View Full Version : Windows cannot access the specified file
Chipmunk
2009-04-23, 15:34
When I try to run Spybot S & D (with right click on the desktop icon and run as Administrator) I get the message: 'Windows cannot access the specified file. You may not have the appropriate permission to access this item.' The file concerned is SpybotSD.exe.
After looking through the forum I tried running in diagnostic startup but I got the same message.
I then uninstalled Spybot S & D and installed again (running the install as Administrator). The program installed and ran ok and I was able to update and do a full scan (no problems found). However, when I closed the program and then tried to run it again (by right clicking on the desktop icon and running as Administrator) I end up with the same message that windows cannot access the specified file...
Interestingly I find that I can run the program by clicking on the teatimer icon (near the clock) but of course I cannot use the program properly because I am not running it as administrator.
Can someone please advise how I can solve this problem? I use Vista Home and have AVG, Comodo firewall, Spyblaster and AdAware and my version of Spybot S & D is 1.6.2.46.
First,show Hidden Files and Folders,please:
http://www.bleepingcomputer.com/tutorials/tutorial130.html
Then,go to C:\Program Files\Spybot - Search & Destroy.
Rightclick SpybotSD.exe.Click Properties.Under the General Tab,do you see this?
"Security : This file came from another computer and might be blocked to help protect this computer."
Chipmunk
2009-04-24, 13:12
Thanks for the reply. I have done as you suggest but the general tab does not show the warning you described. The file size is 5.11 MB.
One interesting thing I have noticed is that the file was created on 23 April 2009 but was modified on 26 January 2009! The attributes show Read-only with a tick and Hidden with a greyed tick. I don't know if any of this helps?
One interesting thing I have noticed is that the file was created on 23 April 2009 but was modified on 26 January 2009!
That's normal,mine is the same. :)
The Read-only with a tick and Hidden with a greyed tick is normal,and the file size is,too.
Is Spybot the only app you've had this happen with when you rightclick and run as admin?
Could you rightclick the Spybot desktop icon,select Properties,then the Security tab.If it's not too much trouble,could you tell me what has checkmarks beside them in each section,i.e. when you click on System,does Full Control have a check beside it,etc.
Chipmunk
2009-04-25, 19:04
Thanks again - and for confirming that the information I provided was 'normal'!
Yes, Spybot is the only app I have had this problem with.
On the Properties/Security there are three names (including SYSTEM). All three have ticks in the 'Allow' column for: Full control, Modify, Read & Execute, Read, Write. The Special permissions is blank. The 'Deny' column is blank too.
You're welcome. :)
On the Properties/Security there are three names (including SYSTEM). All three have ticks in the 'Allow' column for: Full control, Modify, Read & Execute, Read, Write. The Special permissions is blank. The 'Deny' column is blank too.
Those are all as they should be,then.
I tried putting Spybot into compatibility mode for XP service pack 2,to see if I could gear up something you could use in the meantime,until I can see if I can come up with something better.
However,when I put mine into compatibility mode,looks like Spybot can't open.
You can try it with yours,though,and see what happens.
Rightclick the Spybot desktop icon,select Properties,go to the compatibility tab.Put a checkmark beside Run this program in compatibility mode for:,then in the dropdown box select XP service pack 2,click apply and then OK.
Reboot,and try opening Spybot.
If it comes up that Spybot can't open,just go back into Properties->Compatibility tab,and remove the checkmark,click Apply and Ok.
In the meantime,I'll dig around and see what else I can come up with. :)
Oh,yes,almost forgot.You could rehide hidden files and folders if you wish.Probably don't need them unhidden,for now.
Just reverse the changes you made here:
http://www.bleepingcomputer.com/tutorials/tutorial130.html
Chipmunk
2009-04-26, 16:54
I had already put the hidden files etc back to 'normal'; but thanks for the reminder - better to be safe than sorry! :)
I tried the XP SP2 compatability mode as you suggested but I am afraid I still get the same message 'Windows cannot access the specified file...' so I will await the results of your 'digging around'.
Thanks very much for all your help so far and for sticking with the problem.
Good,glad you put the hidden files back.
You're welcome. :)
If you open Spybot from the desktop without rightclicking and running as admin,do you get the same message?
Also,this will sound strange,I know,but there's a method to my madness. :D: Could you click the start menu,All Programs,click on Spybot-Search & Destroy folder icon to open it,then rightclick Spybot-Search & Destroy,select run as admin,and let me know if you get the same "windows cannot access the specified file' message.
