sim21 Posted January 13, 2008 Report Share Posted January 13, 2008 Hi - I am using utorrent 1.7.5, it is using a lot of Virtual memory - it uses 33040k memory and 1,671,360K VM, way higher than any other program i run and slows everything else down. I am running a CA firewall but have added utorrent to the exceptions.I have run a process explorer:Process PID CPU Description Company NameSystem Idle Process 0 Interrupts n/a Hardware Interrupts DPCs n/a Deferred Procedure Calls System 4 smss.exe 380 Windows NT Session Manager Microsoft Corporation csrss.exe 696 Client Server Runtime Process Microsoft Corporation winlogon.exe 860 Windows NT Logon Application Microsoft Corporation services.exe 996 1.52 Services and Controller app Microsoft Corporation svchost.exe 1580 Generic Host Process for Win32 Services Microsoft Corporation mdmcls32.exe 2224 mdmcls32.exe mdmcls32.exe 304 mdmcls32.exe msmsgs.exe 1212 Windows Messenger Microsoft Corporation WLLoginProxy.exe 2932 WLLoginProxy.exe Microsoft Corporation CAGlobal.exe 1872 CallingID Ltd. CAGlobalLight.exe 3508 CallingID Ltd. svchost.exe 1776 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 412 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 704 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1140 Generic Host Process for Win32 Services Microsoft Corporation spoolsv.exe 1812 Spooler SubSystem App Microsoft Corporation UmxCfg.exe 1952 HIPS Configuration Engine CA UmxFwHlp.exe 1968 HIPS Firewall Helper Service CA UmxPol.exe 300 HIPS Policy Manager Service CA UmxAgent.exe 464 HIPS Event Manager CA capfsem.exe 2160 CA Personal Firewall Application CA, Inc. AppleMobileDeviceService.exe 1168 Apple Mobile Device Service Apple, Inc. isafe.exe 1272 CA ISafe Service Computer Associates International, Inc. ITMRTSVC.exe 1448 eTrust PestPatrol Real-time service CA, Inc. svchost.exe 596 Generic Host Process for Win32 Services Microsoft Corporation vetmsg.exe 1308 CA Anti-Virus Realtime Messaging Service CA, Inc. svcprs32.exe 1444 svcprs32.exe alg.exe 460 Application Layer Gateway Service Microsoft Corporation ccprovsp.exe 1080 CCProvSP CA, Inc. ppctlpriv.exe 1344 CA Anti-Spyware Elevation service CA, Inc. iPodService.exe 3852 iPodService Module Apple Inc. lsass.exe 1056 LSA Shell (Export Version) Microsoft Corporationexplorer.exe 2212 Windows Explorer Microsoft Corporation SOUNDMAN.EXE 2820 Realtek Sound Manager Realtek Semiconductor Corp. iTunesHelper.exe 2944 iTunesHelper Module Apple Inc. cctray.exe 3156 CA Common Tray CA, Inc. cappactiveprotection.exe 4028 CAPPActiveProtection Application CA, Inc. cfgmng32.exe 3276 cfgmng32.exe capfasem.exe 3388 92.42 CA Personal Firewall capfasem Module CA, Inc. QOELoader.exe 3680 QOELoader Application CA cavrid.exe 3760 CA Anti-Virus Realtime Infection Report CA, Inc. apdproxy.exe 3868 Adobe Photoshop Album Starter Edition 3.2 component Adobe Systems Incorporated prevxcsi.exe 4064 Prevx Computer Security Investigator Prevx ctfmon.exe 872 CTF Loader Microsoft Corporation GoogleToolbarNotifier.exe 1112 GoogleToolbarNotifier Google Inc. msnmsgr.exe 1832 Messenger Microsoft Corporation NMBgMonitor.exe 2104 Nero Home Nero AG msimn.exe 3132 Outlook Express Microsoft Corporation QOEApp.exe 264 QOEApp Application CA IEXPLORE.EXE 2912 Internet Explorer Microsoft Corporation procexp.exe 3084 4.55 Sysinternals Process Explorer Sysinternals utorrent.exe 3952 1.52 Process: utorrent.exe Pid: 3952Name Description Company Name VersionACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation 5.01.2600.2180adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.01.2600.2180ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.2180appHelp.dll Application Compatibility Client Library Microsoft Corporation 5.01.2600.2180ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0000browseui.dll Shell Browser UI Library Microsoft Corporation 6.00.2900.3231CIDLinkAdvisor.dll CallingID Ltd. 1.01.0000.0064CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0308COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2982comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.2900.2180COMRes.dll Microsoft Corporation 2001.12.4414.0258CRYPT32.dll Crypto API32 Microsoft Corporation 5.131.2600.2180CRYPTUI.dll Microsoft Trust UI Provider Microsoft Corporation 5.131.2600.2180CSCDLL.dll Offline Network Agent Microsoft Corporation 5.01.2600.2180cscui.dll Client Side Caching UI Microsoft Corporation 5.01.2600.2180ctype.nls DNSAPI.dll DNS Client API DLL Microsoft Corporation 5.01.2600.2938GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.3159hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.01.2600.2180IMAGEHLP.dll Windows NT Image Helper Microsoft Corporation 5.01.2600.2180index.dat index.dat index.dat Iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.2912ISafeIf.dll CA ISafe Interface DLL Computer Associates International, Inc. 8.00.0008.0000kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.3119LINKINFO.dll Windows Volume Tracking Microsoft Corporation 5.01.2600.2751locale.nls MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.01.2600.2180MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.2180MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.01.2600.2180msi.dll