Kullervo Posted July 28, 2010 Report Share Posted July 28, 2010 Utorrent is the only app that does this. First i thought it could be some kind of virus, so i did a boot scan on Avast, and used also AVG and SystemCare but didn't find anything.The program always worked well till 1 week ago. Here's the log file. Thx for checking my problem in advance:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 0:12:07, on 29-07-2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Programas\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\Explorer.EXEC:\Programas\Analog Devices\Core\smax4pnp.exeC:\Programas\Analog Devices\SoundMAX\Smax4.exeC:\Program Files\ASUS\AI Remote\AiRc.exeC:\Programas\Java\jre6\bin\jusched.exeC:\Programas\Microsoft IntelliType Pro\itype.exeC:\Programas\Microsoft IntelliPoint\ipoint.exeC:\Program Files\ASUS\AI Remote\AiRemote.exeC:\PROGRA~1\ALWILS~1\Avast5\avastUI.exeC:\Programas\Ficheiros comuns\Ahead\Lib\NMBgMonitor.exeC:\Programas\Windows Live\Messenger\msnmsgr.exeC:\Programas\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfmon.exeC:\Programas\Microsoft IntelliPoint\dpupdchk.exeC:\Programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\WINDOWS\system32\spoolsv.exeC:\Programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\WINDOWS\system32\svchost.exeC:\Programas\Java\jre6\bin\jqs.exeC:\WINDOWS\runservice.exeC:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Programas\CyberLink\Shared files\RichVideo.exeC:\Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Programas\TomTom HOME 2\TomTomHOMEService.exeC:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exeC:\WINDOWS\system32\wbem\wmiapsrv.exeC:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexStoreSvr.exeC:\WINDOWS\System32\svchost.exeC:\Programas\Windows Live\Contacts\wlcomm.exeC:\WINDOWS\system32\svchost.exeC:\Programas\Internet Explorer\iexplore.exeC:\Programas\Java\jre6\bin\jucheck.exeC:\Programas\Windows Live\Toolbar\wltuser.exeC:\Programas\uTorrent\uTorrent.exeC:\Programas\Internet Explorer\iexplore.exeC:\Programas\Internet Explorer\iexplore.exeC:\Documents and Settings\Luis\Ambiente de trabalho\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = HiperligaçõesF2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exeO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dllO2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dllO2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programas\Windows Live\Toolbar\wltcore.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programas\Windows Live\Toolbar\wltcore.dllO4 - HKLM\..\Run: [soundMAXPnP] C:\Programas\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [soundMAX] "C:\Programas\Analog Devices\SoundMAX\Smax4.exe" /trayO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exeO4 - HKLM\..\Run: [Ai Remote Help] "C:\Program Files\ASUS\AI Remote\AiRc.exe"O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe bootO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [startCCC] "C:\Programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [itype] "C:\Programas\Microsoft IntelliType Pro\itype.exe"O4 - HKLM\..\Run: [intelliPoint] "C:\Programas\Microsoft IntelliPoint\ipoint.exe"O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /noguiO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programas\Ficheiros comuns\Ahead\Lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [{F9149148-E81F-82F4-D465-7E941F6E0FD7}] "C:\Documents and Settings\Luis\Application Data\Oqqeu\neru.exe"O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: wwwxbv32.exeO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exeO16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futuremark.com/openapi/receivers/FMSI.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cabO22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Daemon da cache de categorias dos componentes - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: avast! Antivirus - AVAST Software - C:\Programas\Alwil Software\Avast5\AvastSvc.exeO23 - Service: avast! Mail Scanner - AVAST Software - C:\Programas\Alwil Software\Avast5\AvastSvc.exeO23 - Service: avast! Web Scanner - AVAST Software - C:\Programas\Alwil Software\Avast5\AvastSvc.exeO23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Programas\Dragon Age\bin_ship\DAUpdaterSvc.Service.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programas\Google\Update\GoogleUpdate.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exeO23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exeO23 - Service: NBService - Nero AG - C:\Programas\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programas\CyberLink\Shared files\RichVideo.exeO23 - Service: TomTomHOMEService - TomTom - C:\Programas\TomTom HOME 2\TomTomHOMEService.exeO24 - Desktop Component 0: (no name) - http://bp2.blogger.com/_L-XlgbsEZfg/Rq8hDDSN23I/AAAAAAAACFY/sb_ianSzxd4/s1600/Fiat500_wallpaper.jpg--End of file - 10211 bytes Link to comment Share on other sites More sharing options...
paintball9 Posted July 29, 2010 Report Share Posted July 29, 2010 Uninstall Nero, The indexer could be interfering by locking files as soon as they get created. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.