Richter_746 Posted August 22, 2008 Report Posted August 22, 2008 I uninstalled my older version of Utorrent and installed 1.8 . Thing is, my torrent's don't even have a chance to download. Within a few minutes, I get a message from Utorrent saying "Error: Access is Denied". Never had this problem with the older version I had.
Ultima Posted August 22, 2008 Report Posted August 22, 2008 a) get HijackThis from trendsecure.com, run it, view the log, and post the contents here get Process Explorer from sysinternals.com, run it, Ctrl+D (to show the lower DLL pane), select the µTorrent process from the list, Ctrl+S (and save the list somewhere you'll find easily -- like the Desktop), then post the contents of the saved process list in the .txt file here
stevebmth Posted August 23, 2008 Report Posted August 23, 2008 I am having the same problem with torretns as well:Here are my logsLogfile of Trend Micro HijackThis v2.0.2Scan saved at 04:19:44, on 23/08/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\AVG\AVG8\avgtray.exeC:\Windows\System32\rundll32.exeC:\Windows\RTHDCPL.EXEC:\Windows\SkyTel.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Users\Steve.wkst1\Program Files\uTorrent\uTorrent.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\hh.exeC:\Program Files\AVG\AVG8\avgui.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLLO3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLLO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [skyTel] SkyTel.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLLO10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dllO13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO20 - AppInit_DLLs: avgrsstx.dllO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exeO23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exeO23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exeO23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exeO23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe--End of file - 7546 bytesHere is the Process ListProcess PID CPU Description Company NameSystem Idle Process 0 59.06 Interrupts n/a Hardware Interrupts DPCs n/a 0.77 Deferred Procedure Calls System 4 smss.exe 464 csrss.exe 604 wininit.exe 656 services.exe 708 svchost.exe 980 nvvsvc.exe 1028 rundll32.exe 1312 svchost.exe 1056 svchost.exe 1092 svchost.exe 1188 audiodg.exe 1324 3.84 svchost.exe 1220 WUDFHost.exe 2988 dwm.exe 1016 3.84 Desktop Window Manager Microsoft Corporation svchost.exe 1232 taskeng.exe 1568 taskeng.exe 2576 Task Scheduler Engine Microsoft Corporation svchost.exe 1384 SLsvc.exe 1404 svchost.exe 1460 svchost.exe 1660 aawservice.exe 1760 spoolsv.exe 1944 svchost.exe 1968 AppleMobileDeviceService.exe 1784 avgwdsvc.exe 1804 avgrsx.exe 3496 avgscanx.exe 2212 mDNSResponder.exe 1732 mdm.exe 856 NBService.exe 2076 IoctlSvc.exe 2348 svchost.exe 2376 PsiService_2.exe 2488 sqlwriter.exe 2736 svchost.exe 2756 svchost.exe 2784 SearchIndexer.exe 2824 SearchProtocolHost.exe 6108 SearchFilterHost.exe 2088 nSvcAppFlt.exe 2904 nSvcIp.exe 2964 wmpnetwk.exe 3600 iPodService.exe 180 usnsvc.exe 1564 svchost.exe 5128 lsass.exe 720 lsm.exe 728 csrss.exe 2456 winlogon.exe 2400 explorer.exe 2700 Windows Explorer Microsoft Corporation avgtray.exe 3088 AVG Tray Monitor AVG Technologies CZ, s.r.o. avgui.exe 3344 AVG User Interface AVG Technologies CZ, s.r.o. rundll32.exe 4016 Windows host process (Rundll32) Microsoft Corporation RTHDCPL.EXE 3200 Realtek HD Audio Control Panel Realtek Semiconductor Corp. SkyTel.exe 3096 Realtek Voice Manager Realtek Semiconductor Corp. jusched.exe 3452 Java Platform SE binary Sun Microsystems, Inc. iTunesHelper.exe 3288 iTunesHelper Module Apple Inc. sidebar.exe 2564 Windows Sidebar Microsoft Corporation sidebar.exe 220 5.37 Windows Sidebar Microsoft Corporation msnmsgr.exe 2728 2.30 Windows Live Messenger Microsoft Corporation procexp.exe 5224 1.53 Sysinternals Process Explorer Sysinternals - www.sysinternals.comuTorrent.exe 4356 µTorrent BitTorrent, Inc. firefox.exe 5200 23.01 Firefox Mozilla Corporation WinRAR.exe 4504 hh.exe 4908 Microsoft® HTML Help Executable Microsoft CorporationHijackThis.exe 4684 notepad.exe 4388 Process: uTorrent.exe Pid: 4356Name Description Company Name Versionactxprxy.dll ActiveX Interface Marshaling Library Microsoft Corporation 6.00.6001.18000ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 6.00.6001.18000apphelp.dll Application Compatibility Client Library Microsoft Corporation 6.00.6001.18000ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0000avgrsstx.dll AVG Resident Shield Starter AVG Technologies CZ, s.r.o. 8.00.0000.0134browseui.dll Shell Browser UI Library Microsoft Corporation 6.00.6001.18000CLBCatQ.DLL COM+ Configuration Catalog Microsoft Corporation 2001.12.6931.18000COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.10.6001.18000comctl32.dll.mui User Experience Controls Library Microsoft Corporation 6.10.6001.18000comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.6001.18000CRYPT32.dll Crypto API32 Microsoft Corporation 6.00.6001.18000CSCAPI.dll Offline Files Win32 API Microsoft Corporation 6.00.6001.18000CSCDLL.dll Offline Files Temporary Shim Microsoft Corporation 6.00.6001.18000cscui.dll Client Side Caching UI Microsoft Corporation 6.00.6001.18000davclnt.dll Web DAV Client DLL Microsoft Corporation 6.00.6000.16386dhcpcsvc.DLL DHCP Client Service Microsoft Corporation 6.00.6001.18000dhcpcsvc6.DLL DHCPv6 Client Microsoft Corporation 6.00.6001.18000DNSAPI.dll DNS Client API DLL Microsoft Corporation 6.00.6001.18000drprov.dll Microsoft Terminal Server Network Provider Microsoft Corporation 6.00.6000.16386DUser.dll Windows DirectUser Engine Microsoft Corporation 6.00.6001.18000duser.dll.mui Windows DirectUser Engine Microsoft Corporation 6.00.6000.16386dwmapi.dll Microsoft Desktop Window Manager API Microsoft Corporation 6.00.6001.18000FirewallAPI.dll Windows