Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

APPARENTLY MY PC HAS 14 NASTIES - [CLOSED]


  • This topic is locked This topic is locked

#1
Jetett

Jetett

    New Member

  • Member
  • Pip
  • 8 posts
I do have some other stuff 'saved' on another page ie apparently it is all safe , but I really don't know whether it is safe or not, AND I can't work out how to un-save it to include it in a HJT log .. any assistance will be greatfully received ...

Logfile of HijackThis v1.99.1
Scan saved at 10:33:58 PM, on 11/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ZoneAlarm\zlclient.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Spyware Cleaner\SpywareCleaner.exe
C:\Documents and Settings\Robyn Larven\Desktop\Robyn\HijackThis.exe

O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1130481105765
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: SpywareCleanerService - Secure Computer, LLC - C:\Program Files\Spyware Cleaner\SCService.exe
  • 0

Advertisements


#2
Jetett

Jetett

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I believe in a little self help every now and then - I've run the Ew. security suite and it picked 211 infected thingees (see how technical I am ?!) and I have removed (quarantined them). This was after running ccleaner .. I would still appreciate some guidance - I switched to Mozilla Firefox after running thunderbird for a few months because I thought they were more secure than IE and OE .. I am now being spammed as well in thunderbird which I never got on OE ..

my beloved insists on using Ebay stuff which I'm sure is causing some of the grief ...

I love Mozilla, but I really don't want the grief that I'm presently getting!

Edited by Jetett, 11 November 2005 - 06:06 PM.

  • 0

#3
Jetett

Jetett

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
unfurtunately I can't find the 1st scan report that listed the 211 infections - I now have a quarantine file that I'm not too sure what to do with.

I would REALLY appreciate some help please.


this is the second scan report-

--------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:07:56 AM, 12/11/2005
+ Report-Checksum: 47BA262C

+ Scan result:

:mozilla.19:C:\Documents and Settings\Robyn Larven\Application Data\Mozilla\Firefox\Profiles\y943keac.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Robyn Larven\Application Data\Mozilla\Firefox\Profiles\y943keac.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Robyn Larven\Application Data\Mozilla\Firefox\Profiles\y943keac.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Robyn Larven\Application Data\Mozilla\Firefox\Profiles\y943keac.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Robyn Larven\Application Data\Mozilla\Firefox\Profiles\y943keac.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Robyn Larven\Application Data\Mozilla\Firefox\Profiles\y943keac.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Robyn Larven\Application Data\Mozilla\Firefox\Profiles\y943keac.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Robyn Larven\Application Data\Mozilla\Firefox\Profiles\y943keac.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup


::Report End
  • 0

#4
andydf

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
Hi Jetett
Welcome to Geeks to go

As it has been a couple of days since your post, please post an uptodate HJT log for me to see.

Andy :tazz:
  • 0

#5
Jetett

Jetett

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi andydf,

thanks for looking at this for me ... the latest log below

Logfile of HijackThis v1.99.1
Scan saved at 8:11:04 AM, on 16/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ZoneAlarm\zlclient.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Robyn Larven\Desktop\Robyn\HijackThis.exe

O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1130481105765
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  • 0

#6
andydf

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
Hi Jetett

Well the good news is there doesn't seem to anything wrong with your log.
What program did you use to scan when you got the "14 nasties"?

I noticed in your first log that you have Spyware cleaner

I recommend uninstalling Spyware Cleaner see why here http://www.spywarewa...nti-spyware.htm

Go to Start > Control Panel > Add or Remove Programs and remove the following programs
Spyware Cleaner

Using windows explorer( right click start, left click explore)
Search for and delete these files and folders (If found)
C:\Program Files\Spyware Cleaner

Next
Make sure spysweeper is setup as follows and run another scan.

