• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
guylaura

trying to follow directions

27 posts in this topic

i received a window stating "access denied" when I scanned using hijackthis.

I then tried opening the file which was generated using Notepad and again received the window "access denied"

What am I doing wrong?

Share this post


Link to post
Share on other sites

bump

I'm getting a window that says "access denied" when I'm trying to open the log file from Highjackthis in Notepad.

I'd like to be able to post the results so someone could help me with my highjacked start page. Please.

I'm seeing many entries that aren't listed in "Pacman's List".

I don't want to mess something up by "fixing" them with Highjackthis.

Share this post


Link to post
Share on other sites

No idea - better just start all over.

 

Please do this.

Download 'Hijack This!'. http://www.spywareinfo.com/~merijn/files/HijackThis.exe

Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".

 

When the scan is finished, the "Scan" button will change into a "Save Log" button.

Press that, save the log, Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.

Share this post


Link to post
Share on other sites

bump

You state "Press that, save the log, Ctrl-A to Select All, and copy its contents here". Do you mean to open the log in notepad and then select all of it's contents? I pressed "save log" and the ctrl-a and nothing happened. There was nothing to paste. I did delete my previous download of Highjackthis, opened a new folder and re-downloaded from the link you gave me.

 

When I try to open the highjacklog.log file a window pops up saying "Access Denied"

Could something be blocking .log files to prevent scrutiny?

Share this post


Link to post
Share on other sites

Normally when you ""Press that, save the log," it is automatically opened in Notepad.

 

I can only guess that HijackThis is unable to open notepad. Where are you running HijackThis from? Is it in C:\HJT\?

Share this post


Link to post
Share on other sites

I created the folder C/ProgramFiles/HJT

Also, I can open any other .log file just not the highjackthis.log

Should I paste the log into an e-mail for you to review?

Share this post


Link to post
Share on other sites

bump

Hope you had a nice weekend.

I figured I wouldn't bug you.

Any ideas on why the highjack this .log fie won't give me access?

Share this post


Link to post
Share on other sites

Rename the log to something.log, see if notepad can open it then.

Share this post


Link to post
Share on other sites

When did all this start? Had you just installed something?

 

Have you rebooted?

 

If you like you can try emailing me the log as an attachment, send it to This Address If that succeeds then I will post it for you.

Share this post


Link to post
Share on other sites

bump

Replaced notepad.exe

Still getting message "access is denied"

As stated previously, I can open any other .log file except the highjackthis.log

Share this post


Link to post
Share on other sites

I will try that.

I'm leaving on vacation tomorrow.

We'll have to pick this up when I get back.

Thanks for trying to help so far

Share this post


Link to post
Share on other sites

I deleted all of the highjackthis data.

re-downloaded highjackthis again.

ran the scan.

saved the log.

 

STILL GETTING WINDOW STATING "ACCESS IS DENIED"

 

Leaving on vacation. Talk to you in a week.

Hope you can help.

Share this post


Link to post
Share on other sites

guyllaura has sent me this email:

I just read where you asked me to send you the log file.

somehow I missed that reply.

anyway, here it is.

You also asked if I had just downloaded something.

Here's what I think happened.

I just bought a new PC.

I had to set up my e-mail with the my service provider.

For their server to recognize my PC I had to disable my firewall.

I forgot to enable it afterwards.

When I turned it back on it asked if I wanted to accept interaction with a few different programs.

I thought they were relatetd to my internet provider or my PC company's update and support web site and didn't pay much attention to what I was doing.

Obviously I got whacked.

with this log attached

 

Logfile of HijackThis v1.98.0

Scan saved at 6:48:13 PM, on 7/30/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\VetMsgNT.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\atlrk32.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\atlmj32.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe

C:\Program Files\Winamp\Winampa.exe

C:\Documents and Settings\guy\Application Data\ttuh.exe

C:\Program Files\Netscape\Netscape\Netscp.exe

C:\WINDOWS\System32\NDrv.exe

C:\Program Files\America Online 8.0\aoltray.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\HJT\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cqfcs.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://cqfcs.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://cqfcs.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\cqfcs.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cqfcs.dll/sp.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://cqfcs.dll/index.html#37049

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway

R3 - Default URLSearchHook is missing

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\guy\Application Data\Mozilla\Profiles\default\9fuosbog.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\guy\Application Data\Mozilla\Profiles\default\9fuosbog.slt\prefs.js)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll (disabled by BHODemon)

O2 - BHO: (no name) - {B649FD4B-BDCD-72D4-5CE4-D490DFA46F99} - C:\WINDOWS\system32\crxy.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [atlmj32.exe] C:\WINDOWS\system32\atlmj32.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [ipfk32.exe] C:\WINDOWS\system32\ipfk32.exe

O4 - HKLM\..\Run: [javaef32.exe] C:\WINDOWS\system32\javaef32.exe

O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe

O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\WhenUSearch\Search.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"