Firewall API Microsoft Corporation 6.00.6001.18000fsshext.8.5.1302.1018.dll Messenger File Sharing Shell Extensions Microsoft Corporation 8.05.1302.1018GDI32.dll GDI Client DLL Microsoft Corporation 6.00.6001.18023gdiplus.dll Microsoft GDI+ Microsoft Corporation 5.02.6001.18000GPAPI.dll Group Policy Client API Microsoft Corporation 6.00.6001.18000hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 6.00.6001.18000ieframe.dll Internet Explorer Microsoft Corporation 7.00.6001.18099iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 7.00.6001.18000imagehlp.dll Windows NT Image Helper Microsoft Corporation 6.00.6001.18000imageres.dll Windows Image Resource Microsoft Corporation 6.00.6000.16386imageres.dll.mui Windows Image Resource Microsoft Corporation 6.00.6000.16386IMM32.DLL Multi-User Windows IMM32 API Client DLL Microsoft Corporation 6.00.6001.18000Iphlpapi.dll IP Helper API Microsoft Corporation 6.00.6001.18000kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 6.00.6001.18000LINKINFO.dll Windows Volume Tracking Microsoft Corporation 6.00.6000.16386locale.nls locale.nls LPK.DLL Language Pack Microsoft Corporation 6.00.6001.18000mdnsNSP.dll Bonjour Namespace Provider Apple Inc. 1.00.0004.0012MPR.dll Multiple Provider Router DLL Microsoft Corporation 6.00.6001.18000MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 6.00.6000.16386MSCTF.dll MSCTF Server DLL Microsoft Corporation 6.00.6001.18000msshsq.dll Structured Query Microsoft Corporation 7.00.6001.16503MSVCR80.dll Microsoft® C Runtime Library Microsoft Corporation 8.00.50727.1434msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.6001.18000mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 6.00.6001.18000msxml3.dll MSXML 3.0 SP10 Microsoft Corporation 8.100.1043.0000msxml3r.dll XML Resources Microsoft Corporation 8.20.8730.0001napinsp.dll E-mail Naming Shim Provider Microsoft Corporation 6.00.6001.18000NETAPI32.dll Net Win32 API DLL Microsoft Corporation 6.00.6001.18000netshell.dll Network Connections Shell Microsoft Corporation 6.00.6001.18000NetworkExplorer.dll Network Explorer Microsoft Corporation 6.00.6001.18000NLAapi.dll Network Location Awareness 2 Microsoft Corporation 6.00.6001.18000npmproxy.dll Network List Manager Proxy Microsoft Corporation 6.00.6000.16386NSI.dll NSI User-mode interface DLL Microsoft Corporation 6.00.6001.18000ntdll.dll NT Layer DLL Microsoft Corporation 6.00.6001.18000ntlanman.dll Microsoft® Lan Manager Microsoft Corporation 6.00.6001.18000NTMARTA.DLL Windows NT MARTA provider Microsoft Corporation 6.00.6001.18000ntshrui.dll Shell extensions for sharing Microsoft Corporation 6.00.6001.18000nvLsp.dll NVIDIA IAM LSP NVIDIA 2.02.0000.6781ole32.dll Microsoft OLE for Windows Microsoft Corporation 6.00.6001.18000OLEAUT32.dll Microsoft Corporation 6.00.6001.18000pnrpnsp.dll PNRP Name Space Provider Microsoft Corporation 6.00.6001.18000PROPSYS.dll Microsoft Property System Microsoft Corporation 7.00.6001.16503PSAPI.DLL Process Status Helper Microsoft Corporation 6.00.6000.16386rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 6.00.6000.16386RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 6.00.6001.18051rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 6.00.6001.18000SAMLIB.dll SAM Library DLL Microsoft Corporation 6.00.6001.18000Secur32.dll Security Support Provider Interface Microsoft Corporation 6.00.6001.18000SETUPAPI.dll Windows Setup API Microsoft Corporation 6.00.6001.18000SHDOCVW.dll Shell Doc Object and Control Library Microsoft Corporation 6.00.6001.18000SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.6001.18062shfolder.dll Shell Folder Service Microsoft Corporation 6.00.6000.16386SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.6001.18000slc.dll Software Licensing Client Dll Microsoft Corporation 6.00.6001.18000SSDPAPI.dll SSDP Client API DLL Microsoft Corporation 6.00.6000.16386SXS.DLL Fusion 2.5 Microsoft Corporation 6.00.6001.18000thumbcache.dll Microsoft Thumbnail Cache Microsoft Corporation 6.00.6001.18000tiptsf.dll Tablet PC Input Panel Text Services Framework Microsoft Corporation 6.00.6001.18000upnp.dll UPnP Control Point API Microsoft Corporation 6.00.6001.18000urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 7.00.6001.18099USER32.dll Multi-User Windows USER API Client DLL Microsoft Corporation 6.00.6001.18000user32.dll.mui Multi-User Windows USER API Client DLL Microsoft Corporation 6.00.6001.18000USERENV.dll Userenv Microsoft Corporation 6.00.6001.18000USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.626.6001.18000uTorrent.exe µTorrent BitTorrent, Inc. 1.08.0000.11813uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.6001.18000VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 6.00.6001.18000WindowsCodecs.dll Microsoft Windows Codecs Library Microsoft Corporation 6.00.6001.18000WINHTTP.dll Windows HTTP Services Microsoft Corporation 6.00.6001.18000WINNSI.DLL Network Store Information RPC interface Microsoft Corporation 6.00.6001.18000winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 6.00.6000.16386WINTRUST.dll Microsoft Trust Verification APIs Microsoft Corporation 6.00.6001.18000WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 6.00.6001.18000WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 6.00.6001.18000wship6.dll Winsock2 Helper DLL (TL/IPv6) Microsoft Corporation 6.00.6001.18000wshtcpip.dll Winsock2 Helper DLL (TL/IPv4) Microsoft Corporation 6.00.6001.18000
Switeck Posted August 23, 2008 Report Posted August 23, 2008 Nero's indexing service can LOCK files so uTorrent can't access them:O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exeThis suggests you are using Nvidia's HORRIBLE firewall:O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dllYou'll probably need to remove both Nero's indexer and Nvidia's firewall (if indeed that's what nvlsp.dll is)...before uTorrent will work correctly.
