darkclaw Posted October 28, 2009 Report Posted October 28, 2009 This has never happened to me and suddenly after it upgraded to latest 1.8.5 RC it started happening. I am currently using Windows 7 RC x64 and ESET Antivirus 4.0.467.0. Any tips?Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:31:22, on 10/28/2009Platform: Unknown Windows (WinNT 6.01.3004)MSIE: Internet Explorer v8.00 (8.00.7100.0000)Boot mode: NormalRunning processes:C:\Windows\SOUNDMAN.EXEC:\games\Utopia\Angel\Angel.exeC:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exeC:\Program Files (x86)\Java\jre6\bin\jusched.exeC:\Program Files (x86)\Java\jre6\bin\javaw.exeC:\Program Files (x86)\uTorrent\uTorrent.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeD:\Download\System\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exeO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllO2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllO2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllO4 - HKLM\..\Run: [babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStartO4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKCU\..\Run: [utopia Angel] "C:\games\Utopia\Angel\Angel.exe"O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htmO8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htmO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLLO9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dllO9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dllO13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{B3D9FE93-C90B-4B15-B91F-73BF9C99638E}: NameServer = 192.168.2.1O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exeO23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: NMSAccessU - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)--End of file - 9249 bytesProcess PID CPU Description Company NameSystem Idle Process 0 67.69 Interrupts n/a Hardware Interrupts DPCs n/a 3.08 Deferred Procedure Calls System 4 smss.exe 284 Windows Session Manager Microsoft Corporationcsrss.exe 428 Client Server Runtime Process Microsoft Corporationwininit.exe 484 Windows Start-Up Application Microsoft Corporation services.exe 544 Services and Controller app Microsoft Corporation svchost.exe 712 Host Process for Windows Services Microsoft Corporation dllhost.exe 364 4.62 COM Surrogate Microsoft Corporation nvvsvc.exe 768 NVIDIA Driver Helper Service, Version 191.07 NVIDIA Corporation nvvsvc.exe 1172 NVIDIA Driver Helper Service, Version 191.07 NVIDIA Corporation svchost.exe 796 Host Process for Windows Services Microsoft Corporation svchost.exe 844 Host Process for Windows Services Microsoft Corporation svchost.exe 964 Host Process for Windows Services Microsoft Corporation dwm.exe 2068 1.54 Desktop Window Manager Microsoft Corporation svchost.exe 1020 Host Process for Windows Services Microsoft Corporation svchost.exe 792 Host Process for Windows Services Microsoft Corporation svchost.exe 1084 1.54 Host Process for Windows Services Microsoft Corporation spoolsv.exe 1224 Spooler SubSystem App Microsoft Corporation svchost.exe 1268 Host Process for Windows Services Microsoft Corporation ekrn.exe 1436 ESET Service ESET svchost.exe 1484 Host Process for Windows Services Microsoft Corporation gbpsv.exe 1508 G-Buster Browser Defense - Service NMSAccessU.exe 1540 oodag.exe 1660 O&O Defrag Agent (x64) O&O Software GmbH nvSCPAPISvr.exe 1724 Stereo Vision Control Panel API Server NVIDIA Corporation svchost.exe 1780 Host Process for Windows Services Microsoft Corporation taskhost.exe 1964 Host Process for Windows Tasks Microsoft Corporation SearchIndexer.exe 2656 Microsoft Windows Search Indexer Microsoft Corporation SearchProtocolHost.exe 1996 Microsoft Windows Search Protocol Host Microsoft Corporation SearchFilterHost.exe 2900 Microsoft Windows Search Filter Host Microsoft Corporation wmpnetwk.exe 2824 Windows Media Player Network Sharing Service Microsoft Corporation svchost.exe 3772 Host Process for Windows Services Microsoft Corporation lsass.exe 552 Local Security Authority Process Microsoft Corporation lsm.exe 560 Local Session Manager Service Microsoft Corporationcsrss.exe 496 1.54 Client Server Runtime Process Microsoft Corporationwinlogon.exe 592 Windows Logon Application Microsoft Corporationexplorer.exe 2088 Windows Explorer Microsoft Corporation SOUNDMAN.EXE 2264 Realtek Sound Manager Realtek Semiconductor Corp. egui.exe 2280 ESET GUI ESET Angel.exe 2288 TSVNCache.exe 2404 TortoiseSVN status cache http://tortoisesvn.net firefox.exe 1532 Firefox Mozilla Corporation WinRAR.exe 1628 WinRAR archiver Alexander Roshal procexp.exe 2452 Sysinternals Process Explorer Sysinternals - www.sysinternals.com procexp64.exe 2908 20.00 Sysinternals Process Explorer Sysinternals - www.sysinternals.comacrotray.exe 