Windows Installer Microsoft Corporation 3.01.4000.4039MSVCP60.dll Microsoft ® C++ Runtime Library Microsoft Corporation 6.02.3104.0000msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.2180mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.01.2600.2180NETAPI32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.2976ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.2180ntshrui.dll Shell extensions for sharing Microsoft Corporation 5.01.2600.2180ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.2726OLEACC.dll Active Accessibility Core Component Microsoft Corporation 4.02.5406.0000oleaccrc.dll Active Accessibility Resource DLL Microsoft Corporation 4.02.5406.0000OLEAUT32.dll Microsoft Corporation 5.01.2600.3139QOEHook.dll QOEHook Dynamic Link Library CA 6.00.0001.0028rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.2938rnapxs.dat RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.3173rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.2180SAMLIB.dll SAM Library DLL Microsoft Corporation 5.01.2600.2180Secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.2180SETUPAPI.dll Windows Setup API Microsoft Corporation 5.01.2600.2180shdocvw.dll Shell Doc Object and Control Library Microsoft Corporation 6.00.2900.3231SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.3241SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.3231sortkey.nls sorttbls.nls SXS.DLL Fusion 2.5 Microsoft Corporation 5.01.2600.3019unicode.nls USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.3099USERENV.dll Userenv Microsoft Corporation 5.01.2600.2180utorrent.exe uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.2180VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180VetRedir.dll CA ISafe LSP DLL Computer Associates International, Inc. 8.00.0008.0000WININET.dll Internet Extensions for Win32 Microsoft Corporation 6.00.2900.3231winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 5.01.2600.2180winsflt.dll winsflt.dll 5.00.0038.0000WINTRUST.dll Microsoft Trust Verification APIs Microsoft Corporation 5.131.2600.2180WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.2180WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.2180wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.2180xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.01.2600.2180and a Hijack this:Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exeC:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exeC:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exeC:\WINDOWS\system32\svcprs32.exeC:\WINDOWS\Explorer.EXEC:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exeC:\WINDOWS\cfgmng32.exeC:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.28\QOELoader.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exeC:\Program Files\PrevxCSI\prevxcsi.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\Program Files\CA\CA Internet Security Suite\ccprovsp.exeC:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exeC:\WINDOWS\system32\mdmcls32.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CAGlobal.exeC:\Program Files\utorrent\utorrent.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exeC:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CAGlobal.exeC:\Program Files\Outlook Express\msimn.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.28\qoeapp.exeC:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Light\CAGlobalLight.exeC:\WINDOWS\system32\taskmgr.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dllO2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dllO3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dllO3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"O4 - HKLM\..\Run: [dvHighMem] C:\WINDOWS\cfgmng32.exeO4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -clO4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exeO4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.28\QOELoader.exe"O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [PrevxCSI] "C:\Program Files\PrevxCSI\prevxcsi.exe" -bootO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.htmlO8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.htmlO8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.htmlO8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.htmlO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cabO16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/Downloads/AXELPlayerAX_Win32.cabO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exeO23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exeO23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exeO23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exeO23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exeO23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exeO23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exeO23 - Service: WinSock Svchost Manager (WinSvchostManager) - Unknown owner - C:\WINDOWS\system32\svcprs32.exe--End of file - 9410 bytesCan anyone help as to what I can change to fix this. Thankyou Link to comment Share on other sites More sharing options...
