Access denied to Administrator

[g_goyal2000]

I am the adminstrator of my PC.
I have Windows XP Pro SP2 installed with all the latest updates.
The problem is: since today, I have been getting Access Denied error.
Whenever I try to modify any service or change in System Configuration Utility (msconfig.exe), I get an Access Denied error.

The error says:
An Access Denied error was returned while attempting to change a service. You may need to log on using an Administrator account to make the specified changes.


Kindly help me.

 

[anandk]

go to start>settings>control panel>users and passwords
set up that "users have to enter a password" This will allow you to do just that..

When you are done, uncheck "users must enter password" this way windows will continue to log you on as usual...

*tech.yahoo.com/qa/1006021605664

ps : btw r u using za ?

 

[minniawochat]

Is it Work ?.

I use Xtek Xsetup to modify things

Thanks

 

[g_goyal2000]

go to start>settings>control panel>users and passwords
set up that "users have to enter a password" This will allow you to do just that..

When you are done, uncheck "users must enter password" this way windows will continue to log you on as usual...

*tech.yahoo.com/qa/1006021605664

ps : btw r u using za ?

U clearly didn't understand my problem.
__________
Actually, I am able to run all the windows programs & services.

But the problem is, when I try to change (automatic/manual/disable) any service in services.msc or check/uncheck any service, I get the above mentioned error. But the case is, the changes actually happen inspite of giving me the error.

I have been using Zonealarm Pro for past 5-6 years and never faced any problem.

I have scanned my computer with Ad-aware, Spybot S&D, Spyware Doctor, Pc-cillin, Zonealarm Anti-spyware using latest definitions. But found nothing.

Plz somebody help me.

 

[ilugd]

i guess you seem to have played around with some tweaking software or gpedit to remove permission for all users to change service settings. Thats why windows is giving the namesake warning. Must be some registry thing

 

[g_goyal2000]

Ok, here's the update.
I checked my system for any other problem such as this and found none.
Have already tried replacing the current msconfig.exe with one from ServicePackFiles but of no use.

I'm keeping reinstallation as a last resort.

 

[sakumar79]

In msconfig, is only the services tab showing the problem or do other tabs also give the problem?

Arun

 

[g_goyal2000]

All tabs are showing the problem.

i guess you seem to have played around with some tweaking software or gpedit to remove permission for all users to change service settings. Thats why windows is giving the namesake warning. Must be some registry thing

I didn't play around with any tweaking software or gpedit.
Dude, I'm a MCSE (Windows 2003 Environment). I know how dangerous it can be to play around with those stuffs.
But being a MCSE doesn't mean I can solve all the problems of Windows.
Plus, I always make a backup before doing any serious changes to my system.

Oh, and yes.
I AM also facing problem with services.msc.
I can open the services.smc but can't change their startup type.
I get an Access Denied error. But I can start/stop/restart them.
So, in the end, I'm being denied access to changes in both msconfig.exe & services.msc.
God knows what more problems I will find next.

 

[sakumar79]

Try this - create a temporary user with admin priviledges. Try running services.msc in the new user login...

Also, post a hijackthis log so that we can check in case any malware is causing the problem...

Next, look at the events console in the admin tools and see if you can get more info on the exact error...

Arun

 

[ilugd]

I didn't mean to say that you didn't know what you were doing. This problem seems to be due to access restricted somewhere unobvious, and usually only registry edits or a tweaker might cause this. Of course, if your system is infected with malware thats a completely different story altogether. Do post the hijackthis log as sakumar suggested.

 

[g_goyal2000]

Try this - create a temporary user with admin priviledges. Try running services.msc in the new user login...

Also, post a hijackthis log so that we can check in case any malware is causing the problem...

Next, look at the events console in the admin tools and see if you can get more info on the exact error...

Arun

Ok, I did what u said.
I created a new user "Gaurav1" with admin rights.
Also, ran both msconfig.exe & services.msc.
The problem was still there with msconfig.exe.
The services.msc was working fine.
But it was also now working fine in my original user "Gaurav" & "Administrator" user.

Ok, upto now what I have figured is that there is something that is messing with admin rights.