Richter_746 Posted August 23, 2008 Author Report Posted August 23, 2008 HijackThis:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:00:21 AM, on 8/23/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16711)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Common Files\AOL\1192050660\ee\aolsoftware.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Users\Samigi\AppData\Local\Google\Update\GoogleUpdate.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Users\Samigi\AppData\Local\YouTube\Uploader\youtubeuploader.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\AIM6\aim6.exeC:\Program Files\AIM6\aolsoftware.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - K:\FLV Downloader\MoyeaCth.dll (file missing)O3 - Toolbar: (no name) - {1C56E97B-A95F-47B2-93C0-3FEED24479A7} - (no file)O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1192050660\ee\AOLSoftware.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /autoO4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkeyO4 - HKCU\..\Run: [Google Update] "C:\Users\Samigi\AppData\Local\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Web Technologies\iebtm.exeO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - Startup: YouTube Uploader.lnk = C:\Users\Samigi\AppData\Local\YouTube\Uploader\youtubeuploader.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dllO9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateforietool.com/redirect.php (file missing)O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateforietool.com/redirect.php (file missing)O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{51DA8A2B-73D9-44D5-8F29-2AD144F9736A}: NameServer = 192.168.1.1O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exeO23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeO23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeO23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeO23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe--End of file - 5992 bytesProcess List:Process PID CPU Description Company NameSystem Idle Process 0 64.78 Interrupts n/a 2.64 Hardware Interrupts DPCs n/a Deferred Procedure Calls System 4 1.32 smss.exe 352 csrss.exe 416 wininit.exe 460 services.exe 536 svchost.exe 716 unsecapp.exe 1916 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation WmiPrvSE.exe 2212 svchost.exe 768 svchost.exe 812 audiodg.exe 1024 svchost.exe 872 2.64 dwm.exe 1668 2.64 Desktop Window Manager Microsoft Corporation WUDFHost.exe 2348 svchost.exe 904 taskeng.exe 1624 Task Scheduler Engine Microsoft Corporation taskeng.exe 2640 SLsvc.exe 1056 svchost.exe 1088 svchost.exe 1220 spoolsv.exe 1364 svchost.exe 1388 2.64 AOLacsd.exe 1732 AppleMobileDeviceService.exe 1756 mDNSResponder.exe 1936 McProxy.exe 1988 Mcshield.exe 332 1.32 svchost.exe 1236 ViewpointService.exe 1188 SearchIndexer.exe 2092 wmpnetwk.exe 3176 mcmscsvc.exe 3836 iPodService.exe 4068 mcsysmon.exe 252 McNASvc.exe 1124 lsass.exe 548 lsm.exe 556 csrss.exe 468 winlogon.exe 516 explorer.exe 1720 1.32 Windows Explorer Microsoft Corporation aolsoftware.exe 1852 AOL America Online, Inc. iTunesHelper.exe 1944 iTunesHelper Module Apple Inc. mcagent.exe 764 McAfee Integrated Security Platform McAfee, Inc. GoogleUpdate.exe 900 Google Update Google Inc. wmpnscfg.exe 1396 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation youtubeuploader.exe 1708 YouTube Uploader YouTube, LLC firefox.exe 1496 11.90 Firefox Mozilla Corporation aim6.exe 2424 AIM AOL LLC aolsoftware.exe 3568 AOL AOL LLC uTorrent.exe 3360 µTorrent BitTorrent, Inc. procexp.exe 2188 7.93 Sysinternals Process Explorer Sysinternals - www.sysinternals.comProcess: uTorrent.exe Pid: 3360Name Description Company Name VersionADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 6.00.6000.16386CLBCatQ.DLL COM+ Configuration Catalog Microsoft Corporation 2001.12.6930.16386COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.10.6000.16386comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.6000.16386dhcpcsvc.DLL DHCP Client Service Microsoft Corporation 6.00.6000.16512dhcpcsvc6.DLL DHCPv6 Client Microsoft Corporation 6.00.6000.16512DNSAPI.dll DNS Client API DLL Microsoft Corporation 6.00.6000.16615FirewallAPI.dll Windows Firewall API Microsoft Corporation 6.00.6000.16501GDI32.dll GDI Client DLL Microsoft Corporation 6.00.6000.16643IMM32.DLL Multi-User Windows IMM32 API Client DLL Microsoft Corporation 6.00.6000.16386Iphlpapi.dll IP Helper API Microsoft Corporation 6.00.6000.16386kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 6.00.6000.16386kernel32.dll.mui Windows NT BASE API Client DLL Microsoft Corporation 6.00.6000.16386locale.nls locale.nls LPK.DLL Language Pack Microsoft Corporation 6.00.6000.16386mdnsNSP.dll Bonjour Namespace Provider Apple Inc. 1.00.0004.0012MSCTF.dll MSCTF Server DLL Microsoft Corporation 6.00.6000.16386msctf.dll.mui MSCTF Server DLL Microsoft Corporation 6.00.6000.16386msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.6000.16386mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 6.00.6000.16386napinsp.dll E-mail Naming Shim Provider Microsoft Corporation 6.00.6000.16386NLAapi.dll Network Location Awareness 2 Microsoft Corporation 6.00.6000.16386NSI.dll NSI User-mode interface DLL Microsoft Corporation 6.00.6000.16386ntdll.dll NT Layer DLL Microsoft Corporation 6.00.6000.16386ole32.dll Microsoft OLE for Windows Microsoft Corporation 6.00.6000.16386oleaut32.dll Microsoft Corporation 6.00.6000.16609pnrpnsp.dll PNRP Name Space Provider Microsoft Corporation 6.00.6000.16386PSAPI.DLL Process Status Helper Microsoft Corporation 6.00.6000.16386R000000000009.clb rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 6.00.6000.16386RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 6.00.6000.16525Secur32.dll Security Support Provider Interface Microsoft Corporation 6.00.6000.16386SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.6000.16680shfolder.dll Shell Folder Service Microsoft Corporation 6.00.6000.16386SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.6000.16386USER32.dll Multi-User Windows USER API Client DLL Microsoft Corporation 6.00.6000.16438USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.626.6000.16386uTorrent.exe µTorrent BitTorrent, Inc. 1.08.0000.11813uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.6000.16386VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 6.00.6000.16386WINNSI.DLL Network Store Information RPC interface Microsoft Corporation 6.00.6000.16386winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 6.00.6000.16386WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 6.00.6000.16386WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 6.00.6000.16386wship6.dll Winsock2 Helper DLL (TL/IPv6) Microsoft Corporation 6.00.6000.16386wshtcpip.dll Winsock2 Helper DLL (TL/IPv4) Microsoft Corporation 6.00.6000.16386