jewelisheaven Posted January 13, 2008 Report Share Posted January 13, 2008 bad firewall / av ? CIDLinkAdvisor.dll CallingID Ltd. 1.01.0000.0064ISafeIf.dll CA ISafe Interface DLL Computer Associates International, Inc. 8.00.0008.0000QOEHook.dll QOEHook Dynamic Link Library CA 6.00.0001.0028rnapxs.dat VetRedir.dll CA ISafe LSP DLL Computer Associates International, Inc. 8.00.0008.0000winsflt.dll winsflt.dll 5.00.0038.0000Generally speaking any DLLs outside of \system32 or Microsoft Corp. are seen as possible sources of this problem. If disabling / removing the applications OR FEATURES to which these DLLs belongs eliminates the leak in uT it is confirmed the problem is with the other program not uT.I see prevx A proactive user intent on stamping out mal/ad/crapware you are I see Then I presume you know what O4 - HKLM\..\Run: [dvHighMem] C:\WINDOWS\cfgmng32.exe does and that it's not harmful. In that case you are clean except for th possible incompatibility with your AV suite.Could you try disabling those features so they no longer run injected into uT and see if the problem persists and report back? Link to comment Share on other sites More sharing options...
sim21 Posted January 13, 2008 Author Report Share Posted January 13, 2008 It seems that the longer utorrent is open the more VM it uses - is this normal?I disable the firewall and after a few minute the memory usage dropped from app 16000k down to 6000k(although this is rising again, but the VM remained around 72000k (also rising).I have got prevx and also in my security suite a spyware program which i run regularly. Still with the firewall disable taking up a minute or so just to open a web page.Is this of any help? Link to comment Share on other sites More sharing options...
jewelisheaven Posted January 13, 2008 Report Share Posted January 13, 2008 Separate issues which I will elaborate on below:uT uses Virtual Memory which grows as you use it for more things. I can tell you this much, that uT by itself does NOT use the amount you say when there are no conflicting programs installed/injected: (source URL with my production uT stats = http://forum.utorrent.com/viewtopic.php?pid=289574#p289574 ). Increasing without bound is CERTAINLY a sign of an incompatible/broken program injecting into uT and causing the behaviour.Have you changed your disk cache from the default of 32 MiB usage (helps with a bottlenecked mainbus or harddrive)? I have seen where in ADDITION to the broken program making uT unuseable it also b0rkes multi-cpu computers. Do you ahve a P4 with HT? Or a multi(dual/quad) core CPU? If setting the affinity of uT to one core fixes the freezing then definitely a program is conflicting. Also uploading a picture of your Speed Guide settings while knowing your speedtest results will help troubleshoot if your connection is being overloaded as well as the program incompatibility issue. Link to comment Share on other sites More sharing options...
Firon Posted January 13, 2008 Report Share Posted January 13, 2008 Uninstall, not disable. Link to comment Share on other sites More sharing options...
sim21 Posted January 13, 2008 Author Report Share Posted January 13, 2008 OK - my computer is an AMD XP 2800+, so its a few years old, The disk cache - I have not touched and dont really know how to, I dont like to touch things unless I know what I am doing - if it will help and you can help me do so I will give it a try.The picure of the speed guide - where do I get that from?? I will do and upload, I know my max upload is 128kb/s and download 512.I can uninstal my firewall - if i do so should i activate the windows xp firewall or should I get another one that is compatible and if so which one??Thanks for your help - as you have probably guessed I am not to technically minded! Link to comment Share on other sites More sharing options...
