Jump to content

Access denied with Hijack log


seol1500

Recommended Posts

Hi,

I find this one file repeatedly stopping with error : process is being used.

Why is this happening?

Many thanks in advance.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 오전 11:24:39, on 2011-01-26

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16700)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

D:\Program Files\VMware\VMware Player\hqtray.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

D:\Program Files\Executor\Executor.exe

C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe

D:\Libraries\Startup\windowspager-0.99almostOneC\windowspager-0.99almostOneC\windowspager\windowspager.exe

D:\Libraries\Startup\windowspager-0.99almostOneC\windowspager-0.99almostOneC\windowspager\lib\manager.exe

D:\Libraries\Startup\windowspager-0.99almostOneC\windowspager-0.99almostOneC\windowspager\lib\hookstarter32.exe

C:\Windows\explorer.exe

C:\Windows\System32\taskmgr.exe

d:\Program Files\uTorrent\uTorrent.exe

C:\Windows\explorer.exe

D:\Program Files\Mozilla Firefox\firefox.exe

D:\Program Files\Mozilla Firefox\plugin-container.exe

D:\Downloads\HijackThis.exe

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [bCSSync] "D:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [VMware hqtray] "D:\Program Files\VMware\VMware Player\hqtray.exe"

O4 - HKCU\..\Run: [uTorrent] "d:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [Executor] "d:\Program Files\Executor\executor.exe" -s

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - Startup: windowspager.exe - Shortcut.lnk = D:\Libraries\Startup\windowspager-0.99almostOneC\windowspager-0.99almostOneC\windowspager\windowspager.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://D:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: d:\program files\vmware\vmware player\vsocklib.dll

O10 - Unknown file in Winsock LSP: d:\program files\vmware\vmware player\vsocklib.dll

O15 - ESC Trusted Zone: http://*.update.microsoft.com

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - D:\Program Files\VMware\VMware Player\vmware-ufad.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program Files\VMware\VMware Player\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe

O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe

--

End of file - 5269 bytes

Link to comment
Share on other sites

Did you double-check the security properties on the file/folder in question to make sure that the user account running uTorrent has full control over the location?

Thank you for your prompt reply DreadWingKnight, I have just enabled full control for that folder from the user account. But if this is the case why isn't it enabled as default? All other files I downloaded had no problem whatsoever.

Unfortunately I am unable to retest it because Win7 prevents me deleting the file downloading "requires permission from the admin" despite logged in as Admin.

This happened to me before and I know take ownership does not help deleting the file, last time I only managed to delete it by formatting the windows.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...