Chipmunk
2009-04-28, 13:43
Sorry for the delay - we were out all day yesterday. :)
I have tried the two suggestions you made and I get exactly the same message on both occasions as I got before, ie Windows cannot access the specified file. :sad:
Sorry for the delay - we were out all day yesterday. :)
No problem. :)
Could you rightclick AVG,select Open AVG Interface,click History up top,then Virus Vault?In the path to file section,at the end,is there anything that seems like it might be a spybot file?Like SpybotSD.exe,for example.
Chipmunk
2009-04-29, 15:59
Thanks for this. Most of the entries in that file relate to cookies. The ones that don't were to do with Realplayer, Flash and a PUP viruscleaner.dll. At the end of the list are 3 items with N/A in the path to file list and these are infections that were stored in 2008 - well before this present problem was experienced. :scratch:
Hello.Sorry for the delay. :)
Well,since Spybot will run for you from rightclicking Teatimer,let's try this and see what happens:
Please show hidden files and folders,once again.
http://www.bleepingcomputer.com/tutorials/tutorial130.html
Navigate to C:\Program Files\Spybot - Search & Destroy
Rightclick SpybotSD.exe,go to the compatibility tab.Under Privilege Level,check mark Run this program as an administrator,click Apply,and OK.Go back to your desktop,and rightclick Teatimer down by the clock,and select Run Spybot S&D.What happens then,do you get a prompt from UAC,or do you get the same 'Windows cannot access the specified file. You may not have the appropriate permission to access this item.' message?
Chipmunk
2009-05-01, 13:21
No problem; I'm glad you take a break occasionally! :laugh:
Yes, this latest suggestion of yours does work. Out of interest I then tried using the normal desktop icon and running as administrator but the same message 'Windows cannot access the specified file...' still appears.
I have left the tick in the privilege level to run as administrator but hidden the files again - until I hear more from you.
Chipmunk
2009-05-01, 20:29
I don't know if this will help... I have just tried SAFE mode and the problem is no longer there; everything worked normally! :)
I was under the impression that diagnostic start up mode was very similar to SAFE mode as only basic drivers etc are loaded. However, clearly there is a difference. Sorry if I have led you astray somewhat but hopefully this may help you to guide me to find a full solution to the problem.
I have left the tick in the privilege level to run as administrator but hidden the files again - until I hear more from you.
Perfect.Please leave it just like that for now.You're doing great. :)
I'm glad that Spybot will run in admin mode from rightclicking Teatimer.
And yes,you running Spybot while in safe mode was very helpful. :)
Could you login to Windows in normal mode and start Spybot via rightclicking Teatimer,say yes to the UAC prompt.Click mode,then Advanced mode.Click the Tools section,then select the System startup tool.Click your right mouse button somewhere on the list,and select Copy to clipboard,then paste it here,please.
Chipmunk
2009-05-03, 13:24
I hope I have got this right! Details are as follows:
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2007-06-21 unins000.exe (51.41.0.0)
2009-04-23 unins001.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2009-03-25 Includes\Adware.sbi
2009-04-28 Includes\AdwareC.sbi
2009-01-22 Includes\Cookies.sbi
2009-03-31 Includes\Dialer.sbi
2009-04-21 Includes\DialerC.sbi
2009-01-22 Includes\HeavyDuty.sbi
2009-04-21 Includes\Hijackers.sbi
2009-04-28 Includes\HijackersC.sbi
2009-03-17 Includes\Keyloggers.sbi
2009-04-28 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2009-04-07 Includes\Malware.sbi
2009-04-28 Includes\MalwareC.sbi
2009-03-25 Includes\PUPS.sbi
2009-04-28 Includes\PUPSC.sbi
2009-01-22 Includes\Revision.sbi
2009-01-13 Includes\Security.sbi
2009-04-21 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2009-04-07 Includes\Spyware.sbi
2009-04-28 Includes\SpywareC.sbi
2009-04-07 Includes\Tracks.uti
2009-04-29 Includes\Trojans.sbi
2009-04-29 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 35696
MD5: 452FA961163EF4AEE4815796A13AB2CF
Located: HK_LM:Run, AVG8_TRAY
command: C:\PROGRA~1\AVG\AVG8\avgtray.exe
file: C:\PROGRA~1\AVG\AVG8\avgtray.exe
size: 1932568
MD5: CB0BC853D84A61457AA9DB16C46DA07E
Located: HK_LM:Run, COMODO Firewall Pro
command: "C:\Program Files\COMODO\Firewall\cfp.exe" -h
file: C:\Program Files\COMODO\Firewall\cfp.exe
size: 1851128
MD5: 199B6E9E030548F6A0E914C624A5FF6D
Located: HK_LM:Run, COMODO Internet Security
command: "C:\Program Files\COMODO\Firewall\cfp.exe" -h
file: C:\Program Files\COMODO\Firewall\cfp.exe
size: 1851128
MD5: 199B6E9E030548F6A0E914C624A5FF6D