navic99 Posted August 23, 2008 Report Posted August 23, 2008 I'm having the same issue...downloaded and installed v1.8 and now I'm getting the "access denied" message. Here are my Hijack this and process explorer logs. I also disconnected my hardware firewall and stopped ZoneAlarm to see if that would help. I still get the error without either one of those in place. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:54:07 PM, on 8/23/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\AntiVir PersonalEdition Classic\sched.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\Program Files\FolderSize\FolderSizeSvc.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files\NovaStor\NovaBACKUP\NMSAccessU.exeC:\Program Files\NovaStor\NovaBACKUP\NSENGINE.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\BXNEWF~1\bxExpHelper.exeC:\WINDOWS\stsystra.exeC:\Program Files\AntiVir PersonalEdition Classic\avgnt.exeC:\Program Files\Unlocker\UnlockerAssistant.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\Windows Defender\MSASCui.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exeC:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\DNA\btdna.exeC:\Program Files\SpyCatcher\Protector.exeC:\Program Files\Digsby\digsby.exeC:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exeC:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exeC:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Documents and Settings\GLENN\Desktop\HiJackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Glenn's Internet ExplorerO2 - BHO: bxNewFolder - {51C8BCA8-2524-4523-BF09-738C4EEBFC58} - C:\PROGRA~1\BXNEWF~1\BXNEWF~1.DLLO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dllO4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKLM\..\Run: [spyCatcher Reminder] C:\Program Files\SpyCatcher\SpyCatcher.exe reminderO4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKCU\..\Run: [TClockEx] D:\_Utilities\tclockex\TCLOCKEX.EXEO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [iomega Automatic Backup Pro] "C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" -sO4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"O4 - Startup: Digsby.lnk = C:\Program Files\Digsby\digsby.exeO4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exeO4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher\Protector.exeO8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlO8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlO9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlO9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlO9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlO9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: *.stumbleupon.comO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188421540859O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188421532218O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15031/CTPID.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: secuload.dllO23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exeO23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exeO23 - Service: NMSAccessU - Unknown owner - C:\Program Files\NovaStor\NovaBACKUP\NMSAccessU.exeO23 - Service: NsEngine - NovaStor Corporation - C:\Program Files\NovaStor\NovaBACKUP\NSENGINE.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe--End of file - 9625 bytes==========================================================PROCESS EXPLORER==========================================================Process PID CPU Description Company NameSystem Idle Process 0 52.63 Interrupts n/a Hardware Interrupts DPCs n/a 0.88 Deferred Procedure Calls System 4 9.21 smss.exe 808 Windows NT Session Manager Microsoft Corporationexplorer.exe 1620 Windows Explorer Microsoft Corporation stsystra.exe 3528 Sigmatel Audio system tray application SigmaTel, Inc. avgnt.exe 3536 Antivirus System Tray Tool Avira GmbH UnlockerAssistant.exe 3584 jusched.exe 3680 Java Platform SE binary Sun Microsystems, Inc. MSASCui.exe 3740 Windows Defender User Interface Microsoft Corporation ctfmon.exe 168 CTF Loader Microsoft Corporation LiveSystem.exe 680 Iomega Automatic Backup 3.2 for Windows 2000/XP Iomega Corporation robotaskbaricon.exe 1076 RoboForm TaskBar Icon Siber Systems TeaTimer.exe 1180 System settings protector Safer Networking Limited btdna.exe 116 DNA BitTorrent, Inc. Protector.exe 1356 SpyCatcher Protector - manage spyware Tenebril Inc. digsby.exe 1920 Digsby IM dotSyntax, LLC YahooWidgetEngine.exe 2152 Yahoo! Widgets Yahoo! Inc. YahooWidgetEngine.exe 1752 Yahoo! Widgets Yahoo! Inc. YahooWidgetEngine.exe 2496 Yahoo! Widgets Yahoo! Inc. iexplore.exe 2872 Internet Explorer Microsoft Corporation firefox.exe 3408 Firefox Mozilla Corporation zlclient.exe 4012 ZoneAlarm Client Zone Labs, LLC HiJackThis.exe 2832 HijackThis Trend Micro Inc. procexp.exe 860 14.47 Sysinternals Process Explorer Sysinternals uTorrent.exe 3676 0.88 µTorrent BitTorrent, Inc.Process: uTorrent.exe Pid: 3676Name Description Company Name Versionactiveds.dll ADs Router Layer DLL Microsoft Corporation 5.01.2600.5512adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.01.2600.5512advapi32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.5512atl.dll ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0001clbcatq.dll Microsoft Corporation 2001.12.4414.0700comctl32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.5512comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.2900.5512comres.dll Microsoft Corporation 2001.12.4414.0700crypt32.dll Crypto API32 Microsoft Corporation 5.131.2600.5512ctype.nls dnsapi.dll DNS Client API DLL Microsoft Corporation 5.01.2600.5625gdi32.dll GDI Client DLL Microsoft Corporation 5.01.2600.5512hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.01.2600.5512imagehlp.dll Windows NT Image Helper Microsoft Corporation 5.01.2600.5512imm32.dll Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.5512iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.5512kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.5512locale.nls mprapi.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.01.2600.5512msasn1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.5512msctf.dll MSCTF Server DLL Microsoft Corporation 5.01.2600.5512msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.01.2600.5512msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.5512mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.01.2600.5625netapi32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.5512ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.5512ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.5512oleaut32.dll Microsoft Corporation 5.01.2600.5512Protector.dll API Guard Tenebril Inc. 6.00.0000.0089rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.5512rpcrt4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.5512rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.5512samlib.dll SAM Library DLL Microsoft Corporation 5.01.2600.5512SecuLoad.dll API Guard Tenebril Inc. 6.00.0000.0078secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.5512setupapi.dll Windows Setup API Microsoft Corporation 5.01.2600.5512sfc.dll Windows File Protection Microsoft Corporation 5.01.2600.5512sfc_os.dll Windows File Protection Microsoft Corporation 5.01.2600.5512shell32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.5512shfolder.dll Shell Folder Service Microsoft Corporation 6.00.2900.5512shlwapi.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.5512sortkey.nls sorttbls.nls unicode.nls UnlockerHook.dll user32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.5512uTorrent.exe µTorrent BitTorrent, Inc. 1.08.0000.11813uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.5512version.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.5512wintrust.dll Microsoft Trust Verification APIs Microsoft Corporation 5.131.2600.5512wldap32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.5512ws2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.5512ws2help.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.5512wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.5512
Firon Posted August 23, 2008 Report Posted August 23, 2008 You can't disable ZA, only uninstall it. But I doubt it's related to your access issue.stevebmth, disable Nero Scout.