Firon Posted January 13, 2008 Report Share Posted January 13, 2008 What spyware application is it anyway?Your best bet is to post a HijackThis log.And yes, just re-enable the Windows firewall in the meantime. It may not be Prevx, we're just trying to find out what is. Link to comment Share on other sites More sharing options...
sim21 Posted January 13, 2008 Author Report Share Posted January 13, 2008 The spyware application is part of the whole security suite - CA security suite - by VET, which comprises of antivirus, spyware, firewall and parental controls.I posted a Hijack this log above - done this morning, is that sufficient or do you need another one.? Link to comment Share on other sites More sharing options...
jewelisheaven Posted January 13, 2008 Report Share Posted January 13, 2008 He means post a new one after you've uninstalled that (possibly) problem software. What I would like to see is no injected DLLs in the new Process Explorer log. I'm not sure what Firon is looking for. Link to comment Share on other sites More sharing options...
sim21 Posted January 13, 2008 Author Report Share Posted January 13, 2008 Ok - I have uninstalled my firewall and have run a hijack this:Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exeC:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exeC:\WINDOWS\cfgmng32.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.28\QOELoader.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exeC:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exeC:\Program Files\PrevxCSI\prevxcsi.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exeC:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exeC:\WINDOWS\system32\svcprs32.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exeC:\Program Files\CA\CA Internet Security Suite\ccprovsp.exeC:\WINDOWS\system32\mdmcls32.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\MSN Messenger\usnsvc.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exeC:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CAGlobal.exeC:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Light\CAGlobalLight.exeC:\Program Files\Outlook Express\msimn.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.28\qoeapp.exeC:\Program Files\utorrent\utorrent.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dllO2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dllO3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dllO3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"O4 - HKLM\..\Run: [dvHighMem] C:\WINDOWS\cfgmng32.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.28\QOELoader.exe"O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [PrevxCSI] "C:\Program Files\PrevxCSI\prevxcsi.exe" -bootO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.htmlO8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.htmlO8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.htmlO8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.htmlO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cabO16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/Downloads/AXELPlayerAX_Win32.cabO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exeO23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exeO23 - Service: HIPS Event Manager (UmxAgent) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (file missing)O23 - Service: HIPS Configuration Interpreter (UmxCfg) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe (file missing)O23 - Service: HIPS Firewall Helper (UmxFwHlp) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (file missing)O23 - Service: HIPS Policy Manager (UmxPol) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe (file missing)O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exeO23 - Service: WinSock Svchost Manager (WinSvchostManager) - Unknown owner - C:\WINDOWS\system32\svcprs32.exe--End of file - 8764 bytesand a process explorer log:Process PID CPU Description Company NameSystem Idle Process 0 26.15 Interrupts n/a Hardware Interrupts DPCs n/a 1.54 Deferred Procedure Calls System 4 smss.exe 272 Windows NT Session Manager Microsoft Corporation csrss.exe 592 Client Server Runtime Process Microsoft Corporation winlogon.exe 752 Windows NT Logon Application Microsoft Corporation services.exe 880 Services and Controller app Microsoft Corporation svchost.exe 1452 Generic Host Process for Win32 Services Microsoft Corporation mdmcls32.exe 2536 1.54 mdmcls32.exe mdmcls32.exe 2228 mdmcls32.exe WLLoginProxy.exe 3124 WLLoginProxy.exe Microsoft Corporation CAGlobal.exe 4084 CallingID Ltd. CAGlobalLight.exe 3824 CallingID Ltd. msmsgs.exe 3240 Windows Messenger Microsoft Corporation svchost.exe 1640 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1984 Generic Host Process for Win32 Services Microsoft Corporation wuauclt.exe 2200 Windows Update Automatic Updates Microsoft Corporation svchost.exe 472 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 920 Generic Host Process for Win32 Services Microsoft Corporation spoolsv.exe 1708 Spooler SubSystem App Microsoft Corporation AppleMobileDeviceService.exe 1276 Apple Mobile Device Service Apple, Inc. isafe.exe 1472 CA ISafe Service Computer Associates International, Inc. ITMRTSVC.exe 