Jump to content

Utorrent 1.8 Error "Access is Denied"


Richter_746

Recommended Posts

Posted

I uninstalled my older version of Utorrent and installed 1.8 . Thing is, my torrent's don't even have a chance to download. Within a few minutes, I get a message from Utorrent saying "Error: Access is Denied". Never had this problem with the older version I had.

Posted

a) get HijackThis from trendsecure.com, run it, view the log, and post the contents here

B) get Process Explorer from sysinternals.com, run it, Ctrl+D (to show the lower DLL pane), select the µTorrent process from the list, Ctrl+S (and save the list somewhere you'll find easily -- like the Desktop), then post the contents of the saved process list in the .txt file here

Posted

I am having the same problem with torretns as well:

Here are my logs

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 04:19:44, on 23/08/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Windows\System32\rundll32.exe

C:\Windows\RTHDCPL.EXE

C:\Windows\SkyTel.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\Steve.wkst1\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\hh.exe

C:\Program Files\AVG\AVG8\avgui.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe

--

End of file - 7546 bytes

Here is the Process List

Process PID CPU Description Company Name

System Idle Process 0 59.06

Interrupts n/a Hardware Interrupts

DPCs n/a 0.77 Deferred Procedure Calls

System 4

smss.exe 464

csrss.exe 604

wininit.exe 656

services.exe 708

svchost.exe 980

nvvsvc.exe 1028

rundll32.exe 1312

svchost.exe 1056

svchost.exe 1092

svchost.exe 1188

audiodg.exe 1324 3.84

svchost.exe 1220

WUDFHost.exe 2988

dwm.exe 1016 3.84 Desktop Window Manager Microsoft Corporation

svchost.exe 1232

taskeng.exe 1568

taskeng.exe 2576 Task Scheduler Engine Microsoft Corporation

svchost.exe 1384

SLsvc.exe 1404

svchost.exe 1460

svchost.exe 1660

aawservice.exe 1760

spoolsv.exe 1944

svchost.exe 1968

AppleMobileDeviceService.exe 1784

avgwdsvc.exe 1804

avgrsx.exe 3496

avgscanx.exe 2212

mDNSResponder.exe 1732

mdm.exe 856

NBService.exe 2076

IoctlSvc.exe 2348

svchost.exe 2376

PsiService_2.exe 2488

sqlwriter.exe 2736

svchost.exe 2756

svchost.exe 2784

SearchIndexer.exe 2824

SearchProtocolHost.exe 6108

SearchFilterHost.exe 2088

nSvcAppFlt.exe 2904

nSvcIp.exe 2964

wmpnetwk.exe 3600

iPodService.exe 180

usnsvc.exe 1564

svchost.exe 5128

lsass.exe 720

lsm.exe 728

csrss.exe 2456

winlogon.exe 2400

explorer.exe 2700 Windows Explorer Microsoft Corporation

avgtray.exe 3088 AVG Tray Monitor AVG Technologies CZ, s.r.o.

avgui.exe 3344 AVG User Interface AVG Technologies CZ, s.r.o.

rundll32.exe 4016 Windows host process (Rundll32) Microsoft Corporation

RTHDCPL.EXE 3200 Realtek HD Audio Control Panel Realtek Semiconductor Corp.

SkyTel.exe 3096 Realtek Voice Manager Realtek Semiconductor Corp.

jusched.exe 3452 Java Platform SE binary Sun Microsystems, Inc.

iTunesHelper.exe 3288 iTunesHelper Module Apple Inc.

sidebar.exe 2564 Windows Sidebar Microsoft Corporation

sidebar.exe 220 5.37 Windows Sidebar Microsoft Corporation

msnmsgr.exe 2728 2.30 Windows Live Messenger Microsoft Corporation

procexp.exe 5224 1.53 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

uTorrent.exe 4356 µTorrent BitTorrent, Inc.

firefox.exe 5200 23.01 Firefox Mozilla Corporation

WinRAR.exe 4504

hh.exe 4908 Microsoft® HTML Help Executable Microsoft Corporation

HijackThis.exe 4684

notepad.exe 4388

Process: uTorrent.exe Pid: 4356

Name Description Company Name Version

actxprxy.dll ActiveX Interface Marshaling Library Microsoft Corporation 6.00.6001.18000

ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 6.00.6001.18000

apphelp.dll Application Compatibility Client Library Microsoft Corporation 6.00.6001.18000

ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0000

avgrsstx.dll AVG Resident Shield Starter AVG Technologies CZ, s.r.o. 8.00.0000.0134

browseui.dll Shell Browser UI Library Microsoft Corporation 6.00.6001.18000

CLBCatQ.DLL COM+ Configuration Catalog Microsoft Corporation 2001.12.6931.18000

COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.10.6001.18000

comctl32.dll.mui User Experience Controls Library Microsoft Corporation 6.10.6001.18000

comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.6001.18000

CRYPT32.dll Crypto API32 Microsoft Corporation 6.00.6001.18000

CSCAPI.dll Offline Files Win32 API Microsoft Corporation 6.00.6001.18000

CSCDLL.dll Offline Files Temporary Shim Microsoft Corporation 6.00.6001.18000

cscui.dll Client Side Caching UI Microsoft Corporation 6.00.6001.18000

davclnt.dll Web DAV Client DLL Microsoft Corporation 6.00.6000.16386

dhcpcsvc.DLL DHCP Client Service Microsoft Corporation 6.00.6001.18000

dhcpcsvc6.DLL DHCPv6 Client Microsoft Corporation 6.00.6001.18000

DNSAPI.dll DNS Client API DLL Microsoft Corporation 6.00.6001.18000

drprov.dll Microsoft Terminal Server Network Provider Microsoft Corporation 6.00.6000.16386

