Access denied to Administrator

Discussion in 'Software Q&A' started by g_goyal2000, Dec 2, 2006.

Thread Status:
Not open for further replies.
  1. g_goyal2000

    g_goyal2000 Member

    Joined:
    Jul 2, 2004
    Messages:
    681
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    New Delhi
    I am the adminstrator of my PC.
    I have Windows XP Pro SP2 installed with all the latest updates.
    The problem is: since today, I have been getting Access Denied error.
    Whenever I try to modify any service or change in System Configuration Utility (msconfig.exe), I get an Access Denied error.

    The error says:
    An Access Denied error was returned while attempting to change a service. You may need to log on using an Administrator account to make the specified changes.


    Kindly help me.
     
  2. anandk

    anandk Distinguished Member

    Joined:
    Mar 8, 2005
    Messages:
    3,786
    Likes Received:
    106
    Trophy Points:
    0
    Location:
    Pune
    go to start>settings>control panel>users and passwords
    set up that "users have to enter a password" This will allow you to do just that..

    When you are done, uncheck "users must enter password" this way windows will continue to log you on as usual...

    http://tech.yahoo.com/qa/1006021605664

    ps : btw r u using za ?
     
  3. minniawochat

    minniawochat New Member

    Joined:
    May 9, 2005
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    0
    Is it Work ?.

    I use Xtek Xsetup to modify things

    Thanks
     
  4. OP
    OP
    g_goyal2000

    g_goyal2000 Member

    Joined:
    Jul 2, 2004
    Messages:
    681
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    New Delhi
    U clearly didn't understand my problem.
    __________
    Actually, I am able to run all the windows programs & services.

    But the problem is, when I try to change (automatic/manual/disable) any service in services.msc or check/uncheck any service, I get the above mentioned error. But the case is, the changes actually happen inspite of giving me the error.

    I have been using Zonealarm Pro for past 5-6 years and never faced any problem.

    I have scanned my computer with Ad-aware, Spybot S&D, Spyware Doctor, Pc-cillin, Zonealarm Anti-spyware using latest definitions. But found nothing.

    Plz somebody help me.
     
    Last edited: Dec 2, 2006
  5. ilugd

    ilugd Beware of the innocent

    Joined:
    Dec 25, 2005
    Messages:
    1,009
    Likes Received:
    3
    Trophy Points:
    0
    i guess you seem to have played around with some tweaking software or gpedit to remove permission for all users to change service settings. Thats why windows is giving the namesake warning. Must be some registry thing
     
  6. OP
    OP
    g_goyal2000

    g_goyal2000 Member

    Joined:
    Jul 2, 2004
    Messages:
    681
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    New Delhi
    Ok, here's the update.
    I checked my system for any other problem such as this and found none.
    Have already tried replacing the current msconfig.exe with one from ServicePackFiles but of no use.

    I'm keeping reinstallation as a last resort.
     
    Last edited: Apr 12, 2007
  7. sakumar79

    sakumar79 Active Member

    Joined:
    Nov 28, 2004
    Messages:
    2,441
    Likes Received:
    9
    Trophy Points:
    38
    Location:
    Madurai
    In msconfig, is only the services tab showing the problem or do other tabs also give the problem?

    Arun
     
  8. OP
    OP
    g_goyal2000

    g_goyal2000 Member

    Joined:
    Jul 2, 2004
    Messages:
    681
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    New Delhi
    All tabs are showing the problem.

    I didn't play around with any tweaking software or gpedit.
    Dude, I'm a MCSE (Windows 2003 Environment). I know how dangerous it can be to play around with those stuffs.
    But being a MCSE doesn't mean I can solve all the problems of Windows.
    Plus, I always make a backup before doing any serious changes to my system.

    Oh, and yes.
    I AM also facing problem with services.msc.
    I can open the services.smc but can't change their startup type.
    I get an Access Denied error. But I can start/stop/restart them.
    So, in the end, I'm being denied access to changes in both msconfig.exe & services.msc.
    God knows what more problems I will find next.
     
    Last edited: Dec 3, 2006
  9. sakumar79

    sakumar79 Active Member

    Joined:
    Nov 28, 2004
    Messages:
    2,441
    Likes Received:
    9
    Trophy Points:
    38
    Location:
    Madurai
    Try this - create a temporary user with admin priviledges. Try running services.msc in the new user login...