Richter_746 Posted August 24, 2008 Author Report Posted August 24, 2008 Sorry but it seems mine is being ignored.....
Ultima Posted August 24, 2008 Report Posted August 24, 2008 @Richter_746: SearchIndexer.exe 2092 That's the only possible culprit I spotted. Its the search indexer that comes with Vista, and indexers are known to lock files.
Richter_746 Posted August 24, 2008 Author Report Posted August 24, 2008 Sorry if I'm sounding a little dumb, but how would I fix my problem then? I've found the program using the search feature of Vista but double clicking it doesn't even open anything up.
navic99 Posted August 24, 2008 Report Posted August 24, 2008 I solved my issue. I had setup port forwarding and it still wasn't working, but I hadn't set a fixed IP address. So if anyone hasn't done port forwarding and set a fixed IP address, you must do that!
Richter_746 Posted August 25, 2008 Author Report Posted August 25, 2008 I seriously still need help. I don't know what to do. I've went to indexing options via the control panel as well, disabled torrents from the advanced options to no avail....
Skaman Posted August 25, 2008 Report Posted August 25, 2008 I have the same problem as Richter: after reinstalling new utorrent, the acces-denied message appears - though it appears in Dutch. As the program is in English, this made me think: could it be the provider blocking it?I have tried every option suggested in this thread, still no improvement. Hope anyone can help us!
Switeck Posted August 25, 2008 Report Posted August 25, 2008 Access is Denied is almost always caused by a software firewall or file indexer, in either case...something on your computer.
GTHK Posted August 25, 2008 Report Posted August 25, 2008 You can use Process Explorer to find out what's blocking things, when you get the error press Ctrl+F and type in part of the file name.
keithywh Posted August 26, 2008 Report Posted August 26, 2008 Hi, I face similar problem.Here's my log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:53:48 PM, on 26/8/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files\ASUS\ASUS Live Update\ALU.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeC:\Program Files\ASUS\ATK Media\DMedia.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\ASScrPro.exeC:\Program Files\Grisoft\AVG7\avgcc.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\SmartFix\McciTrayApp.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Infineon\Security Platform Software\PSDrt.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Infineon\Security Platform Software\SpTna.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\Mozilla Thunderbird\thunderbird.exeC:\Users\Keith Yeo\Desktop\procexp.exeC:\Users\Keith Yeo\AppData\Local\Temp\Temp1_HiJackThis.zip\HijackThis.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\NOTEPAD.EXEC:\Users\Keith Yeo\Desktop\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exeO1 - Hosts: ::1 localhostO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeO4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXEO4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exeO4 - HKLM\..\Run: [iFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogonO4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exeO4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exeO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [singtelRV_McciTrayApp] C:\Program Files\SmartFix\McciTrayApp.exeO4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exeO4 - HKLM\..\Run: [Microsoft WinUpdate] C:\Windows\system32\msupdte.exeO4 - HKLM\..\Run: [\SUEC0EB.exe] C:\Windows\SUEC0EB.exeO4 - HKLM\..\Run: [\SUEC29F.exe] C:\Windows\SUEC29F.exeO4 - HKLM\..\Run: [\SUEC647.exe] C:\Windows\SUEC647.exeO4 - HKLM\..\Run: [\SUEC8A8.exe] C:\Windows\SUEC8A8.exeO4 - HKLM\..\Run: [\SUECD1B.exe] C:\Windows\SUECD1B.exeO4 - HKLM\..\Run: [ypops] C:\Program Files\Mypops\ypops.exeO4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exeO4 - HKCU\..\Run: [CoolCalendar] C:\Program Files\CooSoft\Cool Calendar\CoolCalendar.exeO4 - HKCU\..\Run: [\SUEC0EB.exe] C:\Windows\SUEC0EB.exeO4 - HKCU\..\Run: [\SUEC29F.exe] C:\Windows\SUEC29F.exeO4 - HKCU\..\Run: [\SUEC647.exe] C:\Windows\SUEC647.exeO4 - HKCU\..\Run: [\SUEC8A8.exe] C:\Windows\SUEC8A8.exeO4 - HKCU\..\Run: [\SUECD1B.exe] C:\Windows\SUECD1B.exeO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO13 - Gopher Prefix: O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cabO16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cabO16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://www.shockwave.com/content/chocolatier/sis/ChocolatierWeb.1.0.0.13.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUplden-us.cabO16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://www.shockwave.com/content/weddingdash/sis/WeddingDash.1.0.0.47.