Previously I had posted that "services.msc" was not working. And it actually wasn't.
Then I tried one of the solutions given below (plz scroll down).
"services.msc" then started working. So, I edited my post.
But then it again stopped working (services.msc).
Then I again tried the same solution & it started working again.
I don't know what's messing with rights to "services.msc".
I'm really starting to get pissed off. I don't know what's the deal.

It seems that the rights for the "Administrators" group have been messed up with.
------------------------------------------------------------------------------

Also, I found a couple of posts on net about how to reset my system policies & rights.
Some of them are as follows:

The first solution was:

secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

The problem with above command is, it actually executes but later says that the file is missing. "secsetup.inf" file is there in my system but there is no "secsetup.sdb" file.
So, basically this solution was a big flop. I'm posting it's log file:

Sunday, December 03, 2006 9:47:23 PM
----Configuration engine was initialized successfully.----

----Reading Configuration Template info...


----Configure User Rights...
Configure S-1-5-20.
Configure S-1-5-19.
Configure S-1-5-32-551.
Configure S-1-5-32-544.
Configure S-1-1-0.
Configure S-1-5-32-545.
Configure S-1-5-32-547.
Configure S-1-5-21-527237240-1220945662-839522115-501.
Configure S-1-5-32-555.

User Rights configuration was completed successfully.


----Configure Group Membership...
Configure Users.
remove FAMILY-PC\Gaurav 1.

Group Membership configuration was completed successfully.


----Configure Registry Keys...
Configure users\.default.
Configure users\.default\software\microsoft\netdde.
Configure machine\software.
Configure machine\software\classes.
Configure machine\software\classes\.hlp.
Configure machine\software\classes\helpfile.
Configure machine\software\microsoft\ads\providers\ldap\extensions.
Configure machine\software\microsoft\ads\providers\nds.
Configure machine\software\microsoft\ads\providers\nwcompat.
Configure machine\software\microsoft\ads\providers\winnt.
Configure machine\software\microsoft\command processor.
Configure machine\software\microsoft\cryptography.
Configure machine\software\microsoft\cryptography\calais.
Configure machine\software\microsoft\driver signing.
Configure machine\software\microsoft\enterprisecertificates.
Configure machine\software\microsoft\netdde.
Configure machine\software\microsoft\non-driver signing.
Configure machine\software\microsoft\ole.
Configure machine\software\microsoft\rpc.
Configure machine\software\microsoft\secure.
Configure machine\software\microsoft\systemcertificates.
Configure machine\software\microsoft\upnp device host.
Configure machine\software\microsoft\windows\currentversion\explorer\user shell folders.
Configure machine\software\microsoft\windows\currentversion\reliability.
Configure machine\software\microsoft\windows\currentversion\runonce.
Configure machine\software\microsoft\windows\currentversion\runonceex.
Configure machine\software\microsoft\windows\currentversion\telephony.
Configure machine\software\microsoft\windows nt\currentversion\accessibility.
Configure machine\software\microsoft\windows nt\currentversion\aedebug.
Configure machine\software\microsoft\windows nt\currentversion\asr\commands.
Configure machine\software\microsoft\windows nt\currentversion\classes.
Configure machine\software\microsoft\windows nt\currentversion\drivers32.
Configure machine\software\microsoft\windows nt\currentversion\efs.
Configure machine\software\microsoft\windows nt\currentversion\font drivers.
Configure machine\software\microsoft\windows nt\currentversion\fontmapper.
Configure machine\software\microsoft\windows nt\currentversion\image file execution options.
Configure machine\software\microsoft\windows nt\currentversion\inifilemapping.
Configure machine\software\microsoft\windows nt\currentversion\perflib.
Configure machine\software\microsoft\windows nt\currentversion\profilelist.
Configure machine\software\microsoft\windows nt\currentversion\secedit.
Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole.
Configure machine\software\microsoft\windows nt\currentversion\svchost.
Configure machine\software\microsoft\windows nt\currentversion\terminal server\install\software\microsoft\windows\currentversion\runonce.
Configure machine\software\microsoft\windows nt\currentversion\time zones.
Configure machine\software\microsoft\windows nt\currentversion\windows.
Configure machine\software\microsoft\windows nt\currentversion\winlogon.
Configure machine\software\policies.
Configure machine\system.
Configure machine\system\currentcontrolset\control\class.
Configure machine\system\currentcontrolset\control\keyboard layout.
Configure machine\system\currentcontrolset\control\keyboard layouts.
Configure machine\system\currentcontrolset\control\network.
Configure machine\system\currentcontrolset\control\securepipeservers\winreg.
Configure machine\system\currentcontrolset\control\session manager\executive.
Configure machine\system\currentcontrolset\control\timezoneinformation.
Configure machine\system\currentcontrolset\control\wmi\security.
Warning 5: Access is denied.
Error setting security on machine\system\currentcontrolset\services\sptd\Cfg.
Error 234: More data is available.
Error enumerating info for machine\system\currentcontrolset\services.

