Solved

cannot delete file - cannot read from source file or disk

Posted on 2006-06-30
31
2,216 Views
Last Modified: 2011-10-03
When I start up my laptop, I keep getting the alert "cannot delete file - cannot read from source file or disk". It appears 3 times and it doesn't tell me which file it is that cannot be deleted. I've had a look at previous questions and answers but they all seem to refer to known files. I have 2 questions. 1. How do I find out which file(s) is/are causing the problem and 2. How do I get rid of them? I'm running XP Pro SP2 on an Acer 8204 WLMi.

Thanks
0
Comment
Question by:surfcrazedscot
  • 8
  • 7
  • 7
  • +2
31 Comments
 
LVL 30

Expert Comment

by:callrs
Comment Utility
>>How do I find out which file(s) is/are causing the problem
http://www.windowsnetworking.com/j_helmig/wxpevent.htm     Windows XP Event Viewer
0
 
LVL 30

Expert Comment

by:callrs
Comment Utility
You might be able to delete them from Safe Mode with Command Prompt (or maybe even with Safe Mode)
0
 
LVL 4

Expert Comment

by:Purple_Sky
Comment Utility
Wait ! you are not trying to delete any files and you get this error message when you start the windows ? You are most likely infected or some files are acting funny. We should find out which start up entry tries to delete a file. I would say you have some kind of an infection going on in your system.

1- visit www.ewido.net , download install update and run a complete system scan with ewido.
2- run an online scan @ www.bitdefender.com
3- download run and scan and save a log file with HJT(  http://downloads.malwareremoval.com/HijackThis.exe  )

and post us log file.

Then run an online scan @ www.kaspersky.com and post the resulting log.

I believe the message you are receiving is a fake error message that is generated by malware.
0
 
LVL 23

Expert Comment

by:phototropic
Comment Utility
It could also be a problem with system files. Try running chkdsk /r
(My computer - C drive - properties - tools -error checking ) or from Recovery console.
0
 
LVL 69

Accepted Solution

by:
Merete earned 250 total points
Comment Utility
if it is starting with windows go to start run type in msconfig press enter sellect selective startup and startup> and have look at what is starting up with your windows,
or go to start all programs startup and delete the link in the start up.
you can go into your folder settings and show hidden files and folder so you can see it

Startup Inspector
disable auto-start programs
Our Rating:  (Good!)
snapshot
http://www.snapfiles.com/screenshots/startupinspector.htm
Startup Inspector lets you view and optionally disable programs that are currently set to start automatically with Windows. In addition to the details that are extracted from the registry, it can also consult an online database that can provide additional information inplain English (if available). In addition, it displays a user rating that indicates whether other users find the particular entry to be of any use. The program is easy to use and comes with an attractive interface - it is designed to list and either disable or enable startup entries; it does not provide options to modify them or add new ones
downlaod
http://www.snapfiles.com/get/startupinspector.html

Startup Monitor is a small monitoring program, it keep a constant eye on your system's startup entries. When ever a change is made, you will be notified and given a choice to either allow the change or not to change.
http://www.windowsstartup.com/startupmonitor.php
0
 

Author Comment

by:surfcrazedscot
Comment Utility
I tried the chkdsk - no difference.

These are the log files from ewido, bitdefender and hijack this. I'm running kaspersky scan now.

Log from ewido:

 + Created at:      07:13:50 01/07/2006

 + Scan result:      



:mozilla.74:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.117:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.75:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.76:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.77:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.85:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.86:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
C:\Recycled\Dc5.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.238:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.98:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.54:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.105:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.246:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.214:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.215:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.216:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.81:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.82:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.83:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.84:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.140:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.141:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.142:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.60:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.61:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.62:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.63:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.64:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.224:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.225:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.226:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.45:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.46:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.164:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.165:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.166:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.167:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.171:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.Trafic : No action taken.
:mozilla.189:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.185:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.186:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.187:C:\Documents and Settings\Brian McCaig\Application Data\Mozilla\Firefox\Profiles\kzjgjmhb.default\cookies.txt -> TrackingCookie.Zedo : No action taken.