DUser.dll Windows DirectUser Engine Microsoft Corporation 6.00.6001.18000

duser.dll.mui Windows DirectUser Engine Microsoft Corporation 6.00.6000.16386

dwmapi.dll Microsoft Desktop Window Manager API Microsoft Corporation 6.00.6001.18000

FirewallAPI.dll Windows Firewall API Microsoft Corporation 6.00.6001.18000

fsshext.8.5.1302.1018.dll Messenger File Sharing Shell Extensions Microsoft Corporation 8.05.1302.1018

GDI32.dll GDI Client DLL Microsoft Corporation 6.00.6001.18023

gdiplus.dll Microsoft GDI+ Microsoft Corporation 5.02.6001.18000

GPAPI.dll Group Policy Client API Microsoft Corporation 6.00.6001.18000

hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 6.00.6001.18000

ieframe.dll Internet Explorer Microsoft Corporation 7.00.6001.18099

iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 7.00.6001.18000

imagehlp.dll Windows NT Image Helper Microsoft Corporation 6.00.6001.18000

imageres.dll Windows Image Resource Microsoft Corporation 6.00.6000.16386

imageres.dll.mui Windows Image Resource Microsoft Corporation 6.00.6000.16386

IMM32.DLL Multi-User Windows IMM32 API Client DLL Microsoft Corporation 6.00.6001.18000

Iphlpapi.dll IP Helper API Microsoft Corporation 6.00.6001.18000

kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 6.00.6001.18000

LINKINFO.dll Windows Volume Tracking Microsoft Corporation 6.00.6000.16386

locale.nls

locale.nls

LPK.DLL Language Pack Microsoft Corporation 6.00.6001.18000

mdnsNSP.dll Bonjour Namespace Provider Apple Inc. 1.00.0004.0012

MPR.dll Multiple Provider Router DLL Microsoft Corporation 6.00.6001.18000

MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 6.00.6000.16386

MSCTF.dll MSCTF Server DLL Microsoft Corporation 6.00.6001.18000

msshsq.dll Structured Query Microsoft Corporation 7.00.6001.16503

MSVCR80.dll Microsoft® C Runtime Library Microsoft Corporation 8.00.50727.1434

msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.6001.18000

mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 6.00.6001.18000

msxml3.dll MSXML 3.0 SP10 Microsoft Corporation 8.100.1043.0000

msxml3r.dll XML Resources Microsoft Corporation 8.20.8730.0001

napinsp.dll E-mail Naming Shim Provider Microsoft Corporation 6.00.6001.18000

NETAPI32.dll Net Win32 API DLL Microsoft Corporation 6.00.6001.18000

netshell.dll Network Connections Shell Microsoft Corporation 6.00.6001.18000

NetworkExplorer.dll Network Explorer Microsoft Corporation 6.00.6001.18000

NLAapi.dll Network Location Awareness 2 Microsoft Corporation 6.00.6001.18000

npmproxy.dll Network List Manager Proxy Microsoft Corporation 6.00.6000.16386

NSI.dll NSI User-mode interface DLL Microsoft Corporation 6.00.6001.18000

ntdll.dll NT Layer DLL Microsoft Corporation 6.00.6001.18000

ntlanman.dll Microsoft® Lan Manager Microsoft Corporation 6.00.6001.18000

NTMARTA.DLL Windows NT MARTA provider Microsoft Corporation 6.00.6001.18000

ntshrui.dll Shell extensions for sharing Microsoft Corporation 6.00.6001.18000

nvLsp.dll NVIDIA IAM LSP NVIDIA 2.02.0000.6781

ole32.dll Microsoft OLE for Windows Microsoft Corporation 6.00.6001.18000

OLEAUT32.dll Microsoft Corporation 6.00.6001.18000

pnrpnsp.dll PNRP Name Space Provider Microsoft Corporation 6.00.6001.18000

PROPSYS.dll Microsoft Property System Microsoft Corporation 7.00.6001.16503

PSAPI.DLL Process Status Helper Microsoft Corporation 6.00.6000.16386

rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 6.00.6000.16386

RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 6.00.6001.18051

rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 6.00.6001.18000

SAMLIB.dll SAM Library DLL Microsoft Corporation 6.00.6001.18000

Secur32.dll Security Support Provider Interface Microsoft Corporation 6.00.6001.18000

SETUPAPI.dll Windows Setup API Microsoft Corporation 6.00.6001.18000

SHDOCVW.dll Shell Doc Object and Control Library Microsoft Corporation 6.00.6001.18000

SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.6001.18062

shfolder.dll Shell Folder Service Microsoft Corporation 6.00.6000.16386

SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.6001.18000

slc.dll Software Licensing Client Dll Microsoft Corporation 6.00.6001.18000

SSDPAPI.dll SSDP Client API DLL Microsoft Corporation 6.00.6000.16386

SXS.DLL Fusion 2.5 Microsoft Corporation 6.00.6001.18000

thumbcache.dll Microsoft Thumbnail Cache Microsoft Corporation 6.00.6001.18000

tiptsf.dll Tablet PC Input Panel Text Services Framework Microsoft Corporation 6.00.6001.18000

upnp.dll UPnP Control Point API Microsoft Corporation 6.00.6001.18000

urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 7.00.6001.18099

USER32.dll Multi-User Windows USER API Client DLL Microsoft Corporation 6.00.6001.18000

user32.dll.mui Multi-User Windows USER API Client DLL Microsoft Corporation 6.00.6001.18000