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{68C4F5D6-91E1-49E2-8E27-7D36A47C185C}: NameServer = 165.21.83.88 165.21.100.88O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,c:\progra~1\bandoo\bndhook.dll,C:\Program,Files\RelevantKnowledge\rlai.dll,C:\Program,Files\RelevantKnowledge\rlai.dll,C:\Program,Files\RelevantKnowledge\rlai.dll,C:\Program,Files\RelevantKnowledge\rlai.dll,C:\Program Files\RelevantKnowledge\rlai.dllO20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dllO23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exeO23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exeO23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exeO23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exeO23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exeO23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Host.exe--End of file - 12410 bytesHere's the process list.Process PID CPU Description Company NameACEngSvr.exe 3144 ACMON.exe 3068 ADC.exe 1972 Active Desktop Calendar Application XemiComputers ltd.ADSMSrv.exe 1636 ALU.exe 4020 ASLDRSrv.exe 1648 ASScrPro.exe 3744 ATKOSD.exe 2092 ATKOSD2.exe 744 audiodg.exe 1280 avgamsvr.exe 576 avgcc.exe 3308 AVG Control Center GRISOFT, s.r.o.avgrssvc.exe 840 avgrssvc.exe 1272 avgupsvc.exe 660 BatteryLife.exe 3064 csrss.exe 596 csrss.exe 656 DMedia.exe 3184 DMedia ASUSTeK Computer INC.DPCs n/a Deferred Procedure Calls dwm.exe 3876 Desktop Window Manager Microsoft Corporationehmsas.exe 156 Media Center Media Status Aggregator Service Microsoft Corporationehrecvr.exe 2832 ehsched.exe 1372 ehtray.exe 3720 Media Center Tray Applet Microsoft CorporationEvtEng.exe 1496 explorer.exe 3968 6.82 Windows Explorer Microsoft Corporationfirefox.exe 3808 2.27 Firefox Mozilla CorporationGFNEXSrv.exe 1664 HControl.exe 2968 HijackThis.exe 5604 HijackThis Trend Micro Inc.HijackThis.exe 6080 hkcmd.exe 3192 hkcmd Module Intel Corporationhpqste08.exe 4304 HP CUE Status Hewlett-Packard Co.hpqtra08.exe 3288 HP Digital Imaging Monitor Hewlett-Packard Co.hpwuSchd2.exe 2228 Hewlett-Packard Product Assistant Hewlett-Packard Co.IfxPsdSv.exe 2272 IFXSPMGT.exe 2080 IFXTCS.exe 2148 IfxUAGUI.exe 1696 igfxpers.exe 1196 persistence Module Intel Corporationigfxsrvc.exe 3052 igfxsrvc Module Intel Corporationigfxtray.exe 2208 igfxTray Module Intel CorporationInterrupts n/a Hardware Interrupts jusched.exe 3792 Java Platform SE binary Sun Microsystems, Inc.lsass.exe 700 lsm.exe 708 McciTrayApp.exe 1448 mcci+McciTrayApp Motive Communications, Inc.mDNSResponder.exe 1204 MSASCui.exe 928 Windows Defender User Interface Microsoft Corporationmsnmsgr.exe 2212 Windows Live Messenger Microsoft Corporationnotepad.exe 5740 PnkBstrA.exe 2312 procexp.exe 4704 0.76 Sysinternals Process Explorer Sysinternals - www.sysinternals.comPSDrt.exe 3624 PSD Runtime Application Infineon Technologies AGRegSrvc.exe 2388 RtHDVCpl.exe 2576 HD Audio Control Panel Realtek SemiconductorSearchFilterHost.exe 4784 SearchIndexer.exe 2520 SearchProtocolHost.exe 1600 services.exe 688 SLsvc.exe 1316 sm56hlpr.exe 3172 Application executable file Motorola Inc.smss.exe 528 spoolsv.exe 1812 SpTNA.exe 1832 Taskbar Notification Icon Infineon Technologies AGsvchost.exe 904 svchost.exe 964 svchost.exe 1004 svchost.exe 1096 svchost.exe 1136 svchost.exe 1152 svchost.exe 1344 svchost.exe 1504 svchost.exe 1852 svchost.exe 1456 svchost.exe 1520 svchost.exe 2068 svchost.exe 2184 svchost.exe 2292 svchost.exe 2332 svchost.exe 2440 svchost.exe 2496 SynTPEnh.exe 2088 System 4 System Idle Process 0 90.15 taskeng.exe 3484 taskeng.exe 3884 taskeng.exe 3936 Task Scheduler Engine Microsoft Corporationtaskeng.exe 5400 TeamViewer_Host.exe 2460 TeaTimer.exe 1060 System settings protector Safer Networking Limitedthunderbird.exe 1172 Mozilla Thunderbird Mozilla Corporationunsecapp.exe 1080 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporationusnsvc.exe 1000 uTorrent.exe 3384 µTorrent BitTorrent, Inc.wcourier.exe 3044 wininit.exe 644 winlogon.exe 784 wlanext.exe 1700 WmiPrvSE.exe 3096 wmpnetwk.exe 3556 wmpnscfg.exe 3440 Windows Media Player Network Sharing Service Configuration Application Microsoft CorporationProcess: uTorrent.exe Pid: 3384Name Description Company Name VersionADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 6.00.6001.18000apphelp.dll Application Compatibility Client Library Microsoft Corporation 6.00.6001.18000browseui.dll Shell Browser UI Library Microsoft Corporation 6.00.6001.18000CLBCatQ.DLL COM+ Configuration Catalog Microsoft Corporation 2001.12.6931.18000COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.10.6001.18000comctl32.dll.mui User Experience Controls Library Microsoft Corporation 6.10.6001.18000comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.6001.18000dhcpcsvc.DLL DHCP Client Service Microsoft Corporation 6.00.6001.18000dhcpcsvc6.DLL DHCPv6 Client Microsoft Corporation 6.00.6001.18000DNSAPI.dll DNS Client API DLL Microsoft Corporation 6.00.6001.18000DUser.dll Windows DirectUser Engine Microsoft