    Also, post a hijackthis log so that we can check in case any malware is causing the problem...

    Next, look at the events console in the admin tools and see if you can get more info on the exact error...

    Arun
     
  10. ilugd

    ilugd Beware of the innocent

    Joined:
    Dec 25, 2005
    Messages:
    1,009
    Likes Received:
    3
    Trophy Points:
    0
    I didn't mean to say that you didn't know what you were doing. This problem seems to be due to access restricted somewhere unobvious, and usually only registry edits or a tweaker might cause this. Of course, if your system is infected with malware thats a completely different story altogether. Do post the hijackthis log as sakumar suggested.
     
  11. OP
    OP
    g_goyal2000

    g_goyal2000 Member

    Joined:
    Jul 2, 2004
    Messages:
    681
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    New Delhi
    Ok, I did what u said.
    I created a new user "Gaurav1" with admin rights.
    Also, ran both msconfig.exe & services.msc.
    The problem was still there with msconfig.exe.
    The services.msc was working fine.
    But it was also now working fine in my original user "Gaurav" & "Administrator" user.

    Ok, upto now what I have figured is that there is something that is messing with admin rights.

    Previously I had posted that "services.msc" was not working. And it actually wasn't.
    Then I tried one of the solutions given below (plz scroll down).
    "services.msc" then started working. So, I edited my post.
    But then it again stopped working (services.msc).
    Then I again tried the same solution & it started working again.
    I don't know what's messing with rights to "services.msc".
    I'm really starting to get pissed off. I don't know what's the deal.

    It seems that the rights for the "Administrators" group have been messed up with.
    ------------------------------------------------------------------------------

    Also, I found a couple of posts on net about how to reset my system policies & rights.
    Some of them are as follows:

    The first solution was:

    secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

    The problem with above command is, it actually executes but later says that the file is missing. "secsetup.inf" file is there in my system but there is no "secsetup.sdb" file.
    So, basically this solution was a big flop. I'm posting it's log file:

    Sunday, December 03, 2006 9:47:23 PM
    ----Configuration engine was initialized successfully.----

    ----Reading Configuration Template info...


    ----Configure User Rights...
    Configure S-1-5-20.
    Configure S-1-5-19.
    Configure S-1-5-32-551.
    Configure S-1-5-32-544.
    Configure S-1-1-0.
    Configure S-1-5-32-545.
    Configure S-1-5-32-547.
    Configure S-1-5-21-527237240-1220945662-839522115-501.
    Configure S-1-5-32-555.

    User Rights configuration was completed successfully.


    ----Configure Group Membership...
    Configure Users.
    remove FAMILY-PC\Gaurav 1.

    Group Membership configuration was completed successfully.