Located: HK_LM:Run, SMSTray
command: C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
file: C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
size: 132624
MD5: 8E2E19D483FCC452E7BF7A49FA1B06D8
Located: HK_LM:Run, SoundMan
command: SOUNDMAN.EXE
file: C:\Windows\SOUNDMAN.EXE
size: 604704
MD5: 6C7F8345500A75EBF0C3F325B305CE50
Located: HK_LM:Run, StartCCC
command: "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
file: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
size: 61440
MD5: C95EE92F09CA395A4EDD039D8F49DF0F
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 136600
MD5: B98FFA8288EFAABC436C30D198608345
Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 185896
MD5: 89D583FC41D48328128A974C25AFAEB7
Located: HK_LM:Run, Windows Defender
command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E
Located: HK_LM:Run, Adobe Reader Speed Launcher (DISABLED)
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, Microsoft Works Portfolio (DISABLED)
command: C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
file: C:\Program Files\Microsoft Works\WksSb.exe
size: 331830
MD5: 93A5FC4337DF3ED8546755B26C4B1E75
Located: HK_LM:Run, Microsoft Works Update Detection (DISABLED)
command: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
file: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
size: 28738
MD5: 5AC34C17115D3818DC9C9F5B2D909858
Located: HK_LM:Run, MoneyStartUp10.0 (DISABLED)
command: "C:\Program Files\Microsoft Money\System\Activation.exe"
file: C:\Program Files\Microsoft Money\System\Activation.exe
size: 245810
MD5: C3324C371D673330812DB9311112D7EC
Located: HK_LM:Run, TomTomHOME.exe (DISABLED)
command: "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
file: C:\Program Files\TomTom HOME\TomTomHOME.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, Sidebar
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6
Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-19...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 83E4A5435B0FA6AD0166722621A04725
Located: HK_CU:Run, Sidebar
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6
Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-20...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 83E4A5435B0FA6AD0166722621A04725
Located: HK_CU:Run, ehTray.exe
where: S-1-5-21-2775147017-1924569671-740138590-1000...
command: C:\Windows\ehome\ehTray.exe
file: C:\Windows\ehome\ehTray.exe
size: 125952
MD5: BF08674925F151BD4537B89A493E3E0C
Located: HK_CU:Run, Microsoft Works Update Detection
where: S-1-5-21-2775147017-1924569671-740138590-1000...
command: C:\Program Files\Microsoft Works\WkDetect.exe
file: C:\Program Files\Microsoft Works\WkDetect.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, Sidebar
where: S-1-5-21-2775147017-1924569671-740138590-1000...
command: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
file: C:\Program Files\Windows Sidebar\sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-2775147017-1924569671-740138590-1000...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
Located: HK_CU:Run, TomTomHOME.exe
where: S-1-5-21-2775147017-1924569671-740138590-1000...
command: "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
file: C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
size: 251240
MD5: 325823A094DF00533DF23393E9E78BB2
Located: HK_CU:Run, WMPNSCFG
where: S-1-5-21-2775147017-1924569671-740138590-1000...
command: C:\Program Files\Windows Media Player\WMPNSCFG.exe
file: C:\Program Files\Windows Media Player\WMPNSCFG.exe
size: 202240
MD5: 35937EAD711207544E219C2A19A78A7D
Located: HK_CU:Run, Microsoft Works Update Detection (DISABLED)
where: S-1-5-21-2775147017-1924569671-740138590-1000...
command: C:\Program Files\Microsoft Works\WkDetect.exe
file: C:\Program Files\Microsoft Works\WkDetect.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, MoneyAgent (DISABLED)
where: S-1-5-21-2775147017-1924569671-740138590-1000...
command: "C:\Program Files\Microsoft Money\System\Money Express.exe"
file: C:\Program Files\Microsoft Money\System\Money Express.exe
size: 188472
MD5: 030AA5152B4B6BAB24F4A605737BC3D2
Located: Startup (common), Microsoft Office.lnk (DISABLED)
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5BC65464354A9FD3BEAA28E18839734A
Located: Startup (common), Microsoft Works Calendar Reminders.lnk (DISABLED)
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
file: C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
size: 24633
MD5: 39FDFD34F7B04290D1BC53E3D6EC7D83
Yes,you got it right. :)
Located: HK_LM:Run, COMODO Internet Security
command: "C:\Program Files\COMODO\Firewall\cfp.exe" -h
file: C:\Program Files\COMODO\Firewall\cfp.exe
size: 1851128
MD5: 199B6E9E030548F6A0E914C624A5FF6D
Do you have Comodo antivirus,along with Comodo firewall?