Corporation 6.00.6001.18000duser.dll.mui Windows DirectUser Engine Microsoft Corporation 6.00.6000.16386FirewallAPI.dll Windows Firewall API Microsoft Corporation 6.00.6001.18000GDI32.dll GDI Client DLL Microsoft Corporation 6.00.6001.18023iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 7.00.6001.18000imageres.dll Windows Image Resource Microsoft Corporation 6.00.6000.16386imageres.dll.mui Windows Image Resource Microsoft Corporation 6.00.6000.16386IMM32.DLL Multi-User Windows IMM32 API Client DLL Microsoft Corporation 6.00.6001.18000Iphlpapi.dll IP Helper API Microsoft Corporation 6.00.6001.18000kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 6.00.6001.18000locale.nls locale.nls LPK.DLL Language Pack Microsoft Corporation 6.00.6001.18000mdnsNSP.dll Bonjour Namespace Provider Apple Computer, Inc. 1.00.0003.0001MouseHook.dll MSCTF.dll MSCTF Server DLL Microsoft Corporation 6.00.6001.18000msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.6001.18000mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 6.00.6001.18000napinsp.dll E-mail Naming Shim Provider Microsoft Corporation 6.00.6001.18000NLAapi.dll Network Location Awareness 2 Microsoft Corporation 6.00.6001.18000npmproxy.dll Network List Manager Proxy Microsoft Corporation 6.00.6000.16386NSI.dll NSI User-mode interface DLL Microsoft Corporation 6.00.6001.18000ntdll.dll NT Layer DLL Microsoft Corporation 6.00.6001.18000ole32.dll Microsoft OLE for Windows Microsoft Corporation 6.00.6001.18000oleaut32.dll Microsoft Corporation 6.00.6001.18000OverlayIconShlExt.dll OverlayIconShlExt 1.00.0000.0000pnrpnsp.dll PNRP Name Space Provider Microsoft Corporation 6.00.6001.18000PROPSYS.dll Microsoft Property System Microsoft Corporation 7.00.6001.16503PSAPI.DLL Process Status Helper Microsoft Corporation 6.00.6000.16386rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 6.00.6000.16386RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 6.00.6001.18051rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 6.00.6001.18000Secur32.dll Security Support Provider Interface Microsoft Corporation 6.00.6001.18000SETUPAPI.dll Windows Setup API Microsoft Corporation 6.00.6001.18000SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.6001.18062shfolder.dll Shell Folder Service Microsoft Corporation 6.00.6000.16386SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.6001.18000tiptsf.dll Tablet PC Input Panel Text Services Framework Microsoft Corporation 6.00.6001.18000urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 7.00.6001.18099USER32.dll Multi-User Windows USER API Client DLL Microsoft Corporation 6.00.6001.18000user32.dll.mui Multi-User Windows USER API Client DLL Microsoft Corporation 6.00.6001.18000USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.626.6001.18000uTorrent.exe µTorrent BitTorrent, Inc. 1.08.0000.11813uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.6001.18000VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 6.00.6001.18000WindowsCodecs.dll Microsoft Windows Codecs Library Microsoft Corporation 6.00.6001.18000WINNSI.DLL Network Store Information RPC interface Microsoft Corporation 6.00.6001.18000winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 6.00.6000.16386WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 6.00.6001.18000WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 6.00.6001.18000wshbth.dll Windows Sockets Helper DLL Microsoft Corporation 6.00.6000.16386wship6.dll Winsock2 Helper DLL (TL/IPv6) Microsoft Corporation 6.00.6001.18000wshtcpip.dll Winsock2 Helper DLL (TL/IPv4) Microsoft Corporation 6.00.6001.18000Appreciate it!
Switeck Posted August 26, 2008 Report Posted August 26, 2008 Um...this looks BAD:O4 - HKLM\..\Run: [\SUEC0EB.exe] C:\Windows\SUEC0EB.exeO4 - HKLM\..\Run: [\SUEC29F.exe] C:\Windows\SUEC29F.exeO4 - HKLM\..\Run: [\SUEC647.exe] C:\Windows\SUEC647.exeO4 - HKLM\..\Run: [\SUEC8A8.exe] C:\Windows\SUEC8A8.exeO4 - HKLM\..\Run: [\SUECD1B.exe] C:\Windows\SUECD1B.exe
keithywh Posted August 26, 2008 Report Posted August 26, 2008 haha. any idea? i really got no idea. torrent was working well initially, until today this Access Denied appeared. Anyone who has idea, kindly advise.Appreciated it!
keithywh Posted August 26, 2008 Report Posted August 26, 2008 DreadWingKnight, but somehow my antivirus shows as clean.. i know nuts on how to solves these. kindly path me e way to resolve this. thanks! should u have any recommended softwares to help me get my com protected, pls.. by all means, advice me.Appreciated it!
Switeck Posted August 26, 2008 Report Posted August 26, 2008 Try AVG antivirus and SpyBot Seek and Destroy anti-spyware, if you haven't already.Make sure you're running the latest updates of both before trying to do a complete system scan.
shotgun23red Posted August 26, 2008 Report Posted August 26, 2008 After reading thread last night I ran spy doctor and shonuff nr.Cmd was the infuction. Thanks.