::Report end

Bitdefender:

BitDefender Online Scanner - Real Time Virus Report
Generated at: Sat, Jul 01, 2006 - 11:05:08

Scan Info
Scanned Files
717521

Infected Files
0

Virus Detected
No virus found.

Logfile of HijackThis v1.99.1
Scan saved at 11:08:44, on 01/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Acer\Empowering Technology\admServ.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\SMSC\Seticon.exe
C:\Acer\GraviSense\GraviSense.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Acer\VoIP Phone Charger\voip phone charger.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\DOCUME~1\BRIANM~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\Keyspan\USB Server\nhciTask.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Brian McCaig\My Documents\My Received Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SetIcon] \Program Files\SMSC\Seticon.exe
O4 - HKLM\..\Run: [GraviSense] C:\Acer\GraviSense\GraviSense.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [voip phone charger] "C:\Program Files\Acer\VoIP Phone Charger\voip phone charger.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Keyspan USB Server Task.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151383519796
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe



0
 
LVL 23

Expert Comment

by:phototropic
Comment Utility
You can analyse your HJT log by copy/pasting it here: http://www.hijackthis.de/#anl

Your log analysis is saved here:

http://www.hijackthis.de/logfiles/b691ce282242fa32270b56a2d9e291a0.html

It looks pretty clean. Bitdefender found nothing and ewido found a few tracking cookies, so whatever is throwing up these messages is either very well-hidden or not malicious.
What showed up in msconfig?
Try disabling everything except Zonealarm and avast a/v, then reboot.
Do you still see these messages?
0
 

Author Comment

by:surfcrazedscot
Comment Utility
kaspersky scan - no viruses or malware
0
 
LVL 23

Expert Comment

by:phototropic
Comment Utility
Have you tried Merete's suggestion of msconfig:
Start - run - type "msconfig" (without the quotes) - click on "startup" - click on "disable all" - put a tick back in the box for Zonealarm and avast. Click on apply, then close. It will ask to reboot. Do so.
Any change?
0
 

Author Comment

by:surfcrazedscot
Comment Utility
ok - started up with just avast and zone alarm - warning message is gone :)  

is it just a case now of adding a few at a time to the startup to isolate the culprit?
0
 
LVL 4

Expert Comment

by:Purple_Sky
Comment Utility
hehe ironic i am glad i was wrong :) a check up doesnt hurt :)
0
 
LVL 23

Assisted Solution

by:phototropic
phototropic earned 250 total points
Comment Utility
Pretty much.
Check the startups one by one...Do you recognise the path? Do you need it? Can you live without it?
There are lists of startups which may help:

http://www.sysinfo.org/startuplist.php
http://www.pacs-portal.co.uk/startup_content.php

Re-enable your startups one by one till you find the culprit.
0
 

Author Comment

by:surfcrazedscot
Comment Utility
You want irony? The culprit was alaunch.exe - the irony being that it's bundled with Acer laptops and is described as "provides additional diagnostic fucntions for your laptop".

Yeah right - and should be bundled with something for a headache too.

Thanks for the help guys (and gals?). I've decided to leave the startup to the bare minimum. Everything is working great now :)
0
 
LVL 23

Expert Comment

by:phototropic
Comment Utility
Glad to hear it.
If you check your services tab (msconfig - services) and put a tick in the "hide all Microsoft services" box, you'll more than likely find some Acer services running too!
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 30

Expert Comment

by:callrs
Comment Utility
>> the irony being that it's bundled with Acer laptops and is described
Grr. Software from "reputable" companies often comes with headaches. My ISP's software for DSL came with major bloatware...and after a search I found a better solution: http://www.raspppoe.com/  . Even Compaq's software has been a headache for a neighbor.