[*]Update to the latest definitions.
[*]Once the definitions are installed, click Options on the left side.
[*]Click the Sweep Options tab.
[*]Under What to Sweep please put a check next to the following:
  • Sweep Memory
  • Sweep Registry
  • Sweep Cookies
  • Sweep All User Accounts
  • Enable Direct Disk Sweeping
  • Sweep Contents of Compressed Files
  • Sweep for Rootkits
  • Please UNCHECK Do not Sweep System Restore Folder.
[*]Click Sweep Now on the left side.
[*]Click the Start button.
[*]When it's done scanning, click the Next button.
[*]Make sure everything has a check next to it, then click the Next button.
[*]It will remove all of the items found.
[*]Click Session Log in the upper right corner, copy everything in that window.
[*]Click the Summary tab and click Finish.
[*]Paste the contents of the session log you copied into your next reply.
[/list]
Are you having any other problems/popups?

Andy :tazz:
  • 0

#7
Jetett

Jetett

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi Andy,

from time to time the computer has been displaying abnormal tendancies - running slow 100% CPU usage .. each and every time I think that something is happening I run CCLEANER, AVG, SPYBOT, ADAWARE and usually it'll come back clear or something minor to fix ..

sad but true, I don't know enough about the computer and the OS to know what is good or bad, but have followed links to sites such as geeks and have learned to trust what is suggested ie loading AVG etc and ditching Norton (although I do get an error message from time to time about something not activating as a .dll file is lost missing or corrupted or something) .. I have since ditched AVAST as I prefer the automation of AVG ..

I can't find the prgramme spyware cleaner to uninstall it, however I have found 15 files (zipped and others) and when I selected them to delete them, I can't and the error message reads cannot delete/ read from source file or disc

back to you
  • 0

#8
Jetett

Jetett

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Andy .. I hate being defeated by a computer so, I've tried something different - I have managed to delete each file individually and the zipped files have been deleted via the recycle bin.

