Lopezz Posted March 19, 2008 Report Share Posted March 19, 2008 hi, i'm new to this but i see that this problem has been solved with others.i'm downloading torrents and seconds into the download the error comes up. I know a program must be running as its downloading but i don't know what it is. This is my HiJackThis.log Please help.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:52:30 PM, on 3/19/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16609)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\BlueSoleil\BtTray.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXEC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\WinRAR\WinRAR.exeC:\PROGRA~1\MOZILL~1\FIREFOX.EXEC:\Windows\system32\SearchFilterHost.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO1 - Hosts: ::1 localhostO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: IE Custom Tools - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\Video Add-on\ictmdl.dll (file missing)O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exeO4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXEO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exeO4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [btTray] "C:\Program Files\BlueSoleil\BtTray.exe"O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /autoO4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeO4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exeO8 - Extra context menu item: &Search - ?p=ZRfox000O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htmO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO13 - Gopher Prefix: O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\BlueSoleil\BlueSoleilCS.exeO23 - Service: BsHelpCS - Unknown owner - C:\Program Files\BlueSoleil\BsHelpCS.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exeO23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe--End of file - 8415 bytes Link to comment Share on other sites More sharing options...
DreadWingKnight Posted March 19, 2008 Report Share Posted March 19, 2008 Nero media indexer is the most likely culprit. Link to comment Share on other sites More sharing options...
jewelisheaven Posted March 19, 2008 Report Share Posted March 19, 2008 Could be iTunes. Does this happen with all files, including non media such as OpenOffice torrents or Slackware torrentsAdditionally you will want to either exclude your downloading folder(s) from Nero Scout, or uninstall that portion of the suite or the whole suite entirely.Your webcam driver gave some cause for concern O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe running in windows but nothing else seems to be relevant.Additionally after removing those programs from accessing uT, could you perform the procedure in the How-To for pasting a process explorer dll list? Link to comment Share on other sites More sharing options...
Lopezz Posted March 19, 2008 Author Report Share Posted March 19, 2008 i like the quick response. Ok so how do i disable the indexer Link to comment Share on other sites More sharing options...
jewelisheaven Posted March 19, 2008 Report Share Posted March 19, 2008 No idea, that's why it's your software In the past there is a Nero "loader" which allows install/uninstall run/no-run facilities. You'll be looking for "Nero Scout".Alternatively, Start->run->services.msc You will need to first STOP, then DISABLE (for good measure) the nero indexer there. As far as iTunes, turn off automatic indexing, or add your download folder to its exceptions list for automatic adding into the library. Link to comment Share on other sites More sharing options...
Lopezz Posted March 19, 2008 Author Report Share Posted March 19, 2008 I closed logitech messenger through task manager and here's the edited explorer list.....i have no idea wat is means Process PID CPU Description Company NameSystem Idle Process 0 91.96 Interrupts n/a 1.53 Hardware Interrupts DPCs n/a Deferred Procedure Calls System 4 smss.exe 460 csrss.exe 524 wininit.exe 564 services.exe 640 svchost.exe 820 igfxsrvc.exe 3020 igfxsrvc Module Intel Corporation NMIndexStoreSvr.exe 3064 NMBgMonitor.exe 2152 svchost.exe 868 svchost.exe 908 svchost.exe 960 audiodg.exe 1076 svchost.exe 988 dwm.exe 1968 1.53 Desktop Window Manager Microsoft Corporation svchost.exe 1004 taskeng.exe 1952 Task Scheduler Engine Microsoft Corporation taskeng.exe 3444 taskeng.exe 324 SLsvc.exe 1108 svchost.exe 1136 svchost.exe 1280 spoolsv.exe 1468 svchost.exe 1492 AppleMobileDeviceService.exe 468 BlueSoleilCS.exe 1296 svchost.exe 1060 svchost.exe 1712 svchost.exe 2084 SearchIndexer.exe 2292 SDWinSec.exe 2452 BsHelpCS.exe 3428 iPodService.exe 3468 svchost.exe 904 NMIndexingService.exe 3752 