Configuration of Registry Keys was completed with one or more errors.


----Configure File Security...
No acl support on volume D:\.
No acl support on volume C:\.

File Security configuration was completed successfully.


----Configure General Service Settings...
Configure W32Time.
Configure upnphost.
Configure TrkWks.
Configure SSDPSRV.
Configure Spooler.
Configure SENS.
Configure seclogon.
Configure secdrv.
Warning 2: The system cannot find the file specified.
Error configuring secdrv.

General Service configuration was completed with one or more errors.


----Configure available attachment engines...

Configuration of attachment engines was completed successfully.


----Configure Security Policy...
Configure password information.
LSA anonymous lookup names setting : existing SD = DD;;0x800;;;AN)(A;;0xf1fff;;;BA)(A;;0x20801;;;WD)(A;;0x801;;;AN)(A;;0x1000;;;LS)(A;;0x1000;;;NS).
Configure LSA anonymous lookup setting.
Guest account is disabled.

System Access configuration was completed successfully.
Configure log settings.

Audit/Log configuration was completed successfully.
Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\securitylevel.
Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\setcommand.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\allocatecdroms.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\allocatedasd.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\allocatefloppies.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\cachedlogonscount.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\forceunlocklogon.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\passwordexpirywarning.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\scremoveoption.
Configure machine\software\microsoft\windows\currentversion\policies\system\dontdisplaylastusername.
Configure machine\software\microsoft\windows\currentversion\policies\system\legalnoticecaption.
Configure machine\software\microsoft\windows\currentversion\policies\system\legalnoticetext.
Configure machine\software\microsoft\windows\currentversion\policies\system\shutdownwithoutlogon.
Configure machine\software\microsoft\windows\currentversion\policies\system\undockwithoutlogon.
Configure machine\system\currentcontrolset\control\lsa\auditbaseobjects.
Configure machine\system\currentcontrolset\control\lsa\crashonauditfail.
Configure machine\system\currentcontrolset\control\lsa\disabledomaincreds.
Configure machine\system\currentcontrolset\control\lsa\everyoneincludesanonymous.
Configure machine\system\currentcontrolset\control\lsa\fipsalgorithmpolicy.
Configure machine\system\currentcontrolset\control\lsa\forceguest.
Configure machine\system\currentcontrolset\control\lsa\fullprivilegeauditing.
Configure machine\system\currentcontrolset\control\lsa\limitblankpassworduse.
Configure machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
Configure machine\system\currentcontrolset\control\lsa\msv1_0\ntlmminclientsec.
Configure machine\system\currentcontrolset\control\lsa\msv1_0\ntlmminserversec.
Configure machine\system\currentcontrolset\control\lsa\nodefaultadminowner.
Configure machine\system\currentcontrolset\control\lsa\nolmhash.
Configure machine\system\currentcontrolset\control\lsa\restrictanonymous.
Configure machine\system\currentcontrolset\control\lsa\restrictanonymoussam.
Configure machine\system\currentcontrolset\control\print\providers\lanman print services\servers\addprinterdrivers.
Configure machine\system\currentcontrolset\control\session manager\kernel\obcaseinsensitive.
Configure machine\system\currentcontrolset\control\session manager\memory management\clearpagefileatshutdown.
Configure machine\system\currentcontrolset\control\session manager\protectionmode.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\autodisconnect.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enableforcedlogoff.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecuritysignature.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\requiresecuritysignature.
Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\enableplaintextpassword.
Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\enablesecuritysignature.
Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\requiresecuritysignature.
Configure machine\system\currentcontrolset\services\ldap\ldapclientintegrity.
Configure machine\system\currentcontrolset\services\netlogon\parameters\disablepasswordchange.
Configure machine\system\currentcontrolset\services\netlogon\parameters\maximumpasswordage.
Configure machine\system\currentcontrolset\services\netlogon\parameters\requiresignorseal.
Configure machine\system\currentcontrolset\services\netlogon\parameters\requirestrongkey.
Configure machine\system\currentcontrolset\services\netlogon\parameters\sealsecurechannel.
Configure machine\system\currentcontrolset\services\netlogon\parameters\signsecurechannel.