USERENV.dll Userenv Microsoft Corporation 6.00.6001.18000

USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.626.6001.18000

uTorrent.exe µTorrent BitTorrent, Inc. 1.08.0000.11813

uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.6001.18000

VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 6.00.6001.18000

WindowsCodecs.dll Microsoft Windows Codecs Library Microsoft Corporation 6.00.6001.18000

WINHTTP.dll Windows HTTP Services Microsoft Corporation 6.00.6001.18000

WINNSI.DLL Network Store Information RPC interface Microsoft Corporation 6.00.6001.18000

winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 6.00.6000.16386

WINTRUST.dll Microsoft Trust Verification APIs Microsoft Corporation 6.00.6001.18000

WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 6.00.6001.18000

WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 6.00.6001.18000

wship6.dll Winsock2 Helper DLL (TL/IPv6) Microsoft Corporation 6.00.6001.18000

wshtcpip.dll Winsock2 Helper DLL (TL/IPv4) Microsoft Corporation 6.00.6001.18000

Posted

Nero's indexing service can LOCK files so uTorrent can't access them:

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

This suggests you are using Nvidia's HORRIBLE firewall:

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

You'll probably need to remove both Nero's indexer and Nvidia's firewall (if indeed that's what nvlsp.dll is)...before uTorrent will work correctly. :(

Posted

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:00:21 AM, on 8/23/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16711)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\AOL\1192050660\ee\aolsoftware.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Users\Samigi\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Users\Samigi\AppData\Local\YouTube\Uploader\youtubeuploader.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - K:\FLV Downloader\MoyeaCth.dll (file missing)

O3 - Toolbar: (no name) - {1C56E97B-A95F-47B2-93C0-3FEED24479A7} - (no file)

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1192050660\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKCU\..\Run: [Google Update] "C:\Users\Samigi\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Web Technologies\iebtm.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: YouTube Uploader.lnk = C:\Users\Samigi\AppData\Local\YouTube\Uploader\youtubeuploader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateforietool.com/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateforietool.com/redirect.php (file missing)

O13 - Gopher Prefix:

O17 - HKLM\System\CCS\Services\Tcpip\..\{51DA8A2B-73D9-44D5-8F29-2AD144F9736A}: NameServer = 192.168.1.1

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 5992 bytes

Process List:

Process PID CPU Description Company Name

System Idle Process 0 64.78

Interrupts n/a 2.64 Hardware Interrupts

DPCs n/a Deferred Procedure Calls

System 4 1.32

smss.exe 352

csrss.exe 416

wininit.exe 460

services.exe 536

svchost.exe 716

unsecapp.exe 1916 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation

WmiPrvSE.exe 2212

svchost.exe 768

svchost.exe 812

audiodg.exe 1024

svchost.exe 872 2.64

dwm.exe 1668 2.64 Desktop Window Manager Microsoft Corporation

WUDFHost.exe 2348

svchost.exe 904

taskeng.exe 1624 Task Scheduler Engine Microsoft Corporation

taskeng.exe 2640

SLsvc.exe 1056

svchost.exe 1088

svchost.exe 1220

spoolsv.exe 1364

svchost.exe 1388 2.64

AOLacsd.exe 1732

AppleMobileDeviceService.exe 1756

mDNSResponder.exe 1936

McProxy.exe 1988

Mcshield.exe 332 1.32

svchost.exe 1236

ViewpointService.exe 1188

SearchIndexer.exe 2092

wmpnetwk.exe 3176

mcmscsvc.exe 3836

iPodService.exe 4068

mcsysmon.exe 252

McNASvc.exe 1124

lsass.exe 548

lsm.exe 556

csrss.exe 468

winlogon.exe 516

explorer.exe 1720 1.32 Windows Explorer Microsoft Corporation

aolsoftware.exe 1852 AOL America Online, Inc.

iTunesHelper.exe 1944 iTunesHelper Module Apple Inc.

mcagent.exe 764 McAfee Integrated Security Platform McAfee, Inc.

GoogleUpdate.exe 900 Google Update Google Inc.

wmpnscfg.exe 1396 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation

youtubeuploader.exe 1708 YouTube Uploader YouTube, LLC

firefox.exe 1496 11.90 Firefox Mozilla Corporation

aim6.exe 2424 AIM AOL LLC

aolsoftware.exe 3568 AOL AOL LLC

uTorrent.exe 3360 µTorrent BitTorrent, Inc.

procexp.exe 2188 7.93 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

Process: uTorrent.exe Pid: 3360

Name Description Company Name Version

ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 6.00.6000.16386

CLBCatQ.DLL COM+ Configuration Catalog Microsoft Corporation 2001.12.6930.16386

COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.10.6000.16386

comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.6000.16386

dhcpcsvc.DLL DHCP Client Service Microsoft Corporation 6.00.6000.16512

dhcpcsvc6.DLL DHCPv6 Client Microsoft Corporation 6.00.6000.16512

DNSAPI.dll DNS Client API DLL Microsoft Corporation 6.00.6000.16615

FirewallAPI.dll Windows Firewall API Microsoft Corporation 6.00.6000.16501

GDI32.dll GDI Client DLL Microsoft Corporation 6.00.6000.16643

IMM32.DLL Multi-User Windows IMM32 API Client DLL Microsoft Corporation 6.00.6000.16386