    ----Configure Registry Keys...
    Configure users\.default.
    Configure users\.default\software\microsoft\netdde.
    Configure machine\software.
    Configure machine\software\classes.
    Configure machine\software\classes\.hlp.
    Configure machine\software\classes\helpfile.
    Configure machine\software\microsoft\ads\providers\ldap\extensions.
    Configure machine\software\microsoft\ads\providers\nds.
    Configure machine\software\microsoft\ads\providers\nwcompat.
    Configure machine\software\microsoft\ads\providers\winnt.
    Configure machine\software\microsoft\command processor.
    Configure machine\software\microsoft\cryptography.
    Configure machine\software\microsoft\cryptography\calais.
    Configure machine\software\microsoft\driver signing.
    Configure machine\software\microsoft\enterprisecertificates.
    Configure machine\software\microsoft\netdde.
    Configure machine\software\microsoft\non-driver signing.
    Configure machine\software\microsoft\ole.
    Configure machine\software\microsoft\rpc.
    Configure machine\software\microsoft\secure.
    Configure machine\software\microsoft\systemcertificates.
    Configure machine\software\microsoft\upnp device host.
    Configure machine\software\microsoft\windows\currentversion\explorer\user shell folders.
    Configure machine\software\microsoft\windows\currentversion\reliability.
    Configure machine\software\microsoft\windows\currentversion\runonce.
    Configure machine\software\microsoft\windows\currentversion\runonceex.
    Configure machine\software\microsoft\windows\currentversion\telephony.
    Configure machine\software\microsoft\windows nt\currentversion\accessibility.
    Configure machine\software\microsoft\windows nt\currentversion\aedebug.
    Configure machine\software\microsoft\windows nt\currentversion\asr\commands.
    Configure machine\software\microsoft\windows nt\currentversion\classes.
    Configure machine\software\microsoft\windows nt\currentversion\drivers32.
    Configure machine\software\microsoft\windows nt\currentversion\efs.
    Configure machine\software\microsoft\windows nt\currentversion\font drivers.
    Configure machine\software\microsoft\windows nt\currentversion\fontmapper.
    Configure machine\software\microsoft\windows nt\currentversion\image file execution options.
    Configure machine\software\microsoft\windows nt\currentversion\inifilemapping.
    Configure machine\software\microsoft\windows nt\currentversion\perflib.
    Configure machine\software\microsoft\windows nt\currentversion\profilelist.
    Configure machine\software\microsoft\windows nt\currentversion\secedit.
    Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole.
    Configure machine\software\microsoft\windows nt\currentversion\svchost.
    Configure machine\software\microsoft\windows nt\currentversion\terminal server\install\software\microsoft\windows\currentversion\runonce.
    Configure machine\software\microsoft\windows nt\currentversion\time zones.
    Configure machine\software\microsoft\windows nt\currentversion\windows.
    Configure machine\software\microsoft\windows nt\currentversion\winlogon.
    Configure machine\software\policies.
    Configure machine\system.
    Configure machine\system\currentcontrolset\control\class.
    Configure machine\system\currentcontrolset\control\keyboard layout.
    Configure machine\system\currentcontrolset\control\keyboard layouts.
    Configure machine\system\currentcontrolset\control\network.
    Configure machine\system\currentcontrolset\control\securepipeservers\winreg.
    Configure machine\system\currentcontrolset\control\session manager\executive.
    Configure machine\system\currentcontrolset\control\timezoneinformation.
    Configure machine\system\currentcontrolset\control\wmi\security.
    Warning 5: Access is denied.
    Error setting security on machine\system\currentcontrolset\services\sptd\Cfg.
    Error 234: More data is available.
    Error enumerating info for machine\system\currentcontrolset\services.

    Configuration of Registry Keys was completed with one or more errors.


    ----Configure File Security...
    No acl support on volume D:\.
    No acl support on volume C:\.

    File Security configuration was completed successfully.


    ----Configure General Service Settings...
    Configure W32Time.
    Configure upnphost.
    Configure TrkWks.
    Configure SSDPSRV.
    Configure Spooler.
    Configure SENS.
    Configure seclogon.
    Configure secdrv.
    Warning 2: The system cannot find the file specified.
    Error configuring secdrv.

    General Service configuration was completed with one or more errors.


    ----Configure available attachment engines...

    Configuration of attachment engines was completed successfully.


    ----Configure Security Policy...
    Configure password information.
    LSA anonymous lookup names setting : existing SD = D:(D;;0x800;;;AN)(A;;0xf1fff;;;BA)(A;;0x20801;;;WD)(A;;0x801;;;AN)(A;;0x1000;;;LS)(A;;0x1000;;;NS).
    Configure LSA anonymous lookup setting.
    Guest account is disabled.

    System Access configuration was completed successfully.
    Configure log settings.