lsass.exe 652 lsm.exe 660 csrss.exe 572 1.53 winlogon.exe 620 explorer.exe 2016 Windows Explorer Microsoft Corporation MSASCui.exe 492 Windows Defender User Interface Microsoft Corporation RtHDVCpl.exe 500 HD Audio Control Panel Realtek Semiconductor jusched.exe 512 Java Platform SE binary Sun Microsystems, Inc. hkcmd.exe 300 hkcmd Module Intel Corporation igfxpers.exe 308 persistence Module Intel Corporation iTunesHelper.exe 812 iTunesHelper Module Apple Inc. BtTray.exe 864 BlueSoleil Bttray sidebar.exe 1000 Windows Sidebar Microsoft Corporation TeaTimer.exe 1064 System settings protector Safer Networking Limited SetPoint.exe 1188 Logitech SetPoint Event Manager (UNICODE) Logitech Inc. KHALMNPR.exe 3088 Logitech KHAL Main Process Logitech Inc. notepad.exe 3940 Notepad Microsoft Corporation uTorrent.exe 2272 µTorrent BitTorrent, Inc.firefox.exe 1196 Firefox Mozilla Corporationvsnpstd.exe 484 procexp.exe 2024 3.07 Sysinternals Process Explorer Sysinternals - www.sysinternals.comProcess: uTorrent.exe Pid: 2272Name Description Company Name VersionADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 6.00.6000.16386CLBCatQ.DLL COM+ Configuration Catalog Microsoft Corporation 2001.12.6930.16386COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.10.6000.16386comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.6000.16386dhcpcsvc.DLL DHCP Client Service Microsoft Corporation 6.00.6000.16512dhcpcsvc6.DLL DHCPv6 Client Microsoft Corporation 6.00.6000.16512DNSAPI.dll DNS Client API DLL Microsoft Corporation 6.00.6000.20492FirewallAPI.dll Windows Firewall API Microsoft Corporation 6.00.6000.16501GDI32.dll GDI Client DLL Microsoft Corporation 6.00.6000.16386IMM32.DLL Multi-User Windows IMM32 API Client DLL Microsoft Corporation 6.00.6000.16386Iphlpapi.dll IP Helper API Microsoft Corporation 6.00.6000.16386kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 6.00.6000.16386kernel32.dll.mui Windows NT BASE API Client DLL Microsoft Corporation 6.00.6000.16386lgscroll.dll Logitech Scroll Enabler (UNICODE) Logitech Inc. 4.00.0121.0000locale.nls locale.nls LPK.DLL Language Pack Microsoft Corporation 6.00.6000.16386MSCTF.dll MSCTF Server DLL Microsoft Corporation 6.00.6000.16386msctf.dll.mui MSCTF Server DLL Microsoft Corporation 6.00.6000.16386MSVCP80.dll Microsoft® C++ Runtime Library Microsoft Corporation 8.00.50727.0762MSVCR80.dll Microsoft® C Runtime Library Microsoft Corporation 8.00.50727.0762msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.6000.16386mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 6.00.6000.16386napinsp.dll E-mail Naming Shim Provider Microsoft Corporation 6.00.6000.16386NLAapi.dll Network Location Awareness 2 Microsoft Corporation 6.00.6000.16386npmproxy.dll Network List Manager Proxy Microsoft Corporation 6.00.6000.16386NSI.dll NSI User-mode interface DLL Microsoft Corporation 6.00.6000.16386ntdll.dll NT Layer DLL Microsoft Corporation 6.00.6000.16386NTMARTA.DLL Windows NT MARTA provider Microsoft Corporation 6.00.6000.16386ole32.dll Microsoft OLE for Windows Microsoft Corporation 6.00.6000.16386oleaut32.dll Microsoft Corporation 6.00.6000.16609pnrpnsp.dll PNRP Name Space Provider Microsoft Corporation 6.00.6000.16386PSAPI.DLL Process Status Helper Microsoft Corporation 6.00.6000.16386rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 6.00.6000.16386RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 6.00.6000.16525rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 6.00.6000.16386SAMLIB.dll SAM Library DLL Microsoft Corporation 6.00.6000.16386Secur32.dll Security Support Provider Interface Microsoft Corporation 6.00.6000.16386SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.6000.16513shfolder.dll Shell Folder Service Microsoft Corporation 6.00.6000.16386SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.6000.16386USER32.dll Multi-User Windows USER API Client DLL Microsoft Corporation 6.00.6000.16438USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.626.6000.16386uTorrent.exe µTorrent BitTorrent, Inc. 1.08.0000.8912uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.6000.16386VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 6.00.6000.16386WINNSI.DLL Network Store Information RPC interface Microsoft Corporation 6.00.6000.16386winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 6.00.6000.16386WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 6.00.6000.16386WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 6.00.6000.16386wship6.dll Winsock2 Helper DLL (TL/IPv6) Microsoft Corporation 6.00.6000.16386wshtcpip.dll Winsock2 Helper DLL (TL/IPv4) Microsoft Corporation 6.00.6000.16386 Link to comment Share on other sites More sharing options...