Iphlpapi.dll IP Helper API Microsoft Corporation 6.00.6000.16386

kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 6.00.6000.16386

kernel32.dll.mui Windows NT BASE API Client DLL Microsoft Corporation 6.00.6000.16386

locale.nls

locale.nls

LPK.DLL Language Pack Microsoft Corporation 6.00.6000.16386

mdnsNSP.dll Bonjour Namespace Provider Apple Inc. 1.00.0004.0012

MSCTF.dll MSCTF Server DLL Microsoft Corporation 6.00.6000.16386

msctf.dll.mui MSCTF Server DLL Microsoft Corporation 6.00.6000.16386

msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.6000.16386

mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 6.00.6000.16386

napinsp.dll E-mail Naming Shim Provider Microsoft Corporation 6.00.6000.16386

NLAapi.dll Network Location Awareness 2 Microsoft Corporation 6.00.6000.16386

NSI.dll NSI User-mode interface DLL Microsoft Corporation 6.00.6000.16386

ntdll.dll NT Layer DLL Microsoft Corporation 6.00.6000.16386

ole32.dll Microsoft OLE for Windows Microsoft Corporation 6.00.6000.16386

oleaut32.dll Microsoft Corporation 6.00.6000.16609

pnrpnsp.dll PNRP Name Space Provider Microsoft Corporation 6.00.6000.16386

PSAPI.DLL Process Status Helper Microsoft Corporation 6.00.6000.16386

R000000000009.clb

rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 6.00.6000.16386

RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 6.00.6000.16525

Secur32.dll Security Support Provider Interface Microsoft Corporation 6.00.6000.16386

SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.6000.16680

shfolder.dll Shell Folder Service Microsoft Corporation 6.00.6000.16386

SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.6000.16386

USER32.dll Multi-User Windows USER API Client DLL Microsoft Corporation 6.00.6000.16438

USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.626.6000.16386

uTorrent.exe µTorrent BitTorrent, Inc. 1.08.0000.11813

uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.6000.16386

VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 6.00.6000.16386

WINNSI.DLL Network Store Information RPC interface Microsoft Corporation 6.00.6000.16386

winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 6.00.6000.16386

WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 6.00.6000.16386

WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 6.00.6000.16386

wship6.dll Winsock2 Helper DLL (TL/IPv6) Microsoft Corporation 6.00.6000.16386

wshtcpip.dll Winsock2 Helper DLL (TL/IPv4) Microsoft Corporation 6.00.6000.16386

Posted

I'm having the same issue...downloaded and installed v1.8 and now I'm getting the "access denied" message. Here are my Hijack this and process explorer logs. I also disconnected my hardware firewall and stopped ZoneAlarm to see if that would help. I still get the error without either one of those in place.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:54:07 PM, on 8/23/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\FolderSize\FolderSizeSvc.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\NovaStor\NovaBACKUP\NMSAccessU.exe

C:\Program Files\NovaStor\NovaBACKUP\NSENGINE.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\BXNEWF~1\bxExpHelper.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe

C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\SpyCatcher\Protector.exe

C:\Program Files\Digsby\digsby.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Documents and Settings\GLENN\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Glenn's Internet Explorer

O2 - BHO: bxNewFolder - {51C8BCA8-2524-4523-BF09-738C4EEBFC58} - C:\PROGRA~1\BXNEWF~1\BXNEWF~1.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [spyCatcher Reminder] C:\Program Files\SpyCatcher\SpyCatcher.exe reminder

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [TClockEx] D:\_Utilities\tclockex\TCLOCKEX.EXE

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [iomega Automatic Backup Pro] "C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" -s

O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - Startup: Digsby.lnk = C:\Program Files\Digsby\digsby.exe

O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe

O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe

O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.stumbleupon.com

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188421540859

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188421532218

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15031/CTPID.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: secuload.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\NovaStor\NovaBACKUP\NMSAccessU.exe

O23 - Service: NsEngine - NovaStor Corporation - C:\Program Files\NovaStor\NovaBACKUP\NSENGINE.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 9625 bytes

==========================================================

PROCESS EXPLORER

==========================================================

Process PID CPU Description Company Name

System Idle Process 0 52.63

Interrupts n/a Hardware Interrupts

DPCs n/a 0.88 Deferred Procedure Calls

System 4 9.21

smss.exe 808 Windows NT Session Manager Microsoft Corporation

explorer.exe 1620 Windows Explorer Microsoft Corporation

stsystra.exe 3528 Sigmatel Audio system tray application SigmaTel, Inc.

avgnt.exe 3536 Antivirus System Tray Tool Avira GmbH

UnlockerAssistant.exe 3584

jusched.exe 3680 Java Platform SE binary Sun Microsystems, Inc.

MSASCui.exe 3740 Windows Defender User Interface Microsoft Corporation

ctfmon.exe 168 CTF Loader Microsoft Corporation

LiveSystem.exe 680 Iomega Automatic Backup 3.2 for Windows 2000/XP Iomega Corporation

robotaskbaricon.exe 1076 RoboForm TaskBar Icon Siber Systems

TeaTimer.exe 1180 System settings protector Safer Networking Limited

btdna.exe 116 DNA BitTorrent, Inc.

Protector.exe 1356 SpyCatcher Protector - manage spyware Tenebril Inc.

digsby.exe 1920 Digsby IM dotSyntax, LLC

YahooWidgetEngine.exe 2152 Yahoo! Widgets Yahoo! Inc.

YahooWidgetEngine.exe 1752 Yahoo! Widgets Yahoo! Inc.

YahooWidgetEngine.exe 2496 Yahoo! Widgets Yahoo! Inc.

iexplore.exe 2872 Internet Explorer Microsoft Corporation

firefox.exe 3408 Firefox Mozilla Corporation

zlclient.exe 4012 ZoneAlarm Client Zone Labs, LLC

HiJackThis.exe 2832 HijackThis Trend Micro Inc.

procexp.exe 860 14.47 Sysinternals Process Explorer Sysinternals

uTorrent.exe 3676 0.88 µTorrent BitTorrent, Inc.