2456 AcroTray Adobe Systems Inc.jusched.exe 2548 Java Platform SE binary Sun Microsystems, Inc.javaw.exe 700 Java Platform SE binary Sun Microsystems, Inc.uTorrent.exe 3160 µTorrent BitTorrent, Inc.notepad.exe 3200 Notepad Microsoft CorporationProcess: uTorrent.exe Pid: 3160Name Description Company Name VersionADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 6.1.7100.0apphelp.dll Application Compatibility Client Library Microsoft Corporation 6.1.7100.0CLBCatQ.DLL COM+ Configuration Catalog Microsoft Corporation 2001.12.8030.0COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.10.7100.19comctl32.dll.mui User Experience Controls Library Microsoft Corporation 6.10.7100.0comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.1.7100.0CRYPT32.dll Crypto API32 Microsoft Corporation 6.1.7100.0CRYPTBASE.dll Base cryptographic API DLL Microsoft Corporation 6.1.7100.0CRYPTSP.dll Cryptographic Service Provider API Microsoft Corporation 6.1.7100.0dhcpcsvc.DLL DHCP Client Service Microsoft Corporation 6.1.7100.0dhcpcsvc6.DLL DHCPv6 Client Microsoft Corporation 6.1.7100.0DnsApi.dll DNS Client API DLL Microsoft Corporation 6.1.7100.0DUser.dll Windows DirectUser Engine Microsoft Corporation 6.1.7100.0duser.dll.mui Windows DirectUser Engine Microsoft Corporation 6.1.7100.0dwmapi.dll Microsoft Desktop Window Manager API Microsoft Corporation 6.1.7100.0FirewallAPI.dll Windows Firewall API Microsoft Corporation 6.1.7100.0fwpuclnt.dll FWP/IPsec User-Mode API Microsoft Corporation 6.1.7100.0GDI32.dll GDI Client DLL Microsoft Corporation 6.1.7100.19ieframe.dll Internet Browser Microsoft Corporation 8.0.7100.4129iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 8.0.7100.13imageres.dll Windows Image Resource Microsoft Corporation 6.1.7100.0IMM32.DLL Multi-User Windows IMM32 API Client DLL Microsoft Corporation 6.1.7100.0Iphlpapi.dll IP Helper API Microsoft Corporation 6.1.7100.0kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 6.1.7100.0KERNELBASE.dll Windows NT BASE API Client DLL Microsoft Corporation 6.1.7100.0KernelBase.dll.mui Windows NT BASE API Client DLL Microsoft Corporation 6.1.7100.0locale.nls LPK.dll Language Pack Microsoft Corporation 6.1.7100.0MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 6.1.7100.0MSCTF.dll MSCTF Server DLL Microsoft Corporation 6.1.7100.0msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.7100.0mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 6.1.7100.0napinsp.dll E-mail Naming Shim Provider Microsoft Corporation 6.1.7100.0NLAapi.dll Network Location Awareness 2 Microsoft Corporation 6.1.7100.0normnfd.nls NSI.dll NSI User-mode interface DLL Microsoft Corporation 6.1.7100.0ntdll.dll NT Layer DLL Microsoft Corporation 6.1.7100.0ntdll.dll NT Layer DLL Microsoft Corporation 6.1.7100.0ntmarta.dll Windows NT MARTA provider Microsoft Corporation 6.1.7100.0ole32.dll Microsoft OLE for Windows Microsoft Corporation 6.1.7100.0OLEACC.dll Active Accessibility Core Component Microsoft Corporation 7.0.0.0oleaccrc.dll Active Accessibility Resource DLL Microsoft Corporation 7.0.0.0oleaut32.dll Microsoft Corporation 6.1.7100.0pnrpnsp.dll PNRP Name Space Provider Microsoft Corporation 6.1.7100.0profapi.dll User Profile Basic API Microsoft Corporation 6.1.7100.0PROPSYS.dll Microsoft Property System Microsoft Corporation 7.0.7100.0PSAPI.DLL Process Status Helper Microsoft Corporation 6.1.7100.0rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 6.1.7100.0RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 6.1.7100.0rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 6.1.7100.0sechost.dll Host for SCM/SDDL/LSA Lookup APIs Microsoft Corporation 6.1.7100.0SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.1.7100.0shfolder.dll Shell Folder Service Microsoft Corporation 6.1.7100.0SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.1.7100.0SortDefault.nls SspiCli.dll Security Support Provider Interface Microsoft Corporation 6.1.7100.0StaticCache.dat urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 8.0.7100.18USER32.dll Multi-User Windows USER API Client DLL Microsoft Corporation 6.1.7100.19USERENV.dll Userenv Microsoft Corporation 6.1.7100.0USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.626.7100.0uTorrent.exe µTorrent BitTorrent, Inc. 1.8.4.16688uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.1.7100.0VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 6.1.7100.0WINNSI.DLL Network Store Information RPC interface Microsoft Corporation 6.1.7100.0winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 6.1.7100.0WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 6.1.7100.0wow64.dll Win32 Emulation on NT64 Microsoft Corporation 6.1.7100.0wow64cpu.dll AMD64 Wow64 CPU Microsoft Corporation 6.1.7100.0wow64win.dll Wow64 Console and Win32 API Logging Microsoft Corporation 6.1.7100.0WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 6.1.7100.0wship6.dll Winsock2 Helper DLL (TL/IPv6) Microsoft Corporation 6.1.7100.0wshtcpip.dll Winsock2 Helper DLL (TL/IPv4) Microsoft Corporation 6.1.7100.0