Configuration of Registry Values was completed successfully.


----Configure available attachment engines...

Configuration of attachment engines was completed successfully.


----Un-initialize configuration engine...

------------------------------------------------------------------------------

The second solution was:

a. Install subinacl.msi from *go.microsoft.com/fwlink/?LinkId=23418
b. Create a batch file, reset.cmd, that contains the lines below, and save it to C:\Program Files\Windows Resource Kits\Tools

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f
subinacl /subdirectories %SystemDrive% /grant=administrators=f

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=system=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=f
subinacl /subdirectories %SystemDrive% /grant=system=f

c. Open a command prompt and type the following:

c:\>cd\program files\windows resource kits\tools
c:\program files\windows resource kits\tools>reset.cmd

The result of this solution:
It runs in DOS mode & very fast so unable to see what was happening. It gave a few errors but no log file so can't tell. Even if there was log file, I don't know where it is created.
Anyway, I was able to identify 2 errors by watching carefully. Access was denied to following 2 keys:
hklm\security\policy\secrets\sai
hklm\security\policy\secrets\sac

I can't open them manually too using regedit.

The "services.msc" problem got fixed due to this solution but still face "msconfig.exe" problem.

You can read the above mentioned solutions plus additional info on following link:
*forums.windowsitpro.com/web/forum/messageview.aspx?catid=36&threadid=50160&enterthread=y

------------------------------------------------------------------------------

The HijackThis log is as follows:

Logfile of HijackThis v1.99.1
Scan saved at 9:19:02 PM, on 12/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\Windows\System32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
D:\WINDOWS\System32\svchost.exe
D:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
D:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
D:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\MSI\Core Center\CoreCenter.exe
D:\Program Files\SAMSUNG\Samsung Internet Keyboard\MMKbd.exe
D:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
D:\Program Files\Mozilla Firefox\firefox.exe
F:\Installers\Security\Hijack This v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = *go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = *go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = *go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = *go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - D:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - D:\Program Files\SysShield Tools\Internet Eraser\PKExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - D:\Program Files\SiteAdvisor\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [pccguide.exe] "D:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [EM_EXEC] D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: CoreCenter.lnk = D:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Internet Keyboard.lnk = ?
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: CuteShield Internet Eraser - {4A0EF50C-6A4A-4b30-84D8-53D5BC95C043} - D:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - *www.aajtak.com/wfplayer/tdserver.cab
O16 - DPF: {0606FB52-E881-4337-A77C-5C3E5ADC9C55} (XLoader Control) - *testout.com/portal/AllUsers/XLoader.ocx
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - *download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - *update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123321973562
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - *update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136479693968
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - *127.0.0.1/tsweb/msrdp.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - *gameadvisor.futuremark.com/global/msc311.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{23E3E14B-3668-4BA1-AF06-1253BAE274C8}: NameServer = 203.94.243.70,203.94.227.70,59.179.243.70
O17 - HKLM\System\CS1\Services\Tcpip\..\{23E3E14B-3668-4BA1-AF06-1253BAE274C8}: NameServer = 203.94.243.70,203.94.227.70,59.179.243.70
O17 - HKLM\System\CS2\Services\Tcpip\..\{23E3E14B-3668-4BA1-AF06-1253BAE274C8}: NameServer = 203.94.243.70,203.94.227.70,59.179.243.70
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - D:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - D:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - D:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - D:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZONELABS\vsmon.exe

------------------------------------------------------------------------------

The HijackThis startup log file is as follows:

StartupList report, 12/3/2006, 9:20:19 PM
StartupList version: 1.52.2
Started from : F:\Installers\Security\Hijack This v1.99.1.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.5730.0011)
* Using default options
==================================================