raggidy Posted August 30, 2008 Report Posted August 30, 2008 Same problem as above =/ heres my log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:41:55, on 30/08/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\COMODO\Firewall\cmdagent.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exec:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\PROGRA~1\AVG\AVG8\avgam.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeC:\Program Files\CDBurnerXP\NMSAccessU.exeC:\WINDOWS\system32\nvsvc32.exec:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeC:\WINDOWS\sm56hlpr.exeC:\WINDOWS\system32\WDBtnMgr.exeC:\Program Files\COMODO\SafeSurf\cssurf.exeC:\Program Files\COMODO\Firewall\cfp.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\RocketDock\RocketDock.exeC:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\wbem\wmiapsrv.exeC:\Program Files\Windows Media Player\wmplayer.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Windows Live\Messenger\usnsvc.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Common Files\Nero\Lib\NMIndexingService.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=enR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.evesham.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Evesham TechnologyO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLLO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLLO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dllO3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLLO3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLLO4 - HKLM\..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exeO4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -sO4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -hO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKLM\..\RunServices: [Microsoft host service] mshost.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe"O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htmO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dllO9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://www.evesham.com/O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cabO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dllO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: AVG8 Firewall (avgfws8) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgfws8.exe (file missing)O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe (file missing)O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: MioNet - Unknown owner - C:\Program Files\MioNet\MioNetManager.exeO23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe (file missing)O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeO23 - Service: NinjaVideo Helper (NinjaVideo Helper.exe) - NinjaVideo - C:\Program Files\NinjaVideo\NinjaVideo Helper\NinjaVideo Helper.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exeO23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe--End of file - 10526 bytesProcessProcess PID CPU Description Company NameSystem Idle Process 0 96.32 Interrupts n/a Hardware Interrupts DPCs n/a Deferred Procedure Calls System 4 smss.exe 1440 Windows NT Session Manager Microsoft Corporation csrss.exe 1500 Client Server Runtime Process Microsoft Corporation winlogon.exe 1524 Windows NT Logon Application Microsoft Corporation services.exe 1612 1.47 Services and Controller app Microsoft Corporation svchost.exe 1788 Generic Host Process for Win32 Services Microsoft Corporation msn_sl.exe 5384 Windows Live Toolbar Helper Microsoft Corporation svchost.exe 1840 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1896 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1940 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 340 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 412 Generic Host Process for Win32 Services Microsoft Corporation aawservice.exe 740 Ad-Aware 2007 Service Lavasoft AB spoolsv.exe 1224 Spooler SubSystem App Microsoft Corporation cmdagent.exe 1668 CTSVCCDA.EXE 1956 Creative Service for CDROM Access Creative Technology Ltd ehrecvr.exe 680 Media Center Receiver Service Microsoft Corporation ehSched.exe 916 Media Center Scheduler Service Microsoft Corporation LSSrvc.exe 644 sqlservr.exe 784 SQL Server Windows NT Microsoft Corporation nvsvc32.exe 932 NVIDIA Driver Helper Service, Version 84.64 NVIDIA Corporation sqlwriter.exe 1016 SQL Server VSS Writer Microsoft Corporation svchost.exe 2252 Generic Host Process for Win32 Services Microsoft Corporation StarWindService.exe 2336 StarWind iSCSI Target (Alcohol Edition) Rocket Division Software mcrdsvc.exe 2560 MCRD Device Service Microsoft Corporation dllhost.exe 3420 COM Surrogate Microsoft Corporation alg.exe 4024 Application Layer Gateway Service Microsoft Corporation wmiapsrv.exe 288 WMI Performance Adapter Service Microsoft Corporation svchost.exe 2808 Generic Host Process for Win32 Services Microsoft Corporation usnsvc.exe 1140 Messenger Sharing USN Journal Reader Service Microsoft Corporation avgwdsvc.exe 5240 AVG Watchdog Service AVG Technologies CZ, s.r.o. avgam.exe 4764 AVG Alert Manager AVG Technologies CZ, s.r.o. avgrsx.exe 752 AVG Resident Shield Service AVG Technologies CZ, s.r.o. lsass.exe 1624 LSA Shell (Export Version) Microsoft Corporationexplorer.exe 836 Windows Explorer Microsoft Corporation sm56hlpr.exe 2760 Application executable file Motorola Inc. WDBtnMgr.exe 2844 WD Button Manager Western Digital Technologies, Inc. cssurf.exe 3180 COMODO SafeSurf COMODO ctfmon.exe 3596 CTF Loader Microsoft Corporation RocketDock.exe 3624 wmplayer.exe 2996 Windows Media Player Microsoft Corporation msnmsgr.exe 4428 0.74 Windows Live Messenger Microsoft Corporation iexplore.exe 4100 Internet Explorer Microsoft Corporation uTorrent.exe 4528 0.74 µTorrent BitTorrent, Inc. procexp.exe 560 0.74 Sysinternals Process Explorer Sysinternals - www.sysinternals.comavgrsx.exe 1388 AVG Resident Shield Service AVG Technologies CZ, s.r.o.notepad.exe 1168 Notepad Microsoft CorporationProcess: uTorrent.exe Pid: 4528Name Description Company Name VersionACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation 5.01.2600.2180adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.01.2600.2180ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.2180ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0000avgrsstx.dll AVG Resident Shield Starter AVG Technologies CZ, s.r.o. 8.00.0000.0134CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0308COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2982comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.2900.2180COMRes.dll Microsoft Corporation 2001.12.4414.0258credui.dll Credential Manager User Interface Microsoft Corporation 5.01.2600.2180cssdll32.dll COMODO SafeSurf COMODO 1.00.0000.0007ctype.nls DNSAPI.dll DNS Client API DLL Microsoft Corporation 5.01.2600.3394fltLib.dll Filter Library Microsoft Corporation 5.01.2600.2978GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.3316guard32.dll 3.00.0023.0357hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.01.2600.2180IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.2180Iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.2912kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.3119locale.nls MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.01.2600.2180MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.01.2600.3319msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.01.2600.2180msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.2180mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.01.2600.3394NETAPI32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.2976NETSHELL.dll Network Connections Shell Microsoft Corporation 5.01.2600.2703ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.2180ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.2726oleaut32.dll Microsoft Corporation 5.01.2600.3266PSAPI.DLL Process Status Helper Microsoft Corporation 5.01.2600.2180rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.2938RocketDock.dll RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.3173rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.01.2600.2161rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.2180SAMLIB.dll SAM Library DLL Microsoft Corporation 5.01.2600.2180SETUPAPI.dll Windows Setup API Microsoft Corporation 5.01.2600.2180SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.3241shfolder.dll Shell Folder Service Microsoft Corporation 6.00.2900.2180SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.3020sortkey.nls sorttbls.nls unicode.nls USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.3099uTorrent.exe µTorrent BitTorrent, Inc. 1.08.0000.11813uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.2180VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180winsta.dll Winstation Library Microsoft Corporation 5.01.2600.2180WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.2180WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.2180wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.2180xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.01.2600.2180any ideas?
Switeck Posted August 30, 2008 Report Posted August 30, 2008 This one:O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe...Indexing without uTorrent's permission.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.