DreadWingKnight Posted March 19, 2008 Report Share Posted March 19, 2008 That's not a dll list Link to comment Share on other sites More sharing options...
Lopezz Posted March 19, 2008 Author Report Share Posted March 19, 2008 i just followed the instructions on the "how To" link. What did i do wrong or what am i missing Link to comment Share on other sites More sharing options...
jewelisheaven Posted March 19, 2008 Report Share Posted March 19, 2008 Edit the post above. Be sure in Process Explorer you press Ctrl-D and then highlight utorrent.exeLogitech Desktop Messenger may also be injected into uT in which case, AFTER making sure Nero Scout isn't running AND checking to see if Windows Search is accessing your folder you will want to try and close it. This can be done from within Task Manager (Ctrl-Alt-Del) or Process Explorer.I don't think the webcam driver is a problem. However you never know. Link to comment Share on other sites More sharing options...
Lopezz Posted March 19, 2008 Author Report Share Posted March 19, 2008 i edited the post with the original process explorer text Link to comment Share on other sites More sharing options...
jewelisheaven Posted March 19, 2008 Report Share Posted March 19, 2008 Nero Scout is still running.As I suspected Logitech Scroll Enabler is in the DLL list, but that would be unrelated to these file access problems. It however can be related to other problems as a search shows. Link to comment Share on other sites More sharing options...
Lopezz Posted April 11, 2008 Author Report Share Posted April 11, 2008 My Last Problem was solved due to Nero scout being disabled.However now i have a new problem with the same issue......access is being denied in the utorrent download.Nero Scout is still disabled and hasn't been touch....it might be a new program accessing the file This is my Updated HiJack this log Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:37:28 PM, on 4/11/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16643)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\BlueSoleil\BtTray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXEC:\Program Files\uTorrent\uTorrent.exeC:\Windows\vsnpstd.exeC:\PROGRA~1\MOZILL~1\FIREFOX.EXEC:\Program Files\HiJackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.raptors.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO1 - Hosts: ::1 localhostO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll (file missing)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO2 - BHO: (no name) - {F10587E9-0E47-4CBE-ABCD-7DD20B862223} - (no file)O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: IE Custom Tools - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\Video Add-on\ictmdl.dll (file missing)O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exeO4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXEO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exeO4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [btTray] "C:\Program Files\BlueSoleil\BtTray.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy2\TeaTimer.exeO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeO4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exeO8 - Extra context menu item: &Search - ?p=ZRfox000O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htmO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll (file missing)O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll (file missing)O13 - Gopher Prefix: O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\BlueSoleil\BlueSoleilCS.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: BsHelpCS - Unknown owner - C:\Program Files\BlueSoleil\BsHelpCS.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exeO23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe--End of file - 8483 bytes Link to comment Share on other sites More sharing options...
jewelisheaven Posted April 11, 2008 Report Share Posted April 11, 2008 It's not disabled though is it?... O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe <-- I thought only active services were listed in the HJT log. start->run->services.msc to be sure it's disabled.As far as finding out what's using it, you can use Process Explorer in-fact. Switch to Handles mode, Ctrl-H then Find from the menu (Ctrl-F iirc) and type in the full or partial filename. PE will then display ALL instances of that file it sees. You may need to do this a couple times, it may depend on the TIMING it is searched for, i.e. right after you start the download in uT so it searches right as Access Denied is seen. :/ Link to comment Share on other sites More sharing options...
Lopezz Posted April 11, 2008 Author Report Share Posted April 11, 2008 Nero Scout is disabled...the service says that it is stopped and the only option you can do is to start it again.I did use process explorer....but i honestly don't know what is means. I did do it after i started to download again just before the error comes upsome familiar programs in the list are; BlueSoleil, RollerCoaster Tycoon, and Virtual DJ which are being seededThe rest i don't understand.*EDITED* Well This is the DLL list nowProcess PID CPU Description Company NameSystem Idle Process 0 96.92 Interrupts n/a Hardware Interrupts DPCs n/a Deferred Procedure Calls System 4 smss.exe 456 csrss.exe 524 wininit.exe 564 services.exe 648 svchost.exe 820 igfxsrvc.exe 3244 igfxsrvc Module Intel Corporation mobsync.exe 2812 Microsoft Sync Center Microsoft Corporation svchost.exe 868 svchost.exe 908 svchost.exe 1000 audiodg.exe 1152 svchost.exe 1024 dwm.exe 1748 Desktop Window Manager Microsoft Corporation WUDFHost.exe 2244 svchost.exe 1040 taskeng.exe 1732 Task Scheduler Engine Microsoft Corporation taskeng.exe 2484 taskeng.exe 3780 SLsvc.exe 1188 svchost.exe 1216 svchost.exe 1440 spoolsv.exe 1696 svchost.exe 1764 AppleMobileDeviceService.exe 2044 BlueSoleilCS.exe 316 mDNSResponder.exe 392 svchost.exe 12 svchost.exe 828 svchost.exe 1656 SearchIndexer.exe 1620 SDWinSec.exe 2060 BsHelpCS.exe 2456 iPodService.exe 3416 lsass.exe 664 lsm.exe 672 csrss.exe 572 winlogon.exe 620 explorer.exe 3720 Windows Explorer Microsoft Corporation uTorrent.exe 1972 1.54 µTorrent BitTorrent, Inc. firefox.exe 3080 Firefox Mozilla Corporation procexp.exe 468 1.54 Sysinternals Process Explorer Sysinternals - www.sysinternals.comMSASCui.exe 2696 Windows Defender User Interface Microsoft CorporationRtHDVCpl.exe 2704 HD Audio Control Panel Realtek Semiconductorjusched.exe 2732 Java Platform SE binary Sun Microsystems, Inc.hkcmd.exe 2748 hkcmd Module Intel Corporationigfxpers.exe 2756 persistence Module Intel CorporationBtTray.exe 2780 BlueSoleil Bttray iTunesHelper.exe 2788 iTunesHelper Module Apple Inc.sidebar.exe 2796 Windows Sidebar Microsoft CorporationProcess: uTorrent.exe Pid: 1972Name Description Company Name VersionADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 6.00.6000.16386apphelp.dll Application Compatibility Client Library Microsoft Corporation 6.00.6000.16386CLBCatQ.DLL COM+ Configuration Catalog Microsoft Corporation 2001.12.6930.16386COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.10.6000.16386comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.6000.16386dhcpcsvc.DLL DHCP Client Service Microsoft Corporation 6.00.6000.16512dhcpcsvc6.DLL DHCPv6 Client Microsoft Corporation 6.00.6000.16512DNSAPI.dll DNS Client API DLL Microsoft Corporation 6.00.6000.20740FirewallAPI.dll Windows Firewall API Microsoft Corporation 6.00.6000.16501GDI32.dll GDI Client DLL Microsoft Corporation 6.00.6000.16643iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 7.00.6000.16386IMM32.DLL Multi-User Windows IMM32 API Client DLL Microsoft Corporation 6.00.6000.16386Iphlpapi.dll IP Helper API Microsoft Corporation 6.00.6000.16386kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 6.00.6000.16386kernel32.dll.mui Windows NT BASE API Client DLL Microsoft Corporation 6.00.6000.16386locale.nls locale.nls LPK.DLL Language Pack Microsoft Corporation 6.00.6000.16386mdnsNSP.dll Bonjour Namespace Provider Apple Inc. 1.00.0004.0012MSCTF.dll MSCTF Server DLL Microsoft Corporation 6.00.6000.16386msctf.dll.mui MSCTF Server DLL Microsoft Corporation 6.00.6000.16386msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.6000.16386mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 6.00.6000.16386napinsp.dll E-mail Naming Shim Provider Microsoft Corporation 6.00.6000.16386NLAapi.dll Network Location Awareness 2 Microsoft Corporation 6.00.6000.16386NSI.dll NSI User-mode interface DLL Microsoft Corporation 6.00.6000.16386ntdll.dll NT Layer DLL Microsoft Corporation 6.00.6000.16386ole32.dll Microsoft OLE for Windows Microsoft Corporation 6.00.6000.16386oleaut32.dll Microsoft Corporation 6.00.6000.16609pnrpnsp.dll PNRP Name Space Provider Microsoft Corporation 6.00.6000.16386PROPSYS.dll Microsoft Property System Microsoft Corporation 6.00.6000.16386PSAPI.DLL Process Status Helper Microsoft Corporation 6.00.6000.16386rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 6.00.6000.16386RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 6.00.6000.16525Secur32.dll Security Support Provider Interface Microsoft Corporation 6.00.6000.16386SETUPAPI.dll Windows Setup API Microsoft Corporation 6.00.6000.16609setupapi.dll.mui Windows Setup API Microsoft Corporation 6.00.6000.16609SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.6000.16513shfolder.dll Shell Folder Service Microsoft Corporation 6.00.6000.16386SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.6000.16386urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 7.00.6000.16643USER32.dll Multi-User Windows USER API Client DLL Microsoft Corporation 6.00.6000.16438USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.626.6000.16386uTorrent.exe µTorrent BitTorrent, Inc. 1.08.0000.9363uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.6000.16386VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 6.00.6000.16386WINNSI.DLL Network Store Information RPC interface Microsoft Corporation 6.00.6000.16386winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 6.00.6000.16386WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 6.00.6000.16386WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 6.00.6000.16386wship6.dll Winsock2 Helper DLL (TL/IPv6) Microsoft Corporation 6.00.6000.16386wshtcpip.dll Winsock2 Helper DLL (TL/IPv4) Microsoft Corporation 6.00.6000.16386 Link to comment Share on other sites More sharing options...