Tips: http://www.sysinternals.com/Utilities/Autoruns.html & http://www.epsilonsquared.com/installwatch.htm
0
 
LVL 23

Expert Comment

by:phototropic
Comment Utility
Indeed. The only entries in your HJT log which were identified as "nasty" were both from "reputable" companies. Sometimes the difference between malicious spyware and "event monitoring" software installed with legitimate applications can be very hard to establish.
0
 

Author Comment

by:surfcrazedscot
Comment Utility
Well - I have it all sorted now thanks to everyone on here. I must at least owe someone dinner or something. Let me know if you're passing near Glasgow. The machine is buzzing along nicely now and only starts the background bits and pieces when I say so - not when Acer say so. Overall I'm very pleased with it again.

The annoying thing was that I only got it last week - after getting a refund for my VAIO FE11S. That had a known fault that Sony engineers in Tokyo were "investigating". After 3 months of "investigations" my patience ran out and a quick email to the managing directors office of the company I bought it from, reminding him of my rights as a consumer since the fault was present at the time of purchase, got the local store moving damn fast with my refund.
0
 
LVL 30

Expert Comment

by:callrs
Comment Utility
>>I must at least owe someone dinner or something
Hungry! lol. Lost 10+ pounds of body weight since starting at EE on May 18, with 250 accepted answers and 1500 additional comments.
The stuff I've done for free for years now gets me points. And food? :-D
0
 

Author Comment

by:surfcrazedscot
Comment Utility
I lost 20 pounds in 3 months - it's amazing how much exercise you get bouncing a VAIO off the wall.
0
 
LVL 30

Expert Comment

by:callrs
Comment Utility
I'm a puny 125 pounder now :-p
0
 
LVL 69

Expert Comment

by:Merete
Comment Utility
well it was probably associated with eitherzone alarm or your avast found something and was unable to delete it until you rebooted happens sometimes but if you disbaled this warning because you didnt want to reboot then it may have got stuck with the warning until you opened msconfig and re-enabled the zone and avast and also rebooted. Sometimes these programs finds things but cannot remove the threat as windows is using it, a reboot will help the programs delete it befor windows starts.
Merete.
It pays to try everyone suggestions.
cheers Merete
0
 
LVL 69

Expert Comment

by:Merete
Comment Utility
Thank you Lee, gee I do wonder why our frineds just take leave after so much assistance??
0
 

Author Comment

by:surfcrazedscot
Comment Utility
"Comment from Merete
Date: 07/24/2006 03:39AM PDT
      Comment       Accept

Thank you Lee, gee I do wonder why our frineds just take leave after so much assistance??"

Could I point out that I thanked eveyone for their help - even to the point of offering to buy dinner - after I advised that the problem had been solved.

In case anyone missed it - thanks again all and if you're ever in Scotland I owe you dinner.
0
 
LVL 69

Expert Comment

by:Merete
Comment Utility
awe yes I did miss that would have been good fun if possible, thank you surfcrazedscot
0
 
LVL 30

Expert Comment

by:callrs
Comment Utility
surfcrazedscot, you can split the points as you see fit. It's all part of the game here at EE  : )
0
 

Author Comment

by:surfcrazedscot
Comment Utility
Ummm.... kinda new to this - but I think 150 points  each should go to Merete and phototropic and 100 each to Purple_Sky  and callrs.

So.... how on earth do I do this?

Oh - dinner still stands ;)
0
 
LVL 69

Expert Comment

by:Merete
Comment Utility
lol whats for dinner over there. cheers all
M
0
 
LVL 30

Expert Comment

by:callrs
Comment Utility
>>So.... how on earth do I do this?
http:/help.jsp#hi19 Can I split points?

Or if you want to do it after the fact, click the "Support" link at top right & post a request there.

And before dinner, read this ;) hCttp://www.goveg.com/f-top10chickens.asp
0
 
LVL 23

Expert Comment

by:phototropic
Comment Utility
callrs,
you just reminded me why I haven't eaten meat for so many years...
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Can you find a fax from a vendor you saved a decade ago in seconds? Have you ever cursed your PC under your breath during an audit because you couldn’t find the requested statement or driver history?  If you answered no to the first question or yes …
If you have done a reformat of your hard drive and proceeded to do a successful Windows XP installation, you may notice that a choice between two operating systems when you start up the machine. Here is how to get rid of this: Click Start Clic…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now