darkclaw Posted October 28, 2009 Author Report Posted October 28, 2009 normnfd.nlsNorman AV/firewall?No, i don't have any other AV other than NOD32 and I am currently using Windows Firewall.Just tried resuming again and new error appeared: error 63557632
Switeck Posted October 29, 2009 Report Posted October 29, 2009 Ok, my previous guess could be a false alarm. Did you find out what that file was using GOOGLE?This doesn't appear...normal:F2 - REG:system.ini: UserInit=userinit.exe
darkclaw Posted October 29, 2009 Author Report Posted October 29, 2009 Ok, my previous guess could be a false alarm. Did you find out what that file was using GOOGLE?This doesn't appear...normal:F2 - REG:system.ini: UserInit=userinit.exenormnfd.nls is a Windows file as is userinit.exe.I scanned my whole hard drive using latest definitions and I don't have any kind of virus or malware.
leolgl Posted October 29, 2009 Report Posted October 29, 2009 Hello, I am having the same problem with Windows 7. I had no problems on Vista.I just recently installed Win7 and there a very few programs installed. I don't have things like Google desktop or Roxio. My antivirus is NOD32 (the same as I used on vista).I suspect that Windows indexer is the culprit in my case. I had the indexer disabled on Vista, but it is enabled on Seven.I didn't want to disable it entirely, since it doesn't seem to slow the system down like it did in Vista, and it's quite useful. Is there a way to solve the problem without doing this?
GTHK Posted October 29, 2009 Report Posted October 29, 2009 Hmmmmmm disable indexing for that folder? That applies to Vista, not sure about Win7..
darkclaw Posted October 29, 2009 Author Report Posted October 29, 2009 Indexing is already disabled in my case.
moogly Posted October 29, 2009 Report Posted October 29, 2009 Did you try to use the freeware Unlocker (http://ccollomb.free.fr/unlocker/) with a file displaying this error in uT to see which process is using it?
leolgl Posted October 29, 2009 Report Posted October 29, 2009 Here is the Hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:54:52, on 29/10/2009Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Program Files (x86)\Java\jre6\bin\jusched.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Users\Leonardo\Documents\Temporários\Programas\Hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exeO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllO4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dllO9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLLO13 - Gopher Prefix: O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exeO23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exeO23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)--End of file - 5718 bytesI tried using a program to see which process was trying to acces the file (I think it was Process Monitor or something), but it was too complicated to use for me. I'll try this Unlocker.Currently I was downloading 2 torrents. One of them had this problem, but already finished downloading (all I have to do is force start and it continues downloading normally). The other is still downloading, and hasn't shown any problems yet.Edit: I just saw that Nero indexer on the log. I just installed Nero this afternoon, and the problem was already happening before it. Nevertheless, I'll find a way to disable it
moogly Posted October 29, 2009 Report Posted October 29, 2009 Yep, NMIndexingService - Nero AG is the culprit. Try to set it to exclude the torrent download folder. Or disable it.Another culprit can be ESET, there is a thread here to set ESET and prevent this error.
leolgl Posted October 29, 2009 Report Posted October 29, 2009 As I said, the problem already appeared before installing Nero. Anyway, it is disabled now.I'll download Unlocker and keep watching to see if it happens again.Should I set Unlocker to watch the .torrent file, or the actual file I'm downloading?
leolgl Posted October 29, 2009 Report Posted October 29, 2009 Unlocker doesn't seem to be working, and I found this on their website:Does unlocker work on Windows XP 64 or Vista 64? Not yet, I am working on it.My Windows 7 is 64, unfortunately.In addition to disabling Nero indexer, I also disabled windows indexer on my Downloads folder. I'll keep watching to see if it happens again.. perhaps download again a file that was constantly causing trouble
Recommended Posts
Archived
This topic is now archived and is closed to further replies.