O4 - HKLM\..\Run: [crxy.exe] C:\WINDOWS\system32\crxy.exe

O4 - HKLM\..\RunOnce: [apiao.exe] C:\WINDOWS\system32\apiao.exe

O4 - HKLM\..\RunOnce: [apigs32.exe] C:\WINDOWS\system32\apigs32.exe

O4 - HKLM\..\RunOnce: [appfk32.exe] C:\WINDOWS\system32\appfk32.exe

O4 - HKLM\..\RunOnce: [appfn32.exe] C:\WINDOWS\system32\appfn32.exe

O4 - HKLM\..\RunOnce: [apppu.exe] C:\WINDOWS\apppu.exe

O4 - HKLM\..\RunOnce: [atlme32.exe] C:\WINDOWS\system32\atlme32.exe

O4 - HKLM\..\RunOnce: [atlxb32.exe] C:\WINDOWS\system32\atlxb32.exe

O4 - HKLM\..\RunOnce: [d3ad.exe] C:\WINDOWS\d3ad.exe

O4 - HKLM\..\RunOnce: [d3lu.exe] C:\WINDOWS\system32\d3lu.exe

O4 - HKLM\..\RunOnce: [ieat32.exe] C:\WINDOWS\ieat32.exe

O4 - HKLM\..\RunOnce: [iecv.exe] C:\WINDOWS\system32\iecv.exe

O4 - HKLM\..\RunOnce: [iegg32.exe] C:\WINDOWS\iegg32.exe

O4 - HKLM\..\RunOnce: [ierx.exe] C:\WINDOWS\ierx.exe

O4 - HKLM\..\RunOnce: [ipfq32.exe] C:\WINDOWS\ipfq32.exe

O4 - HKLM\..\RunOnce: [ipla.exe] C:\WINDOWS\ipla.exe

O4 - HKLM\..\RunOnce: [iplk.exe] C:\WINDOWS\system32\iplk.exe

O4 - HKLM\..\RunOnce: [javanl.exe] C:\WINDOWS\javanl.exe

O4 - HKLM\..\RunOnce: [javato.exe] C:\WINDOWS\system32\javato.exe

O4 - HKLM\..\RunOnce: [mfcge.exe] C:\WINDOWS\mfcge.exe

O4 - HKLM\..\RunOnce: [mfcpb32.exe] C:\WINDOWS\mfcpb32.exe

O4 - HKLM\..\RunOnce: [mfcot.exe] C:\WINDOWS\mfcot.exe

O4 - HKLM\..\RunOnce: [netog.exe] C:\WINDOWS\netog.exe

O4 - HKLM\..\RunOnce: [ntay32.exe] C:\WINDOWS\system32\ntay32.exe

O4 - HKLM\..\RunOnce: [ntpz.exe] C:\WINDOWS\system32\ntpz.exe

O4 - HKLM\..\RunOnce: [sdkdm32.exe] C:\WINDOWS\system32\sdkdm32.exe

O4 - HKLM\..\RunOnce: [sdkgz32.exe] C:\WINDOWS\system32\sdkgz32.exe

O4 - HKLM\..\RunOnce: [sdkjk32.exe] C:\WINDOWS\system32\sdkjk32.exe

O4 - HKLM\..\RunOnce: [sdkoj.exe] C:\WINDOWS\sdkoj.exe

O4 - HKLM\..\RunOnce: [sdkxe.exe] C:\WINDOWS\sdkxe.exe

O4 - HKLM\..\RunOnce: [sysae32.exe] C:\WINDOWS\sysae32.exe

O4 - HKLM\..\RunOnce: [syscj32.exe] C:\WINDOWS\syscj32.exe

O4 - HKLM\..\RunOnce: [syscy32.exe] C:\WINDOWS\syscy32.exe

O4 - HKLM\..\RunOnce: [sysoh.exe] C:\WINDOWS\system32\sysoh.exe

O4 - HKLM\..\RunOnce: [wincg.exe] C:\WINDOWS\wincg.exe

O4 - HKLM\..\RunOnce: [winip32.exe] C:\WINDOWS\winip32.exe

O4 - HKLM\..\RunOnce: [winmr.exe] C:\WINDOWS\winmr.exe

O4 - HKLM\..\RunOnce: [winnx.exe] C:\WINDOWS\system32\winnx.exe

O4 - HKLM\..\RunOnce: [winor32.exe] C:\WINDOWS\winor32.exe

O4 - HKLM\..\RunOnce: [winuz32.exe] C:\WINDOWS\winuz32.exe

O4 - HKLM\..\RunOnce: [winzb.exe] C:\WINDOWS\system32\winzb.exe

O4 - HKLM\..\RunOnce: [d3hl.exe] C:\WINDOWS\d3hl.exe

O4 - HKLM\..\RunOnce: [apivh.exe] C:\WINDOWS\apivh.exe

O4 - HKLM\..\RunOnce: [d3bs32.exe] C:\WINDOWS\system32\d3bs32.exe

O4 - HKLM\..\RunOnce: [mfcbm.exe] C:\WINDOWS\system32\mfcbm.exe

O4 - HKLM\..\RunOnce: [atllq.exe] C:\WINDOWS\system32\atllq.exe

O4 - HKLM\..\RunOnce: [mfcqe.exe] C:\WINDOWS\system32\mfcqe.exe

O4 - HKLM\..\RunOnce: [addpj32.exe] C:\WINDOWS\system32\addpj32.exe

O4 - HKLM\..\RunOnce: [ielm.exe] C:\WINDOWS\ielm.exe

O4 - HKLM\..\RunOnce: [atlmy32.exe] C:\WINDOWS\system32\atlmy32.exe

O4 - HKLM\..\RunOnce: [appxg32.exe] C:\WINDOWS\system32\appxg32.exe

O4 - HKLM\..\RunOnce: [iejr32.exe] C:\WINDOWS\system32\iejr32.exe

O4 - HKLM\..\RunOnce: [netdd32.exe] C:\WINDOWS\netdd32.exe

O4 - HKLM\..\RunOnce: [sdkhn32.exe] C:\WINDOWS\sdkhn32.exe

O4 - HKLM\..\RunOnce: [iprf32.exe] C:\WINDOWS\iprf32.exe

O4 - HKLM\..\RunOnce: [syszh.exe] C:\WINDOWS\system32\syszh.exe

O4 - HKLM\..\RunOnce: [msoe.exe] C:\WINDOWS\system32\msoe.exe

O4 - HKLM\..\RunOnce: [atlrk32.exe] C:\WINDOWS\system32\atlrk32.exe