here is the spy sweeper log

********
9:03 AM: | Start of Session, Wednesday, 16 November 2005 |
9:03 AM: Spy Sweeper started
9:03 AM: Sweep initiated using definitions version 573
9:03 AM: Starting Memory Sweep
9:05 AM: Memory Sweep Complete, Elapsed Time: 00:01:30
9:05 AM: Starting Registry Sweep
9:05 AM: Registry Sweep Complete, Elapsed Time:00:00:08
9:05 AM: Starting Cookie Sweep
9:05 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
9:05 AM: Starting File Sweep
9:05 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp143\a0046550.ocx". Access is denied
9:05 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp143\a0046546.dll". Access is denied
9:05 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp152\a0046879.ocx". Access is denied
9:05 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\ccleaner\uninst.exe". Access is denied
9:05 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp143\a0046552.dll". Access is denied
9:05 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp191\a0058677.dll". Access is denied
9:05 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\ewido security suite.lnk". Access is denied
9:05 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp191\a0058681.ocx". Access is denied
9:05 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp143\a0046543.dll". Access is denied
9:05 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp168\a0048527.dll". Access is denied
9:05 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp143\a0046549.ocx". Access is denied
9:05 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp191\a0058674.dll". Access is denied
9:06 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp152\a0046872.dll". Access is denied
9:06 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp191\a0058675.ini". Access is denied
9:06 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\ccleaner\winsys.ini". Access is denied
9:06 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp168\a0048519.ini". Access is denied
9:06 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp168\a0048525.ocx". Access is denied
9:06 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp168\a0048600.exe:zone.identifier". Access is denied
9:06 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp152\a0046873.ini". Access is denied
9:06 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp143\a0046545.ini". Access is denied
9:06 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp191\a0058676.ini". Access is denied
9:06 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\aswclnr.log". Access is denied
9:06 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp191\a0058683.dll". Access is denied
9:06 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\ccleaner\winreg.ini". Access is denied
9:06 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp143\a0046553.dll". Access is denied
9:06 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\ccleaner\history.txt". Access is denied
9:06 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp143\a0046544.ini". Access is denied
9:06 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp152\a0046881.dll". Access is denied
9:07 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp168\a0048518.dll". Access is denied
9:07 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp168\a0048520.ini". Access is denied
9:07 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp168\a0048528.dll". Access is denied
9:07 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp168\a0048598.exe:zone.identifier". Access is denied
9:07 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp191\a0058678.ocx". Access is denied
9:07 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\simple user interface.txt". Access is denied
9:07 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp143\a0046551.ocx". Access is denied
9:08 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp168\a0048521.dll". Access is denied
9:08 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\ad-aware se personal.lnk". Access is denied
9:08 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp143\a0046556.exe". Access is denied
9:08 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\aswclnr.exe". Access is denied
9:09 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp191\a0058679.ocx". Access is denied
9:11 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp152\a0046876.ocx". Access is denied
9:11 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp152\a0046877.ocx". Access is denied
9:11 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp143\a0046542.ini". Access is denied
9:11 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp152\a0046871.ini". Access is denied
9:12 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp152\a0046874.ini". Access is denied
9:12 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp152\a0046875.dll". Access is denied
9:12 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp191\a0058680.ocx". Access is denied
9:12 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\ccleaner\cclistbar.ocx". Access is denied
9:12 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp152\a0046882.dll". Access is denied
9:12 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp191\a0058682.ocx". Access is denied
9:12 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp152\a0046870.exe". Access is denied
9:13 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp152\a0046878.ocx". Access is denied
9:13 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp152\a0046880.ocx". Access is denied
9:13 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp152\a0046883.exe". Access is denied
9:13 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp191\a0058672.exe". Access is denied
9:13 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp143\a0046547.ocx". Access is denied
9:13 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp168\a0048600.exe". Access is denied
9:13 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp143\a0046541.exe". Access is denied
9:13 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp143\a0046548.ocx". Access is denied
9:13 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp168\a0048601.exe". Access is denied
9:13 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp168\a0048601.exe:zone.identifier". Access is denied
9:13 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp191\a0058687.exe". Access is denied
9:13 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp168\a0048523.ocx". Access is denied
9:13 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp168\a0048524.ocx". Access is denied
9:13 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp168\a0048526.ocx". Access is denied
9:13 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp168\a0048531.exe". Access is denied
9:13 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp168\a0048516.exe". Access is denied
9:13 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp168\a0048522.ocx". Access is denied
9:14 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\regcleaner.lnk". Access is denied
9:14 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp168\a0048598.exe". Access is denied
9:14 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp168\a0048517.ini". Access is denied
9:15 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\ccleaner\ccleaner.exe". Access is denied