Process: uTorrent.exe Pid: 3676

Name Description Company Name Version

activeds.dll ADs Router Layer DLL Microsoft Corporation 5.01.2600.5512

adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.01.2600.5512

advapi32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.5512

atl.dll ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0001

clbcatq.dll Microsoft Corporation 2001.12.4414.0700

comctl32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.5512

comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.2900.5512

comres.dll Microsoft Corporation 2001.12.4414.0700

crypt32.dll Crypto API32 Microsoft Corporation 5.131.2600.5512

ctype.nls

dnsapi.dll DNS Client API DLL Microsoft Corporation 5.01.2600.5625

gdi32.dll GDI Client DLL Microsoft Corporation 5.01.2600.5512

hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.01.2600.5512

imagehlp.dll Windows NT Image Helper Microsoft Corporation 5.01.2600.5512

imm32.dll Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.5512

iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.5512

kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.5512

locale.nls

mprapi.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.01.2600.5512

msasn1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.5512

msctf.dll MSCTF Server DLL Microsoft Corporation 5.01.2600.5512

msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.01.2600.5512

msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.5512

mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.01.2600.5625

netapi32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.5512

ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.5512

ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.5512

oleaut32.dll Microsoft Corporation 5.01.2600.5512

Protector.dll API Guard Tenebril Inc. 6.00.0000.0089

rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.5512

rpcrt4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.5512

rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.5512

samlib.dll SAM Library DLL Microsoft Corporation 5.01.2600.5512

SecuLoad.dll API Guard Tenebril Inc. 6.00.0000.0078

secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.5512

setupapi.dll Windows Setup API Microsoft Corporation 5.01.2600.5512

sfc.dll Windows File Protection Microsoft Corporation 5.01.2600.5512

sfc_os.dll Windows File Protection Microsoft Corporation 5.01.2600.5512

shell32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.5512

shfolder.dll Shell Folder Service Microsoft Corporation 6.00.2900.5512

shlwapi.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.5512

sortkey.nls

sorttbls.nls

unicode.nls

UnlockerHook.dll

user32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.5512

uTorrent.exe µTorrent BitTorrent, Inc. 1.08.0000.11813

uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.5512

version.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.5512

wintrust.dll Microsoft Trust Verification APIs Microsoft Corporation 5.131.2600.5512

wldap32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.5512

ws2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.5512

ws2help.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.5512

wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.5512

Posted

@Richter_746:

SearchIndexer.exe 2092

That's the only possible culprit I spotted. Its the search indexer that comes with Vista, and indexers are known to lock files.

Posted

Sorry if I'm sounding a little dumb, but how would I fix my problem then? I've found the program using the search feature of Vista but double clicking it doesn't even open anything up.

Posted

I solved my issue. I had setup port forwarding and it still wasn't working, but I hadn't set a fixed IP address. So if anyone hasn't done port forwarding and set a fixed IP address, you must do that!

Posted

I have the same problem as Richter: after reinstalling new utorrent, the acces-denied message appears - though it appears in Dutch. As the program is in English, this made me think: could it be the provider blocking it?

I have tried every option suggested in this thread, still no improvement. Hope anyone can help us!

Posted

Hi, I face similar problem.

Here's my log.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:53:48 PM, on 26/8/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\ASUS\ASUS Live Update\ALU.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\ASUS\ATK Media\DMedia.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\ASScrPro.exe

C:\Program Files\Grisoft\AVG7\avgcc.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\SmartFix\McciTrayApp.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Infineon\Security Platform Software\PSDrt.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Infineon\Security Platform Software\SpTna.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Mozilla Thunderbird\thunderbird.exe

C:\Users\Keith Yeo\Desktop\procexp.exe

C:\Users\Keith Yeo\AppData\Local\Temp\Temp1_HiJackThis.zip\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Users\Keith Yeo\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe

O4 - HKLM\..\Run: [iFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon

O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe

O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [singtelRV_McciTrayApp] C:\Program Files\SmartFix\McciTrayApp.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\Windows\system32\msupdte.exe

O4 - HKLM\..\Run: [\SUEC0EB.exe] C:\Windows\SUEC0EB.exe

O4 - HKLM\..\Run: [\SUEC29F.exe] C:\Windows\SUEC29F.exe

O4 - HKLM\..\Run: [\SUEC647.exe] C:\Windows\SUEC647.exe

O4 - HKLM\..\Run: [\SUEC8A8.exe] C:\Windows\SUEC8A8.exe

O4 - HKLM\..\Run: [\SUECD1B.exe] C:\Windows\SUECD1B.exe

O4 - HKLM\..\Run: [ypops] C:\Program Files\Mypops\ypops.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0

O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe

O4 - HKCU\..\Run: [CoolCalendar] C:\Program Files\CooSoft\Cool Calendar\CoolCalendar.exe

O4 - HKCU\..\Run: [\SUEC0EB.exe] C:\Windows\SUEC0EB.exe

O4 - HKCU\..\Run: [\SUEC29F.exe] C:\Windows\SUEC29F.exe

O4 - HKCU\..\Run: [\SUEC647.exe] C:\Windows\SUEC647.exe

O4 - HKCU\..\Run: [\SUEC8A8.exe] C:\Windows\SUEC8A8.exe

O4 - HKCU\..\Run: [\SUECD1B.exe] C:\Windows\SUECD1B.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab

O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab

O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://www.shockwave.com/content/chocolatier/sis/ChocolatierWeb.1.0.0.13.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUplden-us.cab

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://www.shockwave.com/content/weddingdash/sis/WeddingDash.1.0.0.47.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{68C4F5D6-91E1-49E2-8E27-7D36A47C185C}: NameServer = 165.21.83.88 165.21.100.88

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,c:\progra~1\bandoo\bndhook.dll,C:\Program,Files\RelevantKnowledge\rlai.dll,C:\Program,Files\RelevantKnowledge\rlai.dll,C:\Program,Files\RelevantKnowledge\rlai.dll,C:\Program,Files\RelevantKnowledge\rlai.dll,C:\Program Files\RelevantKnowledge\rlai.dll

O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll

O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe

O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe

O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe

O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Host.exe

--

End of file - 12410 bytes

Here's the process list.