O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\guy\Application Data\ttuh.exe

O4 - HKCU\..\Run: [ClockSync] "C:\PROGRA~1\CLOCKS~1\Sync.exe" /q

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo

O4 - HKCU\..\Run: [NDrv] C:\WINDOWS\System32\NDrv.exe

O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe

O4 - Global Startup: EZ Firewall.lnk = C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe

O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/download/tgctlcm.cab

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {0C34F1FD-B5EE-41F6-9D1D-BB19BBE402E7} (FBViewerCtrl.FBViewer) - https://ohow.netfilemanager.com/includes/FBViewerCtrl.CAB

O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\rdgjetef.exe

O16 - DPF: {11010101-1001-1111-1000-110164567732} - ms-its:mhtml:file://C:MAIN.MHT!http://www.008i.com//x//f//10213//inst.chm::/f10213.exe

O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4...006_regular.cab

O16 - DPF: {2048B51E-8D74-4762-82CE-B48CF545EEEA} - http://cl55.biz/tracker/eu_cax.cab

O16 - DPF: {693F0F29-1D1F-4EDF-B5A8-E8852FF195DE} (SEAGULL J Walk Printer Client) - http://gsp5250.ascensionhealth.org:1570/jw...erclient_ie.cab

O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50038/QDow_AS2.cab

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll

Share this post


Link to post
Share on other sites

Some knowledgeable people are looking at it now. Help is on the way.

Share this post


Link to post
Share on other sites

mmkay step one my friend... I need you to run a little tool, the fix is still new, so I want to make sure it catches everything...

 

unzip the file and run the GetADS file.. it will create a text file and pop it up... I need you to copy and paste the info into here...

 

http://tools.zerosrealm.com/GetADS.zip

Share this post


Link to post
Share on other sites

This is what I got when I clicked on the getads.bat file.

 

LADS - Freeware version 4.00

© Copyright 1998-2004 Frank Heyne Software (http://www.heysoft.de)

This program lists files with alternate data streams (ADS)

Use LADS on your own risk!

 

Scanning directory C:\WINDOWS\

 

size ADS in file

---------- ---------------------------------

88 C:\WINDOWS\SchedLgU.Txt:SummaryInformation

0 C:\WINDOWS\SchedLgU.Txt:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

 

88 bytes in 2 ADS listed

 

There was also a lads.exe file with it.

Should I have run that also?

I've become wary of .exe files

Share this post


Link to post
Share on other sites

I noticed in the previous reply that there was added some anti-virus, firewall and misc. spyware downloads.

I currently have California Associates Firewall and Anti-Virus.

I also have Spybot.

Do I need these programs you listed?

Share this post


Link to post
Share on other sites

Nothing wrong - I'll remind Psykel (he's a very busy person)...

Share this post


Link to post
Share on other sites

Ok, thanks cnm from the reminder, I am a really busy person...

 

here is what we need to do

 

first I need you to download two tools

 

http://www.richardthelionhearted.com/~meri...iles/adsspy.zip

 

and

 

http://tools.zerosrealm.com/AboutBuster.zip

 

unzip them both but don't use them yet.

 

Next we need to clean up the hjt log,

 

But I need a new one, there may have been some changes, so if you could do a new scan and post the new log... I have added this thread to my track list so I will know as soon as you post back

 

Thanks for your patience

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0