    Audit/Log configuration was completed successfully.
    Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\securitylevel.
    Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\setcommand.
    Configure machine\software\microsoft\windows nt\currentversion\winlogon\allocatecdroms.
    Configure machine\software\microsoft\windows nt\currentversion\winlogon\allocatedasd.
    Configure machine\software\microsoft\windows nt\currentversion\winlogon\allocatefloppies.
    Configure machine\software\microsoft\windows nt\currentversion\winlogon\cachedlogonscount.
    Configure machine\software\microsoft\windows nt\currentversion\winlogon\forceunlocklogon.
    Configure machine\software\microsoft\windows nt\currentversion\winlogon\passwordexpirywarning.
    Configure machine\software\microsoft\windows nt\currentversion\winlogon\scremoveoption.
    Configure machine\software\microsoft\windows\currentversion\policies\system\dontdisplaylastusername.
    Configure machine\software\microsoft\windows\currentversion\policies\system\legalnoticecaption.
    Configure machine\software\microsoft\windows\currentversion\policies\system\legalnoticetext.
    Configure machine\software\microsoft\windows\currentversion\policies\system\shutdownwithoutlogon.
    Configure machine\software\microsoft\windows\currentversion\policies\system\undockwithoutlogon.
    Configure machine\system\currentcontrolset\control\lsa\auditbaseobjects.
    Configure machine\system\currentcontrolset\control\lsa\crashonauditfail.
    Configure machine\system\currentcontrolset\control\lsa\disabledomaincreds.
    Configure machine\system\currentcontrolset\control\lsa\everyoneincludesanonymous.
    Configure machine\system\currentcontrolset\control\lsa\fipsalgorithmpolicy.
    Configure machine\system\currentcontrolset\control\lsa\forceguest.
    Configure machine\system\currentcontrolset\control\lsa\fullprivilegeauditing.
    Configure machine\system\currentcontrolset\control\lsa\limitblankpassworduse.
    Configure machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
    Configure machine\system\currentcontrolset\control\lsa\msv1_0\ntlmminclientsec.
    Configure machine\system\currentcontrolset\control\lsa\msv1_0\ntlmminserversec.
    Configure machine\system\currentcontrolset\control\lsa\nodefaultadminowner.
    Configure machine\system\currentcontrolset\control\lsa\nolmhash.
    Configure machine\system\currentcontrolset\control\lsa\restrictanonymous.
    Configure machine\system\currentcontrolset\control\lsa\restrictanonymoussam.
    Configure machine\system\currentcontrolset\control\print\providers\lanman print services\servers\addprinterdrivers.
    Configure machine\system\currentcontrolset\control\session manager\kernel\obcaseinsensitive.
    Configure machine\system\currentcontrolset\control\session manager\memory management\clearpagefileatshutdown.
    Configure machine\system\currentcontrolset\control\session manager\protectionmode.
    Configure machine\system\currentcontrolset\services\lanmanserver\parameters\autodisconnect.
    Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enableforcedlogoff.
    Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecuritysignature.
    Configure machine\system\currentcontrolset\services\lanmanserver\parameters\requiresecuritysignature.
    Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\enableplaintextpassword.
    Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\enablesecuritysignature.
    Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\requiresecuritysignature.
    Configure machine\system\currentcontrolset\services\ldap\ldapclientintegrity.
    Configure machine\system\currentcontrolset\services\netlogon\parameters\disablepasswordchange.
    Configure machine\system\currentcontrolset\services\netlogon\parameters\maximumpasswordage.
    Configure machine\system\currentcontrolset\services\netlogon\parameters\requiresignorseal.
    Configure machine\system\currentcontrolset\services\netlogon\parameters\requirestrongkey.
    Configure machine\system\currentcontrolset\services\netlogon\parameters\sealsecurechannel.
    Configure machine\system\currentcontrolset\services\netlogon\parameters\signsecurechannel.

    Configuration of Registry Values was completed successfully.


    ----Configure available attachment engines...

    Configuration of attachment engines was completed successfully.


    ----Un-initialize configuration engine...

    ------------------------------------------------------------------------------

    The second solution was:

    a. Install subinacl.msi from http://go.microsoft.com/fwlink/?LinkId=23418
    b. Create a batch file, reset.cmd, that contains the lines below, and save it to C:\Program Files\Windows Resource Kits\Tools

    subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f
    subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f
    subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f
    subinacl /subdirectories %SystemDrive% /grant=administrators=f

    subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=system=f
    subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f
    subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=f
    subinacl /subdirectories %SystemDrive% /grant=system=f

    c. Open a command prompt and type the following:

    c:\>cd\program files\windows resource kits\tools
    c:\program files\windows resource kits\tools>reset.cmd

    The result of this solution:
    It runs in DOS mode & very fast so unable to see what was happening. It gave a few errors but no log file so can't tell. Even if there was log file, I don't know where it is created.
    Anyway, I was able to identify 2 errors by watching carefully. Access was denied to following 2 keys:
    hklm\security\policy\secrets\sai
    hklm\security\policy\secrets\sac

    I can't open them manually too using regedit.

    The "services.msc" problem got fixed due to this solution but still face "msconfig.exe" problem.