Running processes:

D:\WINDOWS\System32\smss.exe
D:\Windows\System32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
D:\WINDOWS\System32\svchost.exe
D:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
D:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
D:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\MSI\Core Center\CoreCenter.exe
D:\Program Files\SAMSUNG\Samsung Internet Keyboard\MMKbd.exe
D:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
D:\Program Files\Mozilla Firefox\firefox.exe
F:\Installers\Security\Hijack This v1.99.1.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[D:\Documents and Settings\All Users\Start Menu\Programs\Startup]
CoreCenter.lnk = D:\Program Files\MSI\Core Center\CoreCenter.exe
Internet Keyboard.lnk = ?
APC UPS Status.lnk = ?

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = D:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Zone Labs Client = "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
NeroFilterCheck = D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
pccguide.exe = "D:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
EM_EXEC = D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = D:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

Shell & screensaver key from D:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=D:\WINDOWS\System32\3DWIND~1.SCR
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - (no file) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - D:\Program Files\SiteAdvisor\SiteAdv.dll - {089FD14D-132B-48FC-8861-0048AE113215}
(no name) - D:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
(no name) - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
SysShield IE Popup Blocker - D:\Program Files\SysShield Tools\Internet Eraser\PKExt.dll - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80}
(no name) - d:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll - {B56A7D7D-6927-48C8-A975-17DF180C71AC}

--------------------------------------------------

Enumerating Task Scheduler jobs:

ecrunXP.job
Critical Battery Alarm Program.job

--------------------------------------------------

Enumerating Download Program Files:

[TDServer Control]
InProcServer32 = D:\WINDOWS\DOWNLO~1\tdserver.ocx
CODEBASE = *www.aajtak.com/wfplayer/tdserver.cab

[XLoader Control]
InProcServer32 = D:\WINDOWS\DOWNLO~1\XLoader.ocx
CODEBASE = *testout.com/portal/AllUsers/XLoader.ocx

[Macromedia Authorware Web Player Control]
InProcServer32 = D:\WINDOWS\system32\macromed\authorwa\awswax.ocx
CODEBASE = *fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab

[Office Update Installation Engine]
InProcServer32 = D:\WINDOWS\opuc.dll
CODEBASE = *office.microsoft.com/officeupdate/content/opuc3.cab

[{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}]
CODEBASE = *download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

[WUWebControl Class]
InProcServer32 = D:\WINDOWS\system32\wuweb.dll
CODEBASE = *update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123321973562

[MUWebControl Class]
InProcServer32 = D:\WINDOWS\system32\muweb.dll
CODEBASE = *update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136479693968

[Microsoft RDP Client Control (redist)]
InProcServer32 = D:\WINDOWS\DOWNLO~1\msrdp.ocx
CODEBASE = *127.0.0.1/tsweb/msrdp.cab

[Update Class]
InProcServer32 = D:\WINDOWS\system32\iuctl.dll
CODEBASE = *v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38996.2886226852

[Measurement Services Client v.3.11]
InProcServer32 = D:\WINDOWS\system32\FUTURE~1\MSC\MSC3.ocx
CODEBASE = *gameadvisor.futuremark.com/global/msc311.cab

[Shockwave Flash Object]
InProcServer32 = D:\WINDOWS\system32\Macromed\Flash\Flash9.ocx
CODEBASE = *fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: D:\WINDOWS\system32\SHELL32.dll
CDBurn: D:\WINDOWS\system32\SHELL32.dll
WebCheck: D:\WINDOWS\system32\webcheck.dll
SysTray: D:\WINDOWS\System32\stobject.dll
WPDShServiceObj: D:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
End of report, 7,066 bytes
Report generated in 0.015 seconds
------------------------------------------------------------------------------

 

[sakumar79]

The prosearching entries appear to be hijack.

Usually I do not recommend it straightaway, but I think a format of D drive and a reinstall will be the best way to solve the problem...

Arun

 

[it_waaznt_me]

G Goyal I saw your thread at WindowsITPro too .. There too they've suspected that ZA is culprit. Anyway, I found this at ZA forums try it :

Try disabling the OS Firewall. In ZA do this :
Go to Program Control > Main and press the first "Custom" button from the top. Uncheck "Enable OS Firewall".