Also,could you rightclick the Spybot desktop icon,select Properties,then shortcut.In the box next to Target:,could you copy and paste the info from that box to here?It probably looks something like this:
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /advancedmode
Chipmunk
2009-05-03, 20:36
No, I have AVG for antivirus.
The Target info is:
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
There is definitely nothing after exe" - but no doubt you will know if that is significant!
Incidentally, I found that I was unable to run MS Flight Simulator 2002 earlier today (haven't tried it for some time). It didn't run; I ended up with a black screen and had to use the reboot button (control alt del didn't work) to get the computer back to life again. I looked on Comodo forum and found that I was able to get the program running by putting the firewall and Defence+ into training mode and then running FS2002. I was then able to reset the firewall and Defence+ to SAFE mode and all is now well with FS2002. Ignore all this about FS2002 if it is not relevant to my spybot problem. :laugh:
No,it's okay not to have anything after the .exe.
Do you have the link to the info on Comodo forum that helped you run flight simulator?If so,could you post it so I can look,please? :)
Chipmunk
2009-05-05, 18:06
Here is the link I found:
http://forums.comodo.com/empty-t35007.0.html
The advice was given by 'Panic' reply no 1 on 22 February. :)
Ok,thanks for posting the link. :)
Could you try this?
Disconnect from the Internet.
Rightclick the avg icon down by the clock,select Open AVG Interface.
Doubleclick Resident Shield.Remove the checkmark from beside Resident Shield active.Click Save Changes,and click Continue when prompted by UAC.
Rightclick the Spybot icon,select Run As Admin.
When done,Open AVG Interface.Doubleclick Resident Shield and put the checkmark back beside Resident Shield active,and Save Changes once again.
Did you get the same 'Windows cannot access the specified file. You may not have the appropriate permission to access this item.' message?
Chipmunk
2009-05-06, 17:58
Yes, I get the same message. :)
Ok,thanks. :)
In Comodo firewall,could you go to the advanced section of Defense+ Tasks.On the General Settings tab,could you adjust the slider to Disabled?Then click Apply.
Rightclick the Spybot desktop icon, and select Run As Admin.
Did you get the same 'Windows cannot access the specified file. You may not have the appropriate permission to access this item.' message?
Once done,please go back into Comodo,and reset the slider back to where you originally had it before,and click Apply.
Also,when you originally installed Spybot can you remember if Comodo defense + was set to Installation Mode?
Chipmunk
2009-05-07, 13:46
I don't get the message. That works! :laugh:
I can't put hand on heart and say definitely that I did put Comodo into installation mode - but I normally do when I install and get the Comodo prompt. I certainly don't put Comodo into installation mode before I start an install. I did re-install Spybot when I first had the problem and as the problem did not disappear that must mean that I would have failed to put Comodo into installation mode on 2 occasions if that might cause the problem.
Is it worth trying to put Comodo into training mode and trying to run Spybot - as I did with the FS2002? You have been so good at helping me so far that I don't want to try anything without your approval! I realise that you are probably going through a sequence and my doing something might interfere with that.
Good,glad that worked. :)
I wanted to know if defense+ was in installation mode when installing Spybot,in case Spybot didn't start when shutting down defense +,so I'd have some idea where to go from there,so no harm. :)
No,you shouldn't need to put Comodo into training mode.
Spybot likely is in your blocked files in defense+,and that is why Spybot can't run.If it's listed under your "My Blocked Files",we should be able to unblock Spybot.
Could you open Comodo,then go to Defense+ tasks->Common Tasks->My Blocked Files?Under File name,do you see anything listed there similar to
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe?
Chipmunk
2009-05-08, 18:29
When I go to Defence+ My Blocked Files I see the message: 'There are no items to show'! :scratch:
I presume I don't need to go through the process of showing hidden files etc before I check My Blocked Files?
I presume I don't need to go through the process of showing hidden files etc before I check My Blocked Files?
I wouldn't think you'd have to,but you could try it if you like. :)
Could you try viewing View Defense+ Events.Is there anything there that seems related to Spybot S&D?
