "List BCD" and "Driver MD5" are ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Kiddshaw · « **Reply #14 on:** October 27, 2013, 09:55:59 PM »

Hellooo

Here they are!

Author Topic: Error: Access is denied (5) (Read 10506 times)

Kiddshaw

Error: Access is denied (5)

Secondmineboy

Re: Error: Access is denied (5)

Kiddshaw

Re: Error: Access is denied (5)

Eddy

Re: Error: Access is denied (5)

Kiddshaw

Re: Error: Access is denied (5)

Kiddshaw

Re: Error: Access is denied (5)

Kiddshaw

Re: Error: Access is denied (5)

Kiddshaw

Re: Error: Access is denied (5)

Kiddshaw

Re: Error: Access is denied (5)

Pondus

Re: Error: Access is denied (5)

Kiddshaw

Re: Error: Access is denied (5)

Kiddshaw

Re: Error: Access is denied (5)

Secondmineboy

Re: Error: Access is denied (5)

TwinHeadedEagle

Re: Error: Access is denied (5)

Kiddshaw

Re: Error: Access is denied (5)