Process PID CPU Description Company Name

ACEngSvr.exe 3144

ACMON.exe 3068

ADC.exe 1972 Active Desktop Calendar Application XemiComputers ltd.

ADSMSrv.exe 1636

ALU.exe 4020

ASLDRSrv.exe 1648

ASScrPro.exe 3744

ATKOSD.exe 2092

ATKOSD2.exe 744

audiodg.exe 1280

avgamsvr.exe 576

avgcc.exe 3308 AVG Control Center GRISOFT, s.r.o.

avgrssvc.exe 840

avgrssvc.exe 1272

avgupsvc.exe 660

BatteryLife.exe 3064

csrss.exe 596

csrss.exe 656

DMedia.exe 3184 DMedia ASUSTeK Computer INC.

DPCs n/a Deferred Procedure Calls

dwm.exe 3876 Desktop Window Manager Microsoft Corporation

ehmsas.exe 156 Media Center Media Status Aggregator Service Microsoft Corporation

ehrecvr.exe 2832

ehsched.exe 1372

ehtray.exe 3720 Media Center Tray Applet Microsoft Corporation

EvtEng.exe 1496

explorer.exe 3968 6.82 Windows Explorer Microsoft Corporation

firefox.exe 3808 2.27 Firefox Mozilla Corporation

GFNEXSrv.exe 1664

HControl.exe 2968

HijackThis.exe 5604 HijackThis Trend Micro Inc.

HijackThis.exe 6080

hkcmd.exe 3192 hkcmd Module Intel Corporation

hpqste08.exe 4304 HP CUE Status Hewlett-Packard Co.

hpqtra08.exe 3288 HP Digital Imaging Monitor Hewlett-Packard Co.

hpwuSchd2.exe 2228 Hewlett-Packard Product Assistant Hewlett-Packard Co.

IfxPsdSv.exe 2272

IFXSPMGT.exe 2080

IFXTCS.exe 2148

IfxUAGUI.exe 1696

igfxpers.exe 1196 persistence Module Intel Corporation

igfxsrvc.exe 3052 igfxsrvc Module Intel Corporation

igfxtray.exe 2208 igfxTray Module Intel Corporation

Interrupts n/a Hardware Interrupts

jusched.exe 3792 Java Platform SE binary Sun Microsystems, Inc.

lsass.exe 700

lsm.exe 708

McciTrayApp.exe 1448 mcci+McciTrayApp Motive Communications, Inc.

mDNSResponder.exe 1204

MSASCui.exe 928 Windows Defender User Interface Microsoft Corporation

msnmsgr.exe 2212 Windows Live Messenger Microsoft Corporation

notepad.exe 5740

PnkBstrA.exe 2312

procexp.exe 4704 0.76 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

PSDrt.exe 3624 PSD Runtime Application Infineon Technologies AG

RegSrvc.exe 2388

RtHDVCpl.exe 2576 HD Audio Control Panel Realtek Semiconductor

SearchFilterHost.exe 4784

SearchIndexer.exe 2520

SearchProtocolHost.exe 1600

services.exe 688

SLsvc.exe 1316

sm56hlpr.exe 3172 Application executable file Motorola Inc.

smss.exe 528

spoolsv.exe 1812

SpTNA.exe 1832 Taskbar Notification Icon Infineon Technologies AG

svchost.exe 904

svchost.exe 964

svchost.exe 1004

svchost.exe 1096

svchost.exe 1136

svchost.exe 1152

svchost.exe 1344

svchost.exe 1504

svchost.exe 1852

svchost.exe 1456

svchost.exe 1520

svchost.exe 2068

svchost.exe 2184

svchost.exe 2292

svchost.exe 2332

svchost.exe 2440

svchost.exe 2496

SynTPEnh.exe 2088

System 4

System Idle Process 0 90.15

taskeng.exe 3484

taskeng.exe 3884

taskeng.exe 3936 Task Scheduler Engine Microsoft Corporation

taskeng.exe 5400

TeamViewer_Host.exe 2460

TeaTimer.exe 1060 System settings protector Safer Networking Limited

thunderbird.exe 1172 Mozilla Thunderbird Mozilla Corporation

unsecapp.exe 1080 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation

usnsvc.exe 1000

uTorrent.exe 3384 µTorrent BitTorrent, Inc.

wcourier.exe 3044

wininit.exe 644

winlogon.exe 784

wlanext.exe 1700

WmiPrvSE.exe 3096

wmpnetwk.exe 3556

wmpnscfg.exe 3440 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation

Process: uTorrent.exe Pid: 3384

Name Description Company Name Version

ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 6.00.6001.18000

apphelp.dll Application Compatibility Client Library Microsoft Corporation 6.00.6001.18000

browseui.dll Shell Browser UI Library Microsoft Corporation 6.00.6001.18000

CLBCatQ.DLL COM+ Configuration Catalog Microsoft Corporation 2001.12.6931.18000

COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.10.6001.18000

comctl32.dll.mui User Experience Controls Library Microsoft Corporation 6.10.6001.18000

comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.6001.18000

dhcpcsvc.DLL DHCP Client Service Microsoft Corporation 6.00.6001.18000

dhcpcsvc6.DLL DHCPv6 Client Microsoft Corporation 6.00.6001.18000

DNSAPI.dll DNS Client API DLL Microsoft Corporation 6.00.6001.18000

DUser.dll Windows DirectUser Engine Microsoft Corporation 6.00.6001.18000

duser.dll.mui Windows DirectUser Engine Microsoft Corporation 6.00.6000.16386

FirewallAPI.dll Windows Firewall API Microsoft Corporation 6.00.6001.18000

GDI32.dll GDI Client DLL Microsoft Corporation 6.00.6001.18023

iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 7.00.6001.18000

imageres.dll Windows Image Resource Microsoft Corporation 6.00.6000.16386

imageres.dll.mui Windows Image Resource Microsoft Corporation 6.00.6000.16386

IMM32.DLL Multi-User Windows IMM32 API Client DLL Microsoft Corporation 6.00.6001.18000

