Thanks for this. Most of the entries in that file relate to cookies. The ones that don't were to do with Realplayer, Flash and a PUP viruscleaner.dll. At the end of the list are 3 items with N/A in the path to file list and these are infections that were stored in 2008 - well before this present problem was experienced.
Hello.Sorry for the delay.
Well,since Spybot will run for you from rightclicking Teatimer,let's try this and see what happens:
Please show hidden files and folders,once again.
http://www.bleepingcomputer.com/tuto...torial130.html
Navigate to C:\Program Files\Spybot - Search & Destroy
Rightclick SpybotSD.exe,go to the compatibility tab.Under Privilege Level,check mark Run this program as an administrator,click Apply,and OK.Go back to your desktop,and rightclick Teatimer down by the clock,and select Run Spybot S&D.What happens then,do you get a prompt from UAC,or do you get the same 'Windows cannot access the specified file. You may not have the appropriate permission to access this item.' message?
Last edited by Zenobia; 2009-04-30 at 22:55.
No problem; I'm glad you take a break occasionally!
Yes, this latest suggestion of yours does work. Out of interest I then tried using the normal desktop icon and running as administrator but the same message 'Windows cannot access the specified file...' still appears.
I have left the tick in the privilege level to run as administrator but hidden the files again - until I hear more from you.
I don't know if this will help... I have just tried SAFE mode and the problem is no longer there; everything worked normally!
I was under the impression that diagnostic start up mode was very similar to SAFE mode as only basic drivers etc are loaded. However, clearly there is a difference. Sorry if I have led you astray somewhat but hopefully this may help you to guide me to find a full solution to the problem.
Perfect.Please leave it just like that for now.You're doing great.
I'm glad that Spybot will run in admin mode from rightclicking Teatimer.
And yes,you running Spybot while in safe mode was very helpful.
Could you login to Windows in normal mode and start Spybot via rightclicking Teatimer,say yes to the UAC prompt.Click mode,then Advanced mode.Click the Tools section,then select the System startup tool.Click your right mouse button somewhere on the list,and select Copy to clipboard,then paste it here,please.
Last edited by Zenobia; 2009-05-02 at 06:35.
I hope I have got this right! Details are as follows:
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2007-06-21 unins000.exe (51.41.0.0)
2009-04-23 unins001.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2009-03-25 Includes\Adware.sbi
2009-04-28 Includes\AdwareC.sbi
2009-01-22 Includes\Cookies.sbi
2009-03-31 Includes\Dialer.sbi
2009-04-21 Includes\DialerC.sbi
2009-01-22 Includes\HeavyDuty.sbi
2009-04-21 Includes\Hijackers.sbi
2009-04-28 Includes\HijackersC.sbi
2009-03-17 Includes\Keyloggers.sbi
2009-04-28 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2009-04-07 Includes\Malware.sbi
2009-04-28 Includes\MalwareC.sbi
2009-03-25 Includes\PUPS.sbi
2009-04-28 Includes\PUPSC.sbi
2009-01-22 Includes\Revision.sbi
2009-01-13 Includes\Security.sbi
2009-04-21 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2009-04-07 Includes\Spyware.sbi
2009-04-28 Includes\SpywareC.sbi
2009-04-07 Includes\Tracks.uti
2009-04-29 Includes\Trojans.sbi
2009-04-29 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 35696
MD5: 452FA961163EF4AEE4815796A13AB2CF
Located: HK_LM:Run, AVG8_TRAY
command: C:\PROGRA~1\AVG\AVG8\avgtray.exe
file: C:\PROGRA~1\AVG\AVG8\avgtray.exe
size: 1932568
MD5: CB0BC853D84A61457AA9DB16C46DA07E
Located: HK_LM:Run, COMODO Firewall Pro
command: "C:\Program Files\COMODO\Firewall\cfp.exe" -h
file: C:\Program Files\COMODO\Firewall\cfp.exe
size: 1851128
MD5: 199B6E9E030548F6A0E914C624A5FF6D
Located: HK_LM:Run, COMODO Internet Security
command: "C:\Program Files\COMODO\Firewall\cfp.exe" -h
file: C:\Program Files\COMODO\Firewall\cfp.exe
size: 1851128
MD5: 199B6E9E030548F6A0E914C624A5FF6D
Located: HK_LM:Run, SMSTray
command: C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
file: C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
size: 132624
MD5: 8E2E19D483FCC452E7BF7A49FA1B06D8
Located: HK_LM:Run, SoundMan
command: SOUNDMAN.EXE
file: C:\Windows\SOUNDMAN.EXE
size: 604704
MD5: 6C7F8345500A75EBF0C3F325B305CE50
Located: HK_LM:Run, StartCCC
command: "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
file: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
size: 61440
MD5: C95EE92F09CA395A4EDD039D8F49DF0F
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 136600
MD5: B98FFA8288EFAABC436C30D198608345
Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 185896
MD5: 89D583FC41D48328128A974C25AFAEB7
Located: HK_LM:Run, Windows Defender
command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E
Located: HK_LM:Run, Adobe Reader Speed Launcher (DISABLED)
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, Microsoft Works Portfolio (DISABLED)
command: C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
file: C:\Program Files\Microsoft Works\WksSb.exe
size: 331830
MD5: 93A5FC4337DF3ED8546755B26C4B1E75
Located: HK_LM:Run, Microsoft Works Update Detection (DISABLED)
command: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
file: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
size: 28738
MD5: 5AC34C17115D3818DC9C9F5B2D909858
Located: HK_LM:Run, MoneyStartUp10.0 (DISABLED)
command: "C:\Program Files\Microsoft Money\System\Activation.exe"
file: C:\Program Files\Microsoft Money\System\Activation.exe
size: 245810
MD5: C3324C371D673330812DB9311112D7EC
Located: HK_LM:Run, TomTomHOME.exe (DISABLED)
command: "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
file: C:\Program Files\TomTom HOME\TomTomHOME.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, Sidebar
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6
Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-19...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 83E4A5435B0FA6AD0166722621A04725
Located: HK_CU:Run, Sidebar
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6
Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-20...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 83E4A5435B0FA6AD0166722621A04725
Located: HK_CU:Run, ehTray.exe
where: S-1-5-21-2775147017-1924569671-740138590-1000...