Also,could you go to Defense+ Tasks->Common Tasks->My Pending Files,and let me know what is there,or if there is anything that seems related to Spybot?
Also,could you go to Defense+->Advanced->Computer Security Policy.Is there anything that seems related to Spybot in there?
Chipmunk
2009-05-11, 18:31
Sorry for the delay - my broadband service disappeared and I had to wait for an engineer to fit a new modem! Also, there was a lot of information to copy. :)
I tried showing hidden files etc; you are right - it didn't make any difference!
For the Defence+ Events I was able to use filters and the details are as follows:
COMODO Internet Security Logs
Table : Defence+ Logs
Date Created : 11/05/2009 15:51:31
Log Scope : All The Times
Filter : [Application Name] LIKE ''%spybot%''
Records count : 5
Date/Time Application Action Target
14/02/2009 11:24:50 \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SDWinSec.exe Modify Key HKLM\SYSTEM\ControlSet002\Services\Eventlog\Application\SNL HiveManager\EventMessageFile
17/04/2009 12:01:40 \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe Access Memory \Device\HarddiskVolume1\Program Files\COMODO\Firewall\cfp.exe
17/04/2009 12:10:54 \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\TeaTimer.exe Access COM Interface Shell.Explorer.1
21/04/2009 17:07:00 \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe Access Memory \Device\HarddiskVolume1\Program Files\COMODO\Firewall\cfp.exe
23/04/2009 10:42:09 \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe Access Memory \Device\HarddiskVolume1\Program Files\COMODO\Firewall\cfp.exe
End of The Report
COMODO Internet Security Logs
Table : Defence+ Logs
Date Created : 11/05/2009 15:52:48
Log Scope : All The Times
Filter : [Target Process Name] LIKE ''%spybot%''
Records count : 51
Date/Time Application Action Target
09/02/2009 18:21:15 \Device\HarddiskVolume1\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe Send Message \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\TeaTimer.exe
13/02/2009 13:07:01 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
24/03/2009 11:45:40 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
16/04/2009 14:18:00 \Device\HarddiskVolume1\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe Access Memory \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\TeaTimer.exe
17/04/2009 11:40:57 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
17/04/2009 11:41:09 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
17/04/2009 11:42:11 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
17/04/2009 11:42:46 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
17/04/2009 11:45:36 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
17/04/2009 12:09:53 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
17/04/2009 12:17:54 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
17/04/2009 12:18:14 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
17/04/2009 18:08:24 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
17/04/2009 18:09:36 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
17/04/2009 18:10:26 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
18/04/2009 15:32:10 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
21/04/2009 17:02:24 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
21/04/2009 17:02:40 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
21/04/2009 17:10:20 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
21/04/2009 17:39:29 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
22/04/2009 10:49:47 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
22/04/2009 10:53:54 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
22/04/2009 11:03:41 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
22/04/2009 17:42:47 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
22/04/2009 17:43:10 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
22/04/2009 17:44:58 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
22/04/2009 18:06:18 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
22/04/2009 18:08:06 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
23/04/2009 10:41:08 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
23/04/2009 10:45:59 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
23/04/2009 10:57:14 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
23/04/2009 11:05:27 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
23/04/2009 11:05:37 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
23/04/2009 11:44:33 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
23/04/2009 13:30:02 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
24/04/2009 11:15:43 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
25/04/2009 17:09:09 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
26/04/2009 14:44:51 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
26/04/2009 14:45:32 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
26/04/2009 15:04:11 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
28/04/2009 11:39:10 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
28/04/2009 11:39:37 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
29/04/2009 17:50:50 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
01/05/2009 11:12:46 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
01/05/2009 17:47:22 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
01/05/2009 17:48:05 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
01/05/2009 18:12:37 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
01/05/2009 18:17:46 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
03/05/2009 17:44:17 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
06/05/2009 15:50:53 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
11/05/2009 15:28:10 \Device\HarddiskVolume1\Windows\explorer.exe Create Process \Device\HarddiskVolume1\Program Files\Spybot - Search & Destroy\SpybotSD.exe
End of The Report
The Defence+ My Pending Files produces: 'There are no items to show'.
The Computer Security Policy information is shown below. I wasn't able to use filters this time so I hope I have copied everything!