Source ZA Forums

 

[g_goyal2000]

G Goyal I saw your thread at WindowsITPro too .. There too they've suspected that ZA is culprit. Anyway, I found this at ZA forums try it :

Try disabling the OS Firewall. In ZA do this :
Go to Program Control > Main and press the first "Custom" button from the top. Uncheck "Enable OS Firewall".

Source ZA Forums

Like I said previously, I've been using Zonealarm Pro for past 5-6 years and keep update it as soon as a new version is available. I never faced this problem with Zonealarm before.
Anyway, I checked the settings & the OS Firewall was off. I anyway keep it off cos it causes most of Windows Components to ask permission which is quite a nag.
So, back to the problem. No, OS Firewall is not causing the problem.
__________

The prosearching entries appear to be hijack.

Usually I do not recommend it straightaway, but I think a format of D drive and a reinstall will be the best way to solve the problem...

Arun

None of the scans of my anti-spywares & anti-virus showed any trace of "prosearching". How do I remove it?
Also, I'm keeping reinstallation a last solution.

I'm also gonna try removing my HP PSC 1410 Printer software.
Recently, I had installed a security update to it. Some of the posts regarding the issue on other sites had a mention of problem due to HP printer software. So, will try & find out.
Till then, plz keep trying to help.
__________
Here's an update guys.
The HP Tech Support wasn't able to help me.
But I finally managed to solve the problem on my own.
The culprit was a security update I had downloaded for my HP PSC 1410 printer software.
I had downloaded PML Security Update v1.0 for the software from HP's website.
It had caused a service "PML Driver HPZ12" to start in services.msc which was interfering with the rights/privileges.
I uninstalled the software. But still the service didn't go.
Then I manually deleted the leftover files of HP software from program files & windows folders & their sub-folders carefully.
Still no respite.
Ran various registry cleaners but still no use.
Then, finally went to Registry Editor & searched for keywords "pml" & "hpz12" & deleted all entries that showed that they were of HP.
A restart & the problem is gone.
Phew.
I will mail this solution to HP Tech Support for their info.
I don't think they do a thorough testing of their updates before releasing them.
Thank you all who tried to help me.
I appreciate all of your efforts.

 

[it_waaznt_me]

Nice to hear that your problem is solved. It would be good if you notify ZA people about conflict between HP driver and ZA. So others having same problem will be helped.

 

[g_goyal2000]

Nice to hear that your problem is solved. It would be good if you notify ZA people about conflict between HP driver and ZA. So others having same problem will be helped.

There is no conflict between HP Driver & ZA (not that I know of).
The problem in my case was due to HP's PML Driver Update, not ZA.

 

[bbllaahh]

Just joined to post a thank you g_goyal2000. I've had this exact same problem, with no one (including HP) having any answers. Eventually found this thread and your solution worked a charm. Thanks!

 

[Vishal Gupta]

Thats gr8 buddy that u got ur problem solved by just going thru this thread

Keep posting in the forum and u'll get many new informations

 

[deback]

Thanks to the original poster who mentioned this might be an HP PML update problem. Tonight, I updated my HP 8200 Photosmart software. Since then, I've been receiving "access denied" messages when trying to use msconfig and when trying to disable the HPZ12 PML driver when running services.msc (Error 5: Access Denied).

I found the solution in another forum on how to fix the "access denied" messages and how to disable the hpzipm12.exe program from loading automatically when running services.msc (for those having these problems after updating your HP PML software and not from Zone Alarm).

Run RegEdit.
Under /HKLM/System/CurrentControlSet/Services/PML Driver HPZ12, click on Start at the right, and then change the Dword value from 2 (automatic) or 3 (I believe for manual) to 4 (for disabled).

After I did this, I've received no "access denied" messages when running msconfig and services.msc.

After spending a couple of hours looking for a fix, I thought I'd come back here and post the solution in hopes it will save time for others.

Thanks!

 

[g_goyal2000]

Well my hard disk just crashed.
Just lost around 3 years of data including videos, songs, imp. documents, etc.
Anyway, I'll get my hard disk replaced and will install everything fresh (do I have a choice? ).
So deback, I'll try your solution then.
Till then, sit tight (or whichever way u like).