    You can read the above mentioned solutions plus additional info on following link:
    http://forums.windowsitpro.com/web/forum/messageview.aspx?catid=36&threadid=50160&enterthread=y

    ------------------------------------------------------------------------------

    The HijackThis log is as follows:

    Logfile of HijackThis v1.99.1
    Scan saved at 9:19:02 PM, on 12/3/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\Windows\System32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    D:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    D:\WINDOWS\System32\svchost.exe
    D:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    D:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    D:\WINDOWS\system32\ZONELABS\vsmon.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    D:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
    D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\MSI\Core Center\CoreCenter.exe
    D:\Program Files\SAMSUNG\Samsung Internet Keyboard\MMKbd.exe
    D:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    F:\Installers\Security\Hijack This v1.99.1.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - D:\Program Files\SiteAdvisor\SiteAdv.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - D:\Program Files\SysShield Tools\Internet Eraser\PKExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - D:\Program Files\SiteAdvisor\SiteAdv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [pccguide.exe] "D:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
    O4 - HKLM\..\Run: [EM_EXEC] D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: CoreCenter.lnk = D:\Program Files\MSI\Core Center\CoreCenter.exe
    O4 - Global Startup: Internet Keyboard.lnk = ?
    O4 - Global Startup: APC UPS Status.lnk = ?
    O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Download all links using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download link using &BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: CuteShield Internet Eraser - {4A0EF50C-6A4A-4b30-84D8-53D5BC95C043} - D:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.aajtak.com/wfplayer/tdserver.cab
    O16 - DPF: {0606FB52-E881-4337-A77C-5C3E5ADC9C55} (XLoader Control) - http://testout.com/portal/AllUsers/XLoader.ocx
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123321973562
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136479693968
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://127.0.0.1/tsweb/msrdp.cab
    O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{23E3E14B-3668-4BA1-AF06-1253BAE274C8}: NameServer = 203.94.243.70,203.94.227.70,59.179.243.70
    O17 - HKLM\System\CS1\Services\Tcpip\..\{23E3E14B-3668-4BA1-AF06-1253BAE274C8}: NameServer = 203.94.243.70,203.94.227.70,59.179.243.70
    O17 - HKLM\System\CS2\Services\Tcpip\..\{23E3E14B-3668-4BA1-AF06-1253BAE274C8}: NameServer = 203.94.243.70,203.94.227.70,59.179.243.70
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: APC UPS Service - American Power Conversion Corporation - D:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - D:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - D:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - D:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZONELABS\vsmon.exe

    ------------------------------------------------------------------------------

    The HijackThis startup log file is as follows:

    StartupList report, 12/3/2006, 9:20:19 PM
    StartupList version: 1.52.2
    Started from : F:\Installers\Security\Hijack This v1.99.1.EXE
    Detected: Windows XP SP2 (WinNT 5.01.2600)
    Detected: Internet Explorer v7.00 (7.00.5730.0011)
    * Using default options
    ==================================================

    Running processes:

    D:\WINDOWS\System32\smss.exe
    D:\Windows\System32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    D:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    D:\WINDOWS\System32\svchost.exe
    D:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    D:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    D:\WINDOWS\system32\ZONELABS\vsmon.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    D:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
    D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\MSI\Core Center\CoreCenter.exe
    D:\Program Files\SAMSUNG\Samsung Internet Keyboard\MMKbd.exe
    D:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    F:\Installers\Security\Hijack This v1.99.1.exe

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Common Startup:
    [D:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    CoreCenter.lnk = D:\Program Files\MSI\Core Center\CoreCenter.exe
    Internet Keyboard.lnk = ?
    APC UPS Status.lnk = ?

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = D:\WINDOWS\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    Zone Labs Client = "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    NeroFilterCheck = D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    pccguide.exe = "D:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
    EM_EXEC = D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    ctfmon.exe = D:\WINDOWS\system32\ctfmon.exe

    --------------------------------------------------

    Shell & screensaver key from D:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=D:\WINDOWS\System32\3DWIND~1.SCR
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry value not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - (no file) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - D:\Program Files\SiteAdvisor\SiteAdv.dll - {089FD14D-132B-48FC-8861-0048AE113215}
    (no name) - D:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
    (no name) - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
    (no name) - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    (no name) - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
    SysShield IE Popup Blocker - D:\Program Files\SysShield Tools\Internet Eraser\PKExt.dll - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80}
    (no name) - d:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
    (no name) - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll - {B56A7D7D-6927-48C8-A975-17DF180C71AC}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    ecrunXP.job
    Critical Battery Alarm Program.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [TDServer Control]
    InProcServer32 = D:\WINDOWS\DOWNLO~1\tdserver.ocx
    CODEBASE = http://www.aajtak.com/wfplayer/tdserver.cab

    [XLoader Control]
    InProcServer32 = D:\WINDOWS\DOWNLO~1\XLoader.ocx
    CODEBASE = http://testout.com/portal/AllUsers/XLoader.ocx

    [Macromedia Authorware Web Player Control]
    InProcServer32 = D:\WINDOWS\system32\macromed\authorwa\awswax.ocx
    CODEBASE = http://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab

    [Office Update Installation Engine]
    InProcServer32 = D:\WINDOWS\opuc.dll
    CODEBASE = http://office.microsoft.com/officeupdate/content/opuc3.cab

    [{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}]
    CODEBASE = http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

    [WUWebControl Class]
    InProcServer32 = D:\WINDOWS\system32\wuweb.dll
    CODEBASE = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123321973562

    [MUWebControl Class]
    InProcServer32 = D:\WINDOWS\system32\muweb.dll
    CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136479693968

    [Microsoft RDP Client Control (redist)]
    InProcServer32 = D:\WINDOWS\DOWNLO~1\msrdp.ocx
    CODEBASE = http://127.0.0.1/tsweb/msrdp.cab

    [Update Class]
    InProcServer32 = D:\WINDOWS\system32\iuctl.dll
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38996.2886226852

    [Measurement Services Client v.3.11]
    InProcServer32 = D:\WINDOWS\system32\FUTURE~1\MSC\MSC3.ocx
    CODEBASE = http://gameadvisor.futuremark.com/global/msc311.cab

    [Shockwave Flash Object]
    InProcServer32 = D:\WINDOWS\system32\Macromed\Flash\Flash9.ocx
    CODEBASE = http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: D:\WINDOWS\system32\SHELL32.dll
    CDBurn: D:\WINDOWS\system32\SHELL32.dll
    WebCheck: D:\WINDOWS\system32\webcheck.dll
    SysTray: D:\WINDOWS\System32\stobject.dll
    WPDShServiceObj: D:\WINDOWS\system32\WPDShServiceObj.dll

    --------------------------------------------------
    End of report, 7,066 bytes
    Report generated in 0.015 seconds
    ------------------------------------------------------------------------------
     
  12. sakumar79

    sakumar79 Active Member

    Joined:
    Nov 28, 2004
    Messages:
    2,441
    Likes Received:
    9
    Trophy Points:
    38
    Location:
    Madurai
    The prosearching entries appear to be hijack.

    Usually I do not recommend it straightaway, but I think a format of D drive and a reinstall will be the best way to solve the problem...

    Arun
     
  13. it_waaznt_me

    it_waaznt_me Coming back to life ..

    Joined:
    Nov 30, 2003
    Messages:
    2,023
    Likes Received:
    10
    Trophy Points:
    38
    Location:
    A bit closer to heaven
    G Goyal I saw your thread at WindowsITPro too .. There too they've suspected that ZA is culprit. Anyway, I found this at ZA forums try it :

    Try disabling the OS Firewall. In ZA do this :
    Go to Program Control > Main and press the first "Custom" button from the top. Uncheck "Enable OS Firewall".

    Source ZA Forums
     
  14. OP
    OP
    g_goyal2000

    g_goyal2000 Member

    Joined:
    Jul 2, 2004
    Messages:
    681
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    New Delhi
    Like I said previously, I've been using Zonealarm Pro for past 5-6 years and keep update it as soon as a new version is available. I never faced this problem with Zonealarm before.
    Anyway, I checked the settings & the OS Firewall was off. I anyway keep it off cos it causes most of Windows Components to ask permission which is quite a nag.
    So, back to the problem. No, OS Firewall is not causing the problem.
    __________
    None of the scans of my anti-spywares & anti-virus showed any trace of "prosearching". How do I remove it?
    Also, I'm keeping reinstallation a last solution.

    I'm also gonna try removing my HP PSC 1410 Printer software.
    Recently, I had installed a security update to it. Some of the posts regarding the issue on other sites had a mention of problem due to HP printer software. So, will try & find out.
    Till then, plz keep trying to help. :)
    __________
    Here's an update guys.
    The HP Tech Support wasn't able to help me.
    But I finally managed to solve the problem on my own.
    The culprit was a security update I had downloaded for my HP PSC 1410 printer software.
    I had downloaded
    PML Security Update v1.0 for the software from HP's website.
    It had caused a service "PML Driver HPZ12" to start in services.msc which was interfering with the rights/privileges.
    I uninstalled the software. But still the service didn't go.
    Then I manually deleted the leftover files of HP software from program files & windows folders & their sub-folders carefully.
    Still no respite.
    Ran various registry cleaners but still no use.
    Then, finally went to Registry Editor & searched for keywords "pml" & "hpz12" & deleted all entries that showed that they were of HP.
    A restart & the problem is gone.
    Phew.
    I will mail this solution to HP Tech Support for their info.
    I don't think they do a thorough testing of their updates before releasing them.
    Thank you all who tried to help me.
    I appreciate all of your efforts.
     
    Last edited: Dec 4, 2006
  15. it_waaznt_me

    it_waaznt_me Coming back to life ..

    Joined:
    Nov 30, 2003
    Messages:
    2,023
    Likes Received:
    10
    Trophy Points:
    38
    Location:
    A bit closer to heaven
    Nice to hear that your problem is solved. It would be good if you notify ZA people about conflict between HP driver and ZA. So others having same problem will be helped.
     
  16. OP
    OP
    g_goyal2000

    g_goyal2000 Member

    Joined:
    Jul 2, 2004
    Messages:
    681
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    New Delhi
    There is no conflict between HP Driver & ZA (not that I know of).
    The problem in my case was due to HP's PML Driver Update, not ZA.
     
  17. bbllaahh

    bbllaahh New Member

    Joined:
    Dec 6, 2006
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    Just joined to post a thank you g_goyal2000. I've had this exact same problem, with no one (including HP) having any answers. Eventually found this thread and your solution worked a charm. Thanks!:)
     
  18. Vishal Gupta

    Vishal Gupta Microsoft MVP

    Joined:
    Jul 28, 2005
    Messages:
    5,173
    Likes Received:
    121
    Trophy Points:
    0
    Location:
    AskVG.com
    Thats gr8 buddy that u got ur problem solved by just going thru this thread :D

    Keep posting in the forum and u'll get many new informations :)
     
  19. deback

    deback New Member

    Joined:
    Dec 13, 2006
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    Thanks to the original poster who mentioned this might be an HP PML update problem. Tonight, I updated my HP 8200 Photosmart software. Since then, I've been receiving "access denied" messages when trying to use msconfig and when trying to disable the HPZ12 PML driver when running services.msc (Error 5: Access Denied).

    I found the solution in another forum on how to fix the "access denied" messages and how to disable the hpzipm12.exe program from loading automatically when running services.msc (for those having these problems after updating your HP PML software and not from Zone Alarm).

    Run RegEdit.
    Under /HKLM/System/CurrentControlSet/Services/PML Driver HPZ12, click on Start at the right, and then change the Dword value from 2 (automatic) or 3 (I believe for manual) to 4 (for disabled).

    After I did this, I've received no "access denied" messages when running msconfig and services.msc.

    After spending a couple of hours looking for a fix, I thought I'd come back here and post the solution in hopes it will save time for others.

    Thanks!
     
  20. OP
    OP
    g_goyal2000

    g_goyal2000 Member

    Joined:
    Jul 2, 2004
    Messages:
    681
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    New Delhi
    Well my hard disk just crashed.
    Just lost around 3 years of data including videos, songs, imp. documents, etc.
    Anyway, I'll get my hard disk replaced and will install everything fresh (do I have a choice? :rolleyes: ).
    So deback, I'll try your solution then.
    Till then, sit tight (or whichever way u like). :D
     
    Last edited: Dec 25, 2006
Thread Status:
Not open for further replies.

Share This Page