9:15 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\ccleaner\winapp.ini". Access is denied
9:15 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\ccleaner\ccleaner.dll". Access is denied
9:15 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\ccleaner\ccsubtimer.dll". Access is denied
9:15 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\ccleaner\cctreeview.ocx". Access is denied
9:15 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\ccleaner\cclistview.ocx". Access is denied
9:15 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\ccleaner\cctab.ocx". Access is denied
9:15 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\ccleaner\cchelper.ocx". Access is denied
9:15 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\ccleaner\ccsystem.dll". Access is denied
9:15 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp191\a0058684.dll". Access is denied
9:15 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\ccleaner\lang-1033.dll". Access is denied
9:16 AM: Warning: Failed to open file "c:\system volume information\_restore{0226b6d0-9c07-49d6-95e5-b4b55b38861b}\rp191\a0058673.ini". Access is denied
9:19 AM: Warning: Unhandled Archive Type
9:19 AM: Warning: Unhandled Archive Type
9:19 AM: File Sweep Complete, Elapsed Time: 00:14:34
9:19 AM: Full Sweep has completed. Elapsed time 00:16:15
9:19 AM: Traces Found: 0
********
10:57 AM: | Start of Session, Saturday, 12 November 2005 |
10:57 AM: Spy Sweeper started
10:57 AM: Sweep initiated using definitions version 572
10:57 AM: Starting Memory Sweep
11:00 AM: Memory Sweep Complete, Elapsed Time: 00:02:50
11:00 AM: Starting Registry Sweep
11:00 AM: Registry Sweep Complete, Elapsed Time:00:00:08
11:00 AM: Starting Cookie Sweep
11:00 AM: Found Spy Cookie: apmebf cookie
11:00 AM: grant larven@apmebf[1].txt (ID = 2229)
11:00 AM: Found Spy Cookie: atwola cookie
11:00 AM: grant larven@atwola[1].txt (ID = 2255)
11:00 AM: Found Spy Cookie: azjmp cookie
11:00 AM: grant larven@azjmp[2].txt (ID = 2270)
11:00 AM: Found Spy Cookie: bannerspace cookie
11:00 AM: grant larven@bannerspace[1].txt (ID = 2284)
11:00 AM: Found Spy Cookie: belnk cookie
11:00 AM: grant larven@belnk[1].txt (ID = 2292)
11:00 AM: grant larven@dist.belnk[2].txt (ID = 2293)
11:00 AM: Found Spy Cookie: gamespy cookie
11:00 AM: grant larven@gamespy[2].txt (ID = 2719)
11:00 AM: Found Spy Cookie: pricegrabber cookie
11:00 AM: grant larven@pricegrabber[1].txt (ID = 3185)
11:00 AM: Found Spy Cookie: directtrack cookie
11:00 AM: grant larven@sideshow.directtrack[2].txt (ID = 2528)
11:00 AM: Found Spy Cookie: starware.com cookie
11:00 AM: grant larven@starware[2].txt (ID = 3441)
11:00 AM: Found Spy Cookie: toplist cookie
11:00 AM: grant larven@toplist[1].txt (ID = 3557)
11:00 AM: Found Spy Cookie: tracking cookie
11:00 AM: grant larven@tracking[2].txt (ID = 3571)
11:00 AM: Found Spy Cookie: clixgalore cookie
11:00 AM: grant larven@www.clixgalore[1].txt (ID = 2417)
11:00 AM: Found Spy Cookie: screensavers.com cookie
11:00 AM: grant larven@www.screensavers[1].txt (ID = 3298)
11:00 AM: Cookie Sweep Complete, Elapsed Time: 00:00:02
11:00 AM: Starting File Sweep
11:00 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\ccleaner\uninst.exe". Access is denied
11:01 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\ccleaner\winsys.ini". Access is denied
11:02 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\aswclnr.log". Access is denied
11:02 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\ccleaner\winreg.ini". Access is denied
11:02 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\ccleaner\history.txt". Access is denied
11:04 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\simple user interface.txt". Access is denied
11:04 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\ad-aware se personal.lnk". Access is denied
11:05 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\aswclnr.exe". Access is denied
11:08 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\ccleaner\cclistbar.ocx". Access is denied
11:10 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\ccleaner\ccleaner.exe". Access is denied
11:10 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\ccleaner\winapp.ini". Access is denied
11:10 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\ccleaner\ccleaner.dll". Access is denied
11:10 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\ccleaner\ccsubtimer.dll". Access is denied
11:10 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\ccleaner\cctreeview.ocx". Access is denied
11:10 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\ccleaner\cclistview.ocx". Access is denied
11:10 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\ccleaner\cctab.ocx". Access is denied
11:10 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\ccleaner\cchelper.ocx". Access is denied
11:10 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\ccleaner\ccsystem.dll". Access is denied
11:10 AM: Warning: Failed to open file "c:\documents and settings\robyn larven\desktop\anti viral\ccleaner\lang-1033.dll". Access is denied
11:13 AM: Warning: Unhandled Archive Type
11:13 AM: Warning: Unhandled Archive Type
11:13 AM: Warning: Unhandled Archive Type
11:19 AM: Warning: Unhandled Archive Type
11:19 AM: Warning: Unhandled Archive Type
11:19 AM: File Sweep Complete, Elapsed Time: 00:19:02
11:19 AM: Full Sweep has completed. Elapsed time 00:22:04
11:19 AM: Traces Found: 14
11:20 AM: Removal process initiated
11:20 AM: Quarantining All Traces: apmebf cookie
11:20 AM: Quarantining All Traces: atwola cookie
11:20 AM: Quarantining All Traces: azjmp cookie
11:20 AM: Quarantining All Traces: bannerspace cookie
11:20 AM: Quarantining All Traces: belnk cookie
11:20 AM: Quarantining All Traces: clixgalore cookie
11:20 AM: Quarantining All Traces: directtrack cookie
11:20 AM: Quarantining All Traces: gamespy cookie
11:20 AM: Quarantining All Traces: pricegrabber cookie
11:20 AM: Quarantining All Traces: screensavers.com cookie
11:20 AM: Quarantining All Traces: starware.com cookie
11:20 AM: Quarantining All Traces: toplist cookie
11:20 AM: Quarantining All Traces: tracking cookie
11:20 AM: Removal process completed. Elapsed time 00:00:01
11:21 AM: Deletion from quarantine initiated
11:21 AM: Processing: apmebf cookie
11:21 AM: Processing: atwola cookie
11:21 AM: Processing: azjmp cookie
11:21 AM: Processing: bannerspace cookie
11:21 AM: Processing: belnk cookie
11:21 AM: Processing: clixgalore cookie
11:21 AM: Processing: directtrack cookie
11:21 AM: Processing: gamespy cookie
11:21 AM: Processing: pricegrabber cookie
11:21 AM: Processing: screensavers.com cookie
11:21 AM: Processing: starware.com cookie
11:21 AM: Processing: toplist cookie
11:21 AM: Processing: tracking cookie
11:21 AM: Deletion from quarantine completed. Elapsed time 00:00:00
5:51 PM: IE Security Shield: found: C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE -- IE Security modification allowed at user request
5:54 PM: IE Security Shield: found: C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE -- IE Security modification allowed at user request
9:01 AM: Updating spyware definitions
9:01 AM: Your spyware definitions have been updated.
9:03 AM: | End of Session, Wednesday, 16 November 2005 |
********
10:53 AM: | Start of Session, Saturday, 12 November 2005 |
10:53 AM: Spy Sweeper started
10:54 AM: Your spyware definitions have been updated.
10:57 AM: | End of Session, Saturday, 12 November 2005 |