Computer Security Policy
Application name Treat as
C:\Users|Brian|AppData\Local\Temp\is-PEE7S.tmp\teatimer 166.tmp Custom policy
C:\program Files|Spybot – Search & Destroy\Updates\teatimer 166.exe Custom policy
C:\Users|Brian|AppData\Local\Temp\is-J7Q5I.tmp\spybotsd 162.tmp Installer or Updater
C:\Users\Brian\Desltop\Downloads\spybot 162.exe Custom policy
All Applications
C:\Program Files\Spybot – Search & Destroy\TeaTimer.exe Custom policy
C:\Program Files\Spybot – Search & Destroy\SpybotSD.exe Custom policy
C:\Windows\System32|sddt.exe Custom policy
C:\Program Files\Spybot – Search & Destroy\SDUpdate.exe Installer or Updater
C:\Program Files\Spybot – Search & Destroy\Update.exe Custom policy
C:\Program Files\Spybot – Search & Destroy\SDwinSec.exe Custom policy
C:\Program Files\Spybot – Search & Destroy\unins001.exe Custom policy
Sorry to hear you had to get a new modem.
And thank you for showing me your logfiles. :) :)
Computer Security Policy
Application name Treat as
C:\Users|Brian|AppData\Local\Temp\is-PEE7S.tmp\teatimer 166.tmp Custom policy
C:\program Files|Spybot – Search & Destroy\Updates\teatimer 166.exe Custom policy
C:\Users|Brian|AppData\Local\Temp\is-J7Q5I.tmp\spybotsd 162.tmp Installer or Updater
C:\Users\Brian\Desltop\Downloads\spybot 162.exe Custom policy
All Applications
C:\Program Files\Spybot – Search & Destroy\TeaTimer.exe Custom policy
C:\Program Files\Spybot – Search & Destroy\SpybotSD.exe Custom policy
C:\Windows\System32|sddt.exe Custom policy
C:\Program Files\Spybot – Search & Destroy\SDUpdate.exe Installer or Updater
C:\Program Files\Spybot – Search & Destroy\Update.exe Custom policy
C:\Program Files\Spybot – Search & Destroy\SDwinSec.exe Custom policy
C:\Program Files\Spybot – Search & Destroy\unins001.exe Custom policy
I see a lot of those are Custom policies.Could you let me know what policies you created for Spybot?
Chipmunk
2009-05-13, 16:15
Details for each item are as follows:
C:\Users|Brian|AppData\Local\Temp\is-PEE7S.tmp\teatimer 166.tmp Custom policy
For all Access names the policy is Ask - except disk for which the policy is Allow
C:\program Files|Spybot – Search & Destroy\Updates\teatimer 166.exe Custom policy
For all Access names the policy is Ask
C:\Users|Brian|AppData\Local\Temp\is-J7Q5I.tmp\spybotsd 162.tmp Installer or Updater
Not Custom policy
C:\Users\Brian\Desltop\Downloads\spybot 162.exe Custom policy
For all Access names the policy is Ask
All Applications
C:\Program Files\Spybot – Search & Destroy\TeaTimer.exe Custom policy
For all Access names the policy is Ask - except Disk and Keyboard for which the policy is Allow
C:\Program Files\Spybot – Search & Destroy\SpybotSD.exe Custom policy
For Access name 'Run as executable' the policy is Ask; all other names the policy is Allow
C:\Windows\System32|sddt.exe Custom policy
For all Access names the policy is Ask - except Disk and Keyboard for which the policy is Allow
C:\Program Files\Spybot – Search & Destroy\SDUpdate.exe Installer or Updater
Not Custom policy
C:\Program Files\Spybot – Search & Destroy\Update.exe Custom policy
For all Access names the policy is Ask
C:\Program Files\Spybot – Search & Destroy\SDwinSec.exe Custom policy
For all Access names the policy is Ask - except Disk for which the policy is Allow
C:\Program Files\Spybot – Search & Destroy\unins001.exe Custom policy
For all Access names the policy is Ask
In all cases the Protection setting details are 'No'
I was surprised to see that I had got some Access names eg Keyboard and Disk set to Allow in some instances. Presumably this has happened if I have given permission when presented with a Comodo query and I failed to see a tick in the box to remember for the future. :)
Thanks for posting your custom policies. :)
C:\Windows\System32|sddt.exe Custom policy
For all Access names the policy is Ask - except Disk and Keyboard for which the policy is Allow
Is this part of the distributed testing?
http://forums.spybot.info/showthread.php?t=29452
I didn't take part in that,so don't know what the file path should be,but I see it on the Spybot download page. :)
I'm not sure if this would work because it says unknown files are supposed to generate alerts and your Spybotsd.exe just acts like it is blocked,but would you be willing to add Spybotsd.exe to 'My Own Safe Files' just to see what happens.?That would give it Defense+ trusted status.