Iphlpapi.dll IP Helper API Microsoft Corporation 6.00.6001.18000

kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 6.00.6001.18000

locale.nls

locale.nls

LPK.DLL Language Pack Microsoft Corporation 6.00.6001.18000

mdnsNSP.dll Bonjour Namespace Provider Apple Computer, Inc. 1.00.0003.0001

MouseHook.dll

MSCTF.dll MSCTF Server DLL Microsoft Corporation 6.00.6001.18000

msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.6001.18000

mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 6.00.6001.18000

napinsp.dll E-mail Naming Shim Provider Microsoft Corporation 6.00.6001.18000

NLAapi.dll Network Location Awareness 2 Microsoft Corporation 6.00.6001.18000

npmproxy.dll Network List Manager Proxy Microsoft Corporation 6.00.6000.16386

NSI.dll NSI User-mode interface DLL Microsoft Corporation 6.00.6001.18000

ntdll.dll NT Layer DLL Microsoft Corporation 6.00.6001.18000

ole32.dll Microsoft OLE for Windows Microsoft Corporation 6.00.6001.18000

oleaut32.dll Microsoft Corporation 6.00.6001.18000

OverlayIconShlExt.dll OverlayIconShlExt 1.00.0000.0000

pnrpnsp.dll PNRP Name Space Provider Microsoft Corporation 6.00.6001.18000

PROPSYS.dll Microsoft Property System Microsoft Corporation 7.00.6001.16503

PSAPI.DLL Process Status Helper Microsoft Corporation 6.00.6000.16386

rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 6.00.6000.16386

RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 6.00.6001.18051

rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 6.00.6001.18000

Secur32.dll Security Support Provider Interface Microsoft Corporation 6.00.6001.18000

SETUPAPI.dll Windows Setup API Microsoft Corporation 6.00.6001.18000

SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.6001.18062

shfolder.dll Shell Folder Service Microsoft Corporation 6.00.6000.16386

SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.6001.18000

tiptsf.dll Tablet PC Input Panel Text Services Framework Microsoft Corporation 6.00.6001.18000

urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 7.00.6001.18099

USER32.dll Multi-User Windows USER API Client DLL Microsoft Corporation 6.00.6001.18000

user32.dll.mui Multi-User Windows USER API Client DLL Microsoft Corporation 6.00.6001.18000

USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.626.6001.18000

uTorrent.exe µTorrent BitTorrent, Inc. 1.08.0000.11813

uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.6001.18000

VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 6.00.6001.18000

WindowsCodecs.dll Microsoft Windows Codecs Library Microsoft Corporation 6.00.6001.18000

WINNSI.DLL Network Store Information RPC interface Microsoft Corporation 6.00.6001.18000

winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 6.00.6000.16386

WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 6.00.6001.18000

WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 6.00.6001.18000

wshbth.dll Windows Sockets Helper DLL Microsoft Corporation 6.00.6000.16386

wship6.dll Winsock2 Helper DLL (TL/IPv6) Microsoft Corporation 6.00.6001.18000

wshtcpip.dll Winsock2 Helper DLL (TL/IPv4) Microsoft Corporation 6.00.6001.18000

Appreciate it!

Posted

Um...this looks BAD:

O4 - HKLM\..\Run: [\SUEC0EB.exe] C:\Windows\SUEC0EB.exe

O4 - HKLM\..\Run: [\SUEC29F.exe] C:\Windows\SUEC29F.exe

O4 - HKLM\..\Run: [\SUEC647.exe] C:\Windows\SUEC647.exe

O4 - HKLM\..\Run: [\SUEC8A8.exe] C:\Windows\SUEC8A8.exe

O4 - HKLM\..\Run: [\SUECD1B.exe] C:\Windows\SUECD1B.exe

Posted

DreadWingKnight, but somehow my antivirus shows as clean.. i know nuts on how to solves these. kindly path me e way to resolve this. thanks! should u have any recommended softwares to help me get my com protected, pls.. by all means, advice me.

Appreciated it!

Posted

Try AVG antivirus and SpyBot Seek and Destroy anti-spyware, if you haven't already.

Make sure you're running the latest updates of both before trying to do a complete system scan.