good news apparently!

with the HJT - I know I've got something ticked as being safe (ie it doesn't scan it every time .. how di I get into that and have that checked out and confirmed at this time as still being safe?
  • 0

#9
andydf

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
Hi jetett

It is not a good idea to delete files from your PC without knowing what they are or do, can you post the full file path for each of the 15 files you are trying to delete, i.e. C:\folder\file.

I am not sure what you mean by this

with the HJT - I know I've got something ticked as being safe (ie it doesn't scan it every time .. how di I get into that and have that checked out and confirmed at this time as still being safe?


I think you may be referring to the ignore list in HJT. To check this open HJT and click on config then click the ignore list tab, to check if anything is in there.

Andy :tazz:
  • 0

#10
Jetett

Jetett

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
morning Andy

Yes, it is the ignore list I was referring to. How would I either return that to the un-ignore list and start again, or copy it for a quick expert perusal?

Options are not really evident to me .. :tazz:
  • 0

#11
andydf

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
Hi jetett

After following the instuctions to view the ignore list from my last post, what is showing when you open it? If the page is blank then there is nothing in the list.

Please follow the instuctions below.
Step #1 - Create a New Restore Point

Go - Start>Programmes>Accessories>System Tools>System Restore>Create a New Restore point.

Step #2 - Flush All Previous Points

Go - Start>Programmes>Accessories>System Tools>Disc Cleanup>"More Options" Tab>Remove All But Most Recent Point.
Please run this online virus scan: ActiveScan
and post the log it creates.

Andy :tazz:
  • 0

#12
andydf

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP