Jump to content

The process cannot access the file because it is being used by...


darkclaw

Recommended Posts

Posted

This has never happened to me and suddenly after it upgraded to latest 1.8.5 RC it started happening. I am currently using Windows 7 RC x64 and ESET Antivirus 4.0.467.0. Any tips?

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:31:22, on 10/28/2009

Platform: Unknown Windows (WinNT 6.01.3004)

MSIE: Internet Explorer v8.00 (8.00.7100.0000)

Boot mode: Normal

Running processes:

C:\Windows\SOUNDMAN.EXE

C:\games\Utopia\Angel\Angel.exe

C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Program Files (x86)\Java\jre6\bin\javaw.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

D:\Download\System\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [utopia Angel] "C:\games\Utopia\Angel\Angel.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B3D9FE93-C90B-4B15-B91F-73BF9C99638E}: NameServer = 192.168.2.1

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 9249 bytes

Process PID CPU Description Company Name

System Idle Process 0 67.69

Interrupts n/a Hardware Interrupts

DPCs n/a 3.08 Deferred Procedure Calls

System 4

smss.exe 284 Windows Session Manager Microsoft Corporation

csrss.exe 428 Client Server Runtime Process Microsoft Corporation

wininit.exe 484 Windows Start-Up Application Microsoft Corporation

services.exe 544 Services and Controller app Microsoft Corporation

svchost.exe 712 Host Process for Windows Services Microsoft Corporation

dllhost.exe 364 4.62 COM Surrogate Microsoft Corporation

nvvsvc.exe 768 NVIDIA Driver Helper Service, Version 191.07 NVIDIA Corporation

nvvsvc.exe 1172 NVIDIA Driver Helper Service, Version 191.07 NVIDIA Corporation

svchost.exe 796 Host Process for Windows Services Microsoft Corporation

svchost.exe 844 Host Process for Windows Services Microsoft Corporation

svchost.exe 964 Host Process for Windows Services Microsoft Corporation

dwm.exe 2068 1.54 Desktop Window Manager Microsoft Corporation

svchost.exe 1020 Host Process for Windows Services Microsoft Corporation

svchost.exe 792 Host Process for Windows Services Microsoft Corporation

svchost.exe 1084 1.54 Host Process for Windows Services Microsoft Corporation

spoolsv.exe 1224 Spooler SubSystem App Microsoft Corporation

svchost.exe 1268 Host Process for Windows Services Microsoft Corporation

ekrn.exe 1436 ESET Service ESET

svchost.exe 1484 Host Process for Windows Services Microsoft Corporation

gbpsv.exe 1508 G-Buster Browser Defense - Service

NMSAccessU.exe 1540

oodag.exe 1660 O&O Defrag Agent (x64) O&O Software GmbH

nvSCPAPISvr.exe 1724 Stereo Vision Control Panel API Server NVIDIA Corporation

svchost.exe 1780 Host Process for Windows Services Microsoft Corporation

taskhost.exe 1964 Host Process for Windows Tasks Microsoft Corporation

SearchIndexer.exe 2656 Microsoft Windows Search Indexer Microsoft Corporation

SearchProtocolHost.exe 1996 Microsoft Windows Search Protocol Host Microsoft Corporation

SearchFilterHost.exe 2900 Microsoft Windows Search Filter Host Microsoft Corporation

wmpnetwk.exe 2824 Windows Media Player Network Sharing Service Microsoft Corporation

svchost.exe 3772 Host Process for Windows Services Microsoft Corporation

lsass.exe 552 Local Security Authority Process Microsoft Corporation

lsm.exe 560 Local Session Manager Service Microsoft Corporation

csrss.exe 496 1.54 Client Server Runtime Process Microsoft Corporation

winlogon.exe 592 Windows Logon Application Microsoft Corporation

explorer.exe 2088 Windows Explorer Microsoft Corporation

SOUNDMAN.EXE 2264 Realtek Sound Manager Realtek Semiconductor Corp.

egui.exe 2280 ESET GUI ESET

Angel.exe 2288

TSVNCache.exe 2404 TortoiseSVN status cache http://tortoisesvn.net

firefox.exe 1532 Firefox Mozilla Corporation

WinRAR.exe 1628 WinRAR archiver Alexander Roshal

procexp.exe 2452 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

procexp64.exe 2908 20.00 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

acrotray.exe 2456 AcroTray Adobe Systems Inc.

jusched.exe 2548 Java Platform SE binary Sun Microsystems, Inc.

javaw.exe 700 Java Platform SE binary Sun Microsystems, Inc.

uTorrent.exe 3160 µTorrent BitTorrent, Inc.

notepad.exe 3200 Notepad Microsoft Corporation

Process: uTorrent.exe Pid: 3160

Name Description Company Name Version

ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 6.1.7100.0

apphelp.dll Application Compatibility Client Library Microsoft Corporation 6.1.7100.0

CLBCatQ.DLL COM+ Configuration Catalog Microsoft Corporation 2001.12.8030.0

COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.10.7100.19

comctl32.dll.mui User Experience Controls Library Microsoft Corporation 6.10.7100.0

comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.1.7100.0

CRYPT32.dll Crypto API32 Microsoft Corporation 6.1.7100.0

CRYPTBASE.dll Base cryptographic API DLL Microsoft Corporation 6.1.7100.0

CRYPTSP.dll Cryptographic Service Provider API Microsoft Corporation 6.1.7100.0

dhcpcsvc.DLL DHCP Client Service Microsoft Corporation 6.1.7100.0

dhcpcsvc6.DLL DHCPv6 Client Microsoft Corporation 6.1.7100.0

DnsApi.dll DNS Client API DLL Microsoft Corporation 6.1.7100.0

DUser.dll Windows DirectUser Engine Microsoft Corporation 6.1.7100.0

duser.dll.mui Windows DirectUser Engine Microsoft Corporation 6.1.7100.0

dwmapi.dll Microsoft Desktop Window Manager API Microsoft Corporation 6.1.7100.0

FirewallAPI.dll Windows Firewall API Microsoft Corporation 6.1.7100.0

fwpuclnt.dll FWP/IPsec User-Mode API Microsoft Corporation 6.1.7100.0

GDI32.dll GDI Client DLL Microsoft Corporation 6.1.7100.19

ieframe.dll Internet Browser Microsoft Corporation 8.0.7100.4129

iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 8.0.7100.13

imageres.dll Windows Image Resource Microsoft Corporation 6.1.7100.0

IMM32.DLL Multi-User Windows IMM32 API Client DLL Microsoft Corporation 6.1.7100.0

Iphlpapi.dll IP Helper API Microsoft Corporation 6.1.7100.0

kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 6.1.7100.0

KERNELBASE.dll Windows NT BASE API Client DLL Microsoft Corporation 6.1.7100.0

KernelBase.dll.mui Windows NT BASE API Client DLL Microsoft Corporation 6.1.7100.0

locale.nls

LPK.dll Language Pack Microsoft Corporation 6.1.7100.0

MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 6.1.7100.0

MSCTF.dll MSCTF Server DLL Microsoft Corporation 6.1.7100.0

msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.7100.0

mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 6.1.7100.0

napinsp.dll E-mail Naming Shim Provider Microsoft Corporation 6.1.7100.0

NLAapi.dll Network Location Awareness 2 Microsoft Corporation 6.1.7100.0

normnfd.nls

NSI.dll NSI User-mode interface DLL Microsoft Corporation 6.1.7100.0

ntdll.dll NT Layer DLL Microsoft Corporation 6.1.7100.0

ntdll.dll NT Layer DLL Microsoft Corporation 6.1.7100.0

ntmarta.dll Windows NT MARTA provider Microsoft Corporation 6.1.7100.0

ole32.dll Microsoft OLE for Windows Microsoft Corporation 6.1.7100.0

OLEACC.dll Active Accessibility Core Component Microsoft Corporation 7.0.0.0

oleaccrc.dll Active Accessibility Resource DLL Microsoft Corporation 7.0.0.0

oleaut32.dll Microsoft Corporation 6.1.7100.0

pnrpnsp.dll PNRP Name Space Provider Microsoft Corporation 6.1.7100.0

profapi.dll User Profile Basic API Microsoft Corporation 6.1.7100.0

PROPSYS.dll Microsoft Property System Microsoft Corporation 7.0.7100.0

PSAPI.DLL Process Status Helper Microsoft Corporation 6.1.7100.0

rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 6.1.7100.0

RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 6.1.7100.0

rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 6.1.7100.0

sechost.dll Host for SCM/SDDL/LSA Lookup APIs Microsoft Corporation 6.1.7100.0

SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.1.7100.0

shfolder.dll Shell Folder Service Microsoft Corporation 6.1.7100.0

SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.1.7100.0

SortDefault.nls

SspiCli.dll Security Support Provider Interface Microsoft Corporation 6.1.7100.0

StaticCache.dat

urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 8.0.7100.18

USER32.dll Multi-User Windows USER API Client DLL Microsoft Corporation 6.1.7100.19

USERENV.dll Userenv Microsoft Corporation 6.1.7100.0

USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.626.7100.0

uTorrent.exe µTorrent BitTorrent, Inc. 1.8.4.16688

uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.1.7100.0

VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 6.1.7100.0

WINNSI.DLL Network Store Information RPC interface Microsoft Corporation 6.1.7100.0

winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 6.1.7100.0

WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 6.1.7100.0

wow64.dll Win32 Emulation on NT64 Microsoft Corporation 6.1.7100.0

wow64cpu.dll AMD64 Wow64 CPU Microsoft Corporation 6.1.7100.0

wow64win.dll Wow64 Console and Win32 API Logging Microsoft Corporation 6.1.7100.0

WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 6.1.7100.0

wship6.dll Winsock2 Helper DLL (TL/IPv6) Microsoft Corporation 6.1.7100.0

wshtcpip.dll Winsock2 Helper DLL (TL/IPv4) Microsoft Corporation 6.1.7100.0

Posted
normnfd.nls

Norman AV/firewall?

No, i don't have any other AV other than NOD32 and I am currently using Windows Firewall.

Just tried resuming again and new error appeared: error 63557632

Posted

Ok, my previous guess could be a false alarm. Did you find out what that file was using GOOGLE?

This doesn't appear...normal:

F2 - REG:system.ini: UserInit=userinit.exe

Posted
Ok, my previous guess could be a false alarm. Did you find out what that file was using GOOGLE?

This doesn't appear...normal:

F2 - REG:system.ini: UserInit=userinit.exe

normnfd.nls is a Windows file as is userinit.exe.

I scanned my whole hard drive using latest definitions and I don't have any kind of virus or malware.

Posted

Hello, I am having the same problem with Windows 7. I had no problems on Vista.

I just recently installed Win7 and there a very few programs installed. I don't have things like Google desktop or Roxio. My antivirus is NOD32 (the same as I used on vista).

I suspect that Windows indexer is the culprit in my case. I had the indexer disabled on Vista, but it is enabled on Seven.

I didn't want to disable it entirely, since it doesn't seem to slow the system down like it did in Vista, and it's quite useful. Is there a way to solve the problem without doing this?

Posted

Here is the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:54:52, on 29/10/2009

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\Leonardo\Documents\Temporários\Programas\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 5718 bytes

I tried using a program to see which process was trying to acces the file (I think it was Process Monitor or something), but it was too complicated to use for me. I'll try this Unlocker.

Currently I was downloading 2 torrents. One of them had this problem, but already finished downloading (all I have to do is force start and it continues downloading normally). The other is still downloading, and hasn't shown any problems yet.

Edit: I just saw that Nero indexer on the log. I just installed Nero this afternoon, and the problem was already happening before it. Nevertheless, I'll find a way to disable it

Posted

Yep, NMIndexingService - Nero AG is the culprit. Try to set it to exclude the torrent download folder. Or disable it.

Another culprit can be ESET, there is a thread here to set ESET and prevent this error.

Posted

As I said, the problem already appeared before installing Nero. Anyway, it is disabled now.

I'll download Unlocker and keep watching to see if it happens again.

Should I set Unlocker to watch the .torrent file, or the actual file I'm downloading?

Posted

Unlocker doesn't seem to be working, and I found this on their website:

Does unlocker work on Windows XP 64 or Vista 64? Not yet, I am working on it.

My Windows 7 is 64, unfortunately.

In addition to disabling Nero indexer, I also disabled windows indexer on my Downloads folder. I'll keep watching to see if it happens again.. perhaps download again a file that was constantly causing trouble

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...