Posted

Same problem as above =/ heres my log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:41:55, on 30/08/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\COMODO\Firewall\cmdagent.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\sm56hlpr.exe

C:\WINDOWS\system32\WDBtnMgr.exe

C:\Program Files\COMODO\SafeSurf\cssurf.exe

C:\Program Files\COMODO\Firewall\cfp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.evesham.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Evesham Technology

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O4 - HKLM\..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe

O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\RunServices: [Microsoft host service] mshost.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe"

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.evesham.com/

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: AVG8 Firewall (avgfws8) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgfws8.exe (file missing)

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MioNet - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe

O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NinjaVideo Helper (NinjaVideo Helper.exe) - NinjaVideo - C:\Program Files\NinjaVideo\NinjaVideo Helper\NinjaVideo Helper.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--

End of file - 10526 bytes

Process

Process PID CPU Description Company Name

System Idle Process 0 96.32

Interrupts n/a Hardware Interrupts

DPCs n/a Deferred Procedure Calls

System 4

smss.exe 1440 Windows NT Session Manager Microsoft Corporation

csrss.exe 1500 Client Server Runtime Process Microsoft Corporation

winlogon.exe 1524 Windows NT Logon Application Microsoft Corporation

services.exe 1612 1.47 Services and Controller app Microsoft Corporation

svchost.exe 1788 Generic Host Process for Win32 Services Microsoft Corporation

msn_sl.exe 5384 Windows Live Toolbar Helper Microsoft Corporation

svchost.exe 1840 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1896 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1940 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 340 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 412 Generic Host Process for Win32 Services Microsoft Corporation

aawservice.exe 740 Ad-Aware 2007 Service Lavasoft AB

spoolsv.exe 1224 Spooler SubSystem App Microsoft Corporation

cmdagent.exe 1668

CTSVCCDA.EXE 1956 Creative Service for CDROM Access Creative Technology Ltd

ehrecvr.exe 680 Media Center Receiver Service Microsoft Corporation

ehSched.exe 916 Media Center Scheduler Service Microsoft Corporation

LSSrvc.exe 644

sqlservr.exe 784 SQL Server Windows NT Microsoft Corporation

nvsvc32.exe 932 NVIDIA Driver Helper Service, Version 84.64 NVIDIA Corporation

sqlwriter.exe 1016 SQL Server VSS Writer Microsoft Corporation

svchost.exe 2252 Generic Host Process for Win32 Services Microsoft Corporation

StarWindService.exe 2336 StarWind iSCSI Target (Alcohol Edition) Rocket Division Software

mcrdsvc.exe 2560 MCRD Device Service Microsoft Corporation

dllhost.exe 3420 COM Surrogate Microsoft Corporation

alg.exe 4024 Application Layer Gateway Service Microsoft Corporation

wmiapsrv.exe 288 WMI Performance Adapter Service Microsoft Corporation

svchost.exe 2808 Generic Host Process for Win32 Services Microsoft Corporation

usnsvc.exe 1140 Messenger Sharing USN Journal Reader Service Microsoft Corporation

avgwdsvc.exe 5240 AVG Watchdog Service AVG Technologies CZ, s.r.o.

avgam.exe 4764 AVG Alert Manager AVG Technologies CZ, s.r.o.

avgrsx.exe 752 AVG Resident Shield Service AVG Technologies CZ, s.r.o.

lsass.exe 1624 LSA Shell (Export Version) Microsoft Corporation

explorer.exe 836 Windows Explorer Microsoft Corporation

sm56hlpr.exe 2760 Application executable file Motorola Inc.

WDBtnMgr.exe 2844 WD Button Manager Western Digital Technologies, Inc.

cssurf.exe 3180 COMODO SafeSurf COMODO

ctfmon.exe 3596 CTF Loader Microsoft Corporation

RocketDock.exe 3624

wmplayer.exe 2996 Windows Media Player Microsoft Corporation

msnmsgr.exe 4428 0.74 Windows Live Messenger Microsoft Corporation

iexplore.exe 4100 Internet Explorer Microsoft Corporation

uTorrent.exe 4528 0.74 µTorrent BitTorrent, Inc.

procexp.exe 560 0.74 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

avgrsx.exe 1388 AVG Resident Shield Service AVG Technologies CZ, s.r.o.

notepad.exe 1168 Notepad Microsoft Corporation

Process: uTorrent.exe Pid: 4528

Name Description Company Name Version

ACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation 5.01.2600.2180

adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.01.2600.2180

ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.2180

ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0000

avgrsstx.dll AVG Resident Shield Starter AVG Technologies CZ, s.r.o. 8.00.0000.0134

CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0308

COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2982

comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.2900.2180

COMRes.dll Microsoft Corporation 2001.12.4414.0258

credui.dll Credential Manager User Interface Microsoft Corporation 5.01.2600.2180

cssdll32.dll COMODO SafeSurf COMODO 1.00.0000.0007

ctype.nls

DNSAPI.dll DNS Client API DLL Microsoft Corporation 5.01.2600.3394

fltLib.dll Filter Library Microsoft Corporation 5.01.2600.2978

GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.3316

guard32.dll 3.00.0023.0357

hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.01.2600.2180

IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.2180

Iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.2912

kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.3119

locale.nls

MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.01.2600.2180

MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.01.2600.3319

msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.01.2600.2180

msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.2180

mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.01.2600.3394

NETAPI32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.2976

NETSHELL.dll Network Connections Shell Microsoft Corporation 5.01.2600.2703

ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.2180

ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.2726

oleaut32.dll Microsoft Corporation 5.01.2600.3266

PSAPI.DLL Process Status Helper Microsoft Corporation 5.01.2600.2180

rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.2938

RocketDock.dll

RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.3173

rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.01.2600.2161

rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.2180

SAMLIB.dll SAM Library DLL Microsoft Corporation 5.01.2600.2180

SETUPAPI.dll Windows Setup API Microsoft Corporation 5.01.2600.2180

SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.3241

shfolder.dll Shell Folder Service Microsoft Corporation 6.00.2900.2180

SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.3020

sortkey.nls

sorttbls.nls

unicode.nls

USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.3099

uTorrent.exe µTorrent BitTorrent, Inc. 1.08.0000.11813

uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.2180

VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180

winsta.dll Winstation Library Microsoft Corporation 5.01.2600.2180

WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.2180

WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180

WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.2180

wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.2180

xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.01.2600.2180

any ideas?

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...