I see that you add files to the My Own Safe Files by moving them from 'My Pending Files',but you could try and see if you can browse to
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe by clicking Add.You will need to show Hidden Files again.
Chipmunk
2009-05-14, 18:59
I didn't knowingly take part in any testing so I am not sure how the sddt.exe appeared; I presume it must form part of the normal install process.
My Defence+ Safe files has no items to show...
I did as you suggested and added SpybotSD.exe. Unfortunately this didn't produce any change; I still got the message 'Windows cannot access the specified file...' - so I have removed the file from Defence+ and I have hidden files and folders again pending further instructions.
I'm sorry this problem is proving so involved and I am very grateful for your continued help. At least I am learning a few things as we go along. :laugh:
I'm sorry this problem is proving so involved and I am very grateful for your continued help. At least I am learning a few things as we go along.
No problem at all. :)
And me too,before your posts,I didn't even know Comodo Defense+ existed. :)
I don't want it to be some little thing easily fixed/set,where I'm unfamiliar with Defense+,though,but before I get to that.......
The distributed testing client isn't part of the main Spybot app,that I know of.
Also,I grabbed a copy from the Spybot page,and sddt.exe just installed client testing,so unless a more up-to-date version installs that file there,I'm not certain it is part of distributed testing,plus you didn't knowngly install it.
So as a precaution,could you go to:
http://www.virustotal.com/
and browse to C:\Windows\System32\sddt.exe,then click Send File.
Please let me know here if anything was found in Results.No need to post the Results here,though,just let me know if anything was found.
Chipmunk
2009-05-15, 14:01
When I browsed to find the file sddt.exe I could not find it! I wondered if it could be a hidden or system type file so I went to Control Panel and set things to show all... but it still did not appear.
I right clicked on Computer and selected 'Explore' and used that to do an advanced search but still sddt.exe could not be found. As a test I did an advanced search for SpybotSD.exe and that appeared so I guess the file is no longer on my computer.
Perhaps the Defence+ entry relates to something much earlier? I could not find any date information in the Security Policy - but perhaps I am looking for that information in the wrong place! :confused:
Ok,sounds like sddt.exe is no longer present. :)
In Computer Security Policy,there should be a purge button,and it should check to see that all apps that policies were created for are still present,and if not,they're removed.
Would you be willing to ask about getting Defense+ set to allow spybotsd.exe to start at Comodo forums?There might be a simple way to set things right,and I could be missing it where I'm unfamiliar with Defense+.
http://forums.comodo.com/
You could show them this topic here,so they know the background on it:
http://forums.spybot.info/showthread.php?t=48000
And if you're ok with it,you could show me the link here to your topic there if you like,so I know what to do if this comes up again. :)
Chipmunk
2009-05-16, 20:20
Thanks for the reference to using the Purge facility. I tried that and had to purge twice before Comodo told me that all (remaining) entries were valid. Strangely though the sddt.exe file is still showing in the Comodo list!
I have done as you suggest and opened a query on the Comodo forum and the link is:
https://forums.comodo.com/firewall_help/spybot_search_destroy-t39525.0.html
I will let you know how things progress. :)
Chipmunk
2009-05-29, 17:28
The problem was finally solved by uninstalling Comodo 3.8 and installing the latest issue of Comodo 3.9. (For more information see the Comodo link above.) I am now able to run Spybot Search & Destroy by clicking on the Spybot icon on the desktop. :)
Thanks for all your help in bringing this matter to a satisfactory conclusion. :thanks:
Glad you got everything all fixed up. :)
Oh,yes.re:sddt.exe.
Where it showed up in Comodo's Security Policy once again even after uninstalling Comodo and installing a newer version,even though it doesn't seem to be present on your computer,you could get a malware helper's advice,if you like.
These are the procedures to follow:
http://forums.spybot.info/showthread.php?t=288
Malware removal:
http://forums.spybot.info/forumdisplay.php?f=22
If you do decide to post in malware removal,you could post a link to this thread if you like,so your helper knows what they are giving advice on.
http://forums.spybot.info/showthread.php?t=48000
Cheers. :)
neonfire999
2009-09-02, 01:38
Hi. I am having the same problem that Chipmunk was having at the begining of this thread. I was following along with what you were telling him to do and such and got to the part about right-clicking on SpybotSD.exe and i enabled hidden files and folders and went to "C:\Program Files\Spybot - Search & Destroy" and Spybot.exe does not exist. i have tried re-installing and it worked at the beginning and i updated and then started a scan and minimized and suddenly it was gone. I still have Spybot-S&D Resident running in the system tray and i right click and press "Run Spybot-S&D" and nothing happens. Thanks.