command: C:\Windows\ehome\ehTray.exe
file: C:\Windows\ehome\ehTray.exe
size: 125952
MD5: BF08674925F151BD4537B89A493E3E0C
Located: HK_CU:Run, Microsoft Works Update Detection
where: S-1-5-21-2775147017-1924569671-740138590-1000...
command: C:\Program Files\Microsoft Works\WkDetect.exe
file: C:\Program Files\Microsoft Works\WkDetect.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, Sidebar
where: S-1-5-21-2775147017-1924569671-740138590-1000...
command: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
file: C:\Program Files\Windows Sidebar\sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-2775147017-1924569671-740138590-1000...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
Located: HK_CU:Run, TomTomHOME.exe
where: S-1-5-21-2775147017-1924569671-740138590-1000...
command: "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
file: C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
size: 251240
MD5: 325823A094DF00533DF23393E9E78BB2
Located: HK_CU:Run, WMPNSCFG
where: S-1-5-21-2775147017-1924569671-740138590-1000...
command: C:\Program Files\Windows Media Player\WMPNSCFG.exe
file: C:\Program Files\Windows Media Player\WMPNSCFG.exe
size: 202240
MD5: 35937EAD711207544E219C2A19A78A7D
Located: HK_CU:Run, Microsoft Works Update Detection (DISABLED)
where: S-1-5-21-2775147017-1924569671-740138590-1000...
command: C:\Program Files\Microsoft Works\WkDetect.exe
file: C:\Program Files\Microsoft Works\WkDetect.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, MoneyAgent (DISABLED)
where: S-1-5-21-2775147017-1924569671-740138590-1000...
command: "C:\Program Files\Microsoft Money\System\Money Express.exe"
file: C:\Program Files\Microsoft Money\System\Money Express.exe
size: 188472
MD5: 030AA5152B4B6BAB24F4A605737BC3D2
Located: Startup (common), Microsoft Office.lnk (DISABLED)
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5BC65464354A9FD3BEAA28E18839734A
Located: Startup (common), Microsoft Works Calendar Reminders.lnk (DISABLED)
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
file: C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
size: 24633
MD5: 39FDFD34F7B04290D1BC53E3D6EC7D83
Yes,you got it right.
Do you have Comodo antivirus,along with Comodo firewall?Located: HK_LM:Run, COMODO Internet Security
command: "C:\Program Files\COMODO\Firewall\cfp.exe" -h
file: C:\Program Files\COMODO\Firewall\cfp.exe
size: 1851128
MD5: 199B6E9E030548F6A0E914C624A5FF6D
Also,could you rightclick the Spybot desktop icon,select Properties,then shortcut.In the box next to Target:,could you copy and paste the info from that box to here?It probably looks something like this:
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /advancedmode
No, I have AVG for antivirus.
The Target info is:
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
There is definitely nothing after exe" - but no doubt you will know if that is significant!
Incidentally, I found that I was unable to run MS Flight Simulator 2002 earlier today (haven't tried it for some time). It didn't run; I ended up with a black screen and had to use the reboot button (control alt del didn't work) to get the computer back to life again. I looked on Comodo forum and found that I was able to get the program running by putting the firewall and Defence+ into training mode and then running FS2002. I was then able to reset the firewall and Defence+ to SAFE mode and all is now well with FS2002. Ignore all this about FS2002 if it is not relevant to my spybot problem.
No,it's okay not to have anything after the .exe.
Do you have the link to the info on Comodo forum that helped you run flight simulator?If so,could you post it so I can look,please?