ya_serious Posted February 29, 2008 Report Share Posted February 29, 2008 Hello, Im new to using utorrent and im not very computer literate.I have been using Azureus with no problems, and was told to use utorrent for better speeds and less system hogging.I have downloaded a few torrents using utorrent fine.But now im getting an error message "Error: Access is denied" when trying to download certain torrents (not everyone i d/l).I read the help topics and i dont have google or msn toolbars installed.I dont understand how to "turn off diskio.flush_files". Can someone please explain this to me?Also I am running nero burning software, tho im not too sure if i have nero scout.And help on finding out or how to uninstall scout?Thank you. Link to comment Share on other sites More sharing options...
jewelisheaven Posted February 29, 2008 Report Share Posted February 29, 2008 Are you using any sort of media indexer? Like Roxio or Nero Scout or Windows Media Player or iTunes? Are you using a search indexer like Google Desktop, Windows Search, or the like? If you provide the HiJackThis log requested in the How-To someone can tell you exactly what's going on stopping you from downloading Something to note before that.. are all of your files coming up like that, for example OpenOffice Torrents? Link to comment Share on other sites More sharing options...
donski Posted February 29, 2008 Report Share Posted February 29, 2008 Sorry Ya-serious, no advice from me, i'm actually having the exact same problem. Jewelisheaven, thanks for replying to ya-serious, but could please expand on where I could find (or what is) the HiJackThis log and the how-To? Computer numfy I'm afraid. Link to comment Share on other sites More sharing options...
jewelisheaven Posted February 29, 2008 Report Share Posted February 29, 2008 See below what I type. That is the signature. I keep all sorts of nice things down there. Notice how "How-To" looks the same as a link there If you want to paste the logs that will help, open that link and then search for "hijack" to skip right to it. Truthfully you should read through the whole thing, as it likely has things which can help you... but first off lets get your torrents running > 5 minutes at a time eh>? Link to comment Share on other sites More sharing options...
ya_serious Posted February 29, 2008 Author Report Share Posted February 29, 2008 I dont understand any of that, any help would be great thank you.To answer you question, No, not all the torrents i d/l are coming up with that error message.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:20:31 AM, on 3/1/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Eset\nod32krn.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\ALCWZRD.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\Eset\nod32kui.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exeC:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\MSN Messenger\usnsvc.exeC:\Program Files\Sierra Entertainment\FEAR Perseus Mandate\Launcher.exeC:\Program Files\PokerStars\PokerStars.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exeC:\Program Files\iTunes\iTunes.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exeC:\Program Files\uTorrent\uTorrent.exeC:\PROGRA~1\MOZILL~1\FIREFOX.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO1 - Hosts: 66.98.148.65 auto.search.msn.comO1 - Hosts: 66.98.148.65 auto.search.msn.esO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installO4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exeO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICEO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKLM\..\Run: [NSLauncher] "C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" /startupO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{34BC98D2-63A2-478C-B588-07829369347A}: NameServer = 203.12.160.35,203.12.160.36O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe--End of file - 5493 bytes Link to comment Share on other sites More sharing options...
jewelisheaven Posted February 29, 2008 Report Share Posted February 29, 2008 Hmm I see a few flags here: O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe <--- Not Windows Service, bad bad software.Additionally your MOD32 may have IMON enabled. Please try adding it to the exceptions list, or turn off temporarily to see if that solves the problem. Since you know what types of files that suffer this behaviour... I'm not sure if any of those Nokia services would be interfering.. do you know what they do? Link to comment Share on other sites More sharing options...
ya_serious Posted March 4, 2008 Author Report Share Posted March 4, 2008 I have uninstalled nero and turned MOD32 off. and still no luck.To answer your question jewelisheaven, im not too sure about the nokia services.. I only use it to put music on my phone so i dont see how it could effect it."I dont understand how to "turn off diskio.flush_files". Can someone please explain this to me?" Can turning this off what ever it is help me?"Are you using any sort of media indexer? Like Roxio or Nero Scout or Windows Media Player or iTunes?"I am using itunes, but i dont know what a media indexer is? Link to comment Share on other sites More sharing options...
Ultima Posted March 5, 2008 Report Share Posted March 5, 2008 Can you post a more current process list now that you've uninstalled Nero? Link to comment Share on other sites More sharing options...
ya_serious Posted March 5, 2008 Author Report Share Posted March 5, 2008 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:55:04 PM, on 3/5/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\ALCWZRD.EXEC:\Program Files\Eset\nod32kui.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Eset\nod32krn.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\MSN Messenger\usnsvc.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\uTorrent\uTorrent.exeC:\PROGRA~1\MOZILL~1\FIREFOX.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO1 - Hosts: 66.98.148.65 auto.search.msn.comO1 - Hosts: 66.98.148.65 auto.search.msn.esO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installO4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exeO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICEO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKLM\..\Run: [NSLauncher] "C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" /startupO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{34BC98D2-63A2-478C-B588-07829369347A}: NameServer = 203.12.160.35,203.12.160.36O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe--End of file - 5134 bytes Link to comment Share on other sites More sharing options...
Ultima Posted March 5, 2008 Report Share Posted March 5, 2008 O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"Nero wasn't uninstalled properly, apparently. Link to comment Share on other sites More sharing options...
ya_serious Posted March 5, 2008 Author Report Share Posted March 5, 2008 Thats odd, its completely gone from my system. I just double checked.And C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe is not on my computer when i look for it. Link to comment Share on other sites More sharing options...
Ultima Posted March 5, 2008 Report Share Posted March 5, 2008 lol, that'd be me failing at reading the log. It's simply a startup entry, not necessarily running (it's not).At any rate, you might still want to get rid of that svchost.exe:exe.exe service that jewelisheaven pointed out. Link to comment Share on other sites More sharing options...
ya_serious Posted March 5, 2008 Author Report Share Posted March 5, 2008 How should i go about getting rid of that??Will it help utorrent?? Link to comment Share on other sites More sharing options...
Ultima Posted March 6, 2008 Report Share Posted March 6, 2008 Considering how suspicious it looks, I'm not quite certain. For sure, it looks to be malware. Google might turn something up, though. I mean, you could always try killing the process and removing the executable, but I'm not sure if it'll come back again. Link to comment Share on other sites More sharing options...
jewelisheaven Posted March 6, 2008 Report Share Posted March 6, 2008 That's the funny thing though It doesn't appear to be running.... then again I thought one could NOT use : in filenames so perhaps it's some sort of masking for alternate streams?? LOL in any case you should definitely be sure it is removed by re-running HJT in safe mode and being sure the service is removed and the executable does not exist... as well as scanning using prevx and spybot S&D Link to comment Share on other sites More sharing options...
ya_serious Posted March 7, 2008 Author Report Share Posted March 7, 2008 OK. Utorrent seems to be working fine now. I dont know what i did but every d/l i try works. (except the one i first had the problem with). I'll just have to try work it out on my house mates computer cos he has started using utorrent and is getting the same problem (everytime tho). Thanks everyone for you help. Now all i have to do i piss of this svchost.exe:exe.exe and i should be good.-travis Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.