Did you also remove the checkmark from the checkbox labeled Hide protected operating system files?
Were you getting the 'Windows cannot access the specified file.You may not have the appropriate permission to access this item' message?And do you have Comodo firewall?
I'm having a problem that may be similar to the earlier posts, but...
System running XP Pro. I appear to have gotten some kind of malware that renders HyjackThis and Spybot inoperable. Once they've been run I cannot run them again. I get the message
Windows cannot access the specified device, path, or file.
SpybotSD.exe has been set to RHSA, as have several other files in the spybot directory. I cannot change the settings on SpybotSD.exe with attrib and cannot delete the file. I also cannot rename the file.
Since this is a dual boot system I booted into Vista and examined the SpybotSD.exe file. I took ownership and made sure I had permissions. Still cannot delete the file or rename it.
AVG hasn't found any problems on the system, but my browser gets redirected on links, and random browser windows pop up. Unfortunately, as I said earlier, whatever I've got is clobbering HyjackThis too, so I can see what's going on there either......
Ideas?
neonfire999
2009-09-02, 18:59
Did you also remove the checkmark from the checkbox labeled Hide protected operating system files?
Were you getting the 'Windows cannot access the specified file.You may not have the appropriate permission to access this item' message?And do you have Comodo firewall?
ok i unhid protected operating system files and now it shows up. and yes i get the same message when i try to open it. i do not have comondo firewall.
I'm having a problem that may be similar to the earlier posts, but...
System running XP Pro. I appear to have gotten some kind of malware that renders HyjackThis and Spybot inoperable. Once they've been run I cannot run them again. I get the message
Windows cannot access the specified device, path, or file.
SpybotSD.exe has been set to RHSA, as have several other files in the spybot directory. I cannot change the settings on SpybotSD.exe with attrib and cannot delete the file. I also cannot rename the file.
Since this is a dual boot system I booted into Vista and examined the SpybotSD.exe file. I took ownership and made sure I had permissions. Still cannot delete the file or rename it.
AVG hasn't found any problems on the system, but my browser gets redirected on links, and random browser windows pop up. Unfortunately, as I said earlier, whatever I've got is clobbering HyjackThis too, so I can see what's going on there either......
Ideas?
Hi. :)
You could ask for help in malware removal.
Please read the "Before you post" sticky topic.
http://forums.spybot.info/showthread.php?t=288
If the infection prevents HJT from running, please start a topic anyway and make note of the situation.
Malware Removal:
http://forums.spybot.info/forumdisplay.php?f=22
ok i unhid protected operating system files and now it shows up. and yes i get the same message when i try to open it. i do not have comondo firewall.
Ok,good,glad you can see spybotsd.exe now.
Do you also have Vista as your operating system?
Are you having any other noticeable problems with your computer?
neonfire999
2009-09-10, 03:48
Ok,good,glad you can see spybotsd.exe now.
Do you also have Vista as your operating system?
Are you having any other noticeable problems with your computer?
i have windows xp professional. i am having problems like when i click on a google link i redirects to somewhere else so i go back and try again till it brings me where i want. also avg shows that the email scanner is not active and i dont know how to put it back but i don't know if that is part of the problem. also my computer is running pretty slow and stuff like that. sorry it took so long to reply, havent been on the computer in a while.
sorry it took so long to reply, havent been on the computer in a while.
No problem. :)
For the AVG email scanning problem,you could try going to Start,then Run.Type SERVICES.MSC and hit OK.Scroll down to the AVG EMail Scanner service and make sure that it is set to Automatic startup setting and click the start button.
You might want to ask for help in the Malware Removal forum.
The instructions are here:
http://forums.spybot.info/showthread.php?t=288
Malware Removal:
http://forums.spybot.info/forumdisplay.php?f=22
neonfire999
2009-09-12, 00:41
No problem. :)
For the AVG email scanning problem,you could try going to Start,then Run.Type SERVICES.MSC and hit OK.Scroll down to the AVG EMail Scanner service and make sure that it is set to Automatic startup setting and click the start button.
You might want to ask for help in the Malware Removal forum.
The instructions are here:
http://forums.spybot.info/showthread.php?t=288
Malware Removal:
http://forums.spybot.info/forumdisplay.php?f=22
ok thanks, the services.msc thing didn't work but i think it has something to do with the infection. i started a forum here (http://forums.spybot.info/showthread.php?p=335530#post335530) relating to my problem since i can't open highjackthis either.
Good luck in malware removal. :)