jewelisheaven Posted April 11, 2008 Report Share Posted April 11, 2008 For providing the utorrent.exe Process Explorer list you don't need to be in Handles mode. That one you should use DLL mode (Ctrl-D)., which you can create and edit your above post removing the Handles list. I had thought you needed handles mode enabled, but all you need to do in your case is use FIND and put in part of your torrent data filename, in this case rollercoaster would suffice. If it only shows utorrent.exe having the handle open for it :/ Link to comment Share on other sites More sharing options...
Lopezz Posted April 12, 2008 Author Report Share Posted April 12, 2008 The above post was edited with the pro xpl. DLL list Link to comment Share on other sites More sharing options...
GTHK Posted April 12, 2008 Report Share Posted April 12, 2008 Don't know if it's related, but Logitech is screwing around with µT.lgscroll.dll Logitech Scroll Enabler (UNICODE) Logitech Inc. 4.00.0121.0000Do you need the Logitech stuff? Link to comment Share on other sites More sharing options...
Lopezz Posted April 12, 2008 Author Report Share Posted April 12, 2008 Well if Logitech is messing it up.....i might as well uninstall it....its the software for my wireless keyboard and mouseHowever if i remove the program would windows vista still run the hardware normally? Link to comment Share on other sites More sharing options...
jewelisheaven Posted April 12, 2008 Report Share Posted April 12, 2008 I doubt logitech desktop messenger is at fault for this problem however you never know?? If anything were amiss with setpoint, uT would freeze.I would also try killing your cam device driver vsnpstd.exe :/ It seems unrelated, but same reason above for LDM. Link to comment Share on other sites More sharing options...
GTHK Posted April 12, 2008 Report Share Posted April 12, 2008 Oh it's for your wireless? Not sure, usually it does, such software normally adds stuff like hotkeys on the keyboard (the mail and Internet buttons and stuff). I don't know if it's actually causing problems, but someone did have a mouse driver or something that caused µT to crash, and Logitech is adding data to µT so I pegged it. Do you have the original driver disk? In PE try just killing the programs for it, if your keyboard actually does stop working a restart will bring them it back. Once it's killed, restart µT, and if the entry I mentioned above is gone from the DLL list see if you still get access denied. I don't recognize anything else as being problematic, so if this doesn't work you'll need to wait for another regular to post.LogitechDesktopMessenger.exe 756 Logitech Desktop Messenger Logitech Inc.SetPoint.exe 916 Logitech SetPoint Event Manager (UNICODE) Logitech Inc. KHALMNPR.exe 3468 Logitech KHAL Main Process Logitech Inc. Link to comment Share on other sites More sharing options...
Firon Posted April 12, 2008 Report Share Posted April 12, 2008 Logitech stuff doesn't interfere. Link to comment Share on other sites More sharing options...
Lopezz Posted April 12, 2008 Author Report Share Posted April 12, 2008 I unistalled logitech and it didn't interfere with my keyboard and mouse. however i'm still having an issue with this. The post with the DLL list has been updated. What would my next step be? Link to comment Share on other sites More sharing options...
GTHK Posted April 12, 2008 Report Share Posted April 12, 2008 Well, I'm out of good ideas . I do hate that Bonjour crap, but it most likely wouldn't cause this problem, plus you can't just kill it, that would be bad. With PE open, press Ctrl+F, type in the name of the file from the torrent, make sure it's right, get the error, and press enter immediately, it should tell you what programs are using it. Link to comment Share on other sites More sharing options...
Firon Posted April 13, 2008 Report Share Posted April 13, 2008 You can reinstall the Logitech software.Uh, the other likely candidate is iTunes trying to index your media while you're downloading it, I guess. Link to comment Share on other sites More sharing options...
Lopezz Posted April 13, 2008 Author Report Share Posted April 13, 2008 I can't find any proof that iTunes is indexing the media files as they download. I never had a problem like this before. However it has been updated recently but i don't think the settings changed.Also i cannot find the handle/DLL of the file i'm downloading. It simply doesn't show up. When i type torrent.. utorrent.exe. shows up. I'm Stuck :/ Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.