1788 eTrust PestPatrol Real-time service CA, Inc. svchost.exe 1152 Generic Host Process for Win32 Services Microsoft Corporation vetmsg.exe 1872 CA Anti-Virus Realtime Messaging Service CA, Inc. svcprs32.exe 680 svcprs32.exe ppctlpriv.exe 2472 CA Anti-Spyware Elevation service CA, Inc. alg.exe 2884 Application Layer Gateway Service Microsoft Corporation ccprovsp.exe 3244 CCProvSP CA, Inc. iPodService.exe 3828 iPodService Module Apple Inc. usnsvc.exe 3336 Messenger Sharing USN Journal Reader Service Microsoft Corporation lsass.exe 940 LSA Shell (Export Version) Microsoft Corporation taskmgr.exe 1104 Windows TaskManager Microsoft Corporationexplorer.exe 404 Windows Explorer Microsoft Corporation SOUNDMAN.EXE 2044 Realtek Sound Manager Realtek Semiconductor Corp. iTunesHelper.exe 1000 iTunesHelper Module Apple Inc. cctray.exe 1168 CA Common Tray CA, Inc. cappactiveprotection.exe 1564 CAPPActiveProtection Application CA, Inc. ccupdate.exe 3468 CCUpdate CA, Inc. cfgmng32.exe 1420 cfgmng32.exe QOELoader.exe 800 QOELoader Application CA cavrid.exe 984 CA Anti-Virus Realtime Infection Report CA, Inc. apdproxy.exe 1056 Adobe Photoshop Album Starter Edition 3.2 component Adobe Systems Incorporated prevxcsi.exe 1148 Prevx Computer Security Investigator Prevx ctfmon.exe 1020 CTF Loader Microsoft Corporation GoogleToolbarNotifier.exe 1412 GoogleToolbarNotifier Google Inc. msnmsgr.exe 1836 Messenger Microsoft Corporation NMBgMonitor.exe 1976 Nero Home Nero AG IEXPLORE.EXE 4020 Internet Explorer Microsoft Corporation msimn.exe 3480 Outlook Express Microsoft Corporation QOEApp.exe 2356 QOEApp Application CA utorrent.exe 3696 69.23 procexp.exe 1216 1.54 Sysinternals Process Explorer SysinternalsProcess: utorrent.exe Pid: 3696Name Description Company Name VersionADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.2180CIDLinkAdvisor.dll CallingID Ltd. 1.01.0000.0064CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0308COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2982comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.2900.2180COMRes.dll Microsoft Corporation 2001.12.4414.0258CRYPT32.dll Crypto API32 Microsoft Corporation 5.131.2600.2180ctype.nls DNSAPI.dll DNS Client API DLL Microsoft Corporation 5.01.2600.2938GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.3159hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.01.2600.2180ISafeIf.dll CA ISafe Interface DLL Computer Associates International, Inc. 8.00.0008.0000kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.3119locale.nls MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.2180MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.01.2600.2180msi.dll Windows Installer Microsoft Corporation 3.01.4000.4039MSVCP60.dll Microsoft ® C++ Runtime Library Microsoft Corporation 6.02.3104.0000msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.2180mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.01.2600.2180ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.2180ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.2726OLEACC.dll Active Accessibility Core Component Microsoft Corporation 4.02.5406.0000oleaccrc.dll Active Accessibility Resource DLL Microsoft Corporation 4.02.5406.0000OLEAUT32.dll Microsoft Corporation 5.01.2600.3139QOEHook.dll QOEHook Dynamic Link Library CA 6.00.0001.0028rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.2938rnapxs.dat RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.3173Secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.2180SETUPAPI.dll Windows Setup API Microsoft Corporation 5.01.2600.2180SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.3241SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.3231sortkey.nls sorttbls.nls SXS.DLL Fusion 2.5 Microsoft Corporation 5.01.2600.3019unicode.nls USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.3099utorrent.exe uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.2180VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180VetRedir.dll CA ISafe LSP DLL Computer Associates International, Inc. 8.00.0008.0000WININET.dll Internet Extensions for Win32 Microsoft Corporation 6.00.2900.3231winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 5.01.2600.2180winsflt.dll winsflt.dll 5.00.0038.0000WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.2180WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.2180wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.2180xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.01.2600.2180Thanks for your help. Link to comment Share on other sites More sharing options...
jewelisheaven Posted January 13, 2008 Report Share Posted January 13, 2008 You didn't remove any of them...CIDLinkAdvisor.dll CallingID Ltd. 1.01.0000.0064ISafeIf.dll CA ISafe Interface DLL Computer Associates International, Inc. 8.00.0008.0000QOEHook.dll QOEHook Dynamic Link Library CA 6.00.0001.0028VetRedir.dll CA ISafe LSP DLL Computer Associates International, Inc. 8.00.0008.0000winsflt.dll winsflt.dll 5.00.0038.0000Are you sure you pasted the NEW log and not the old one? Link to comment Share on other sites More sharing options...
sim21 Posted January 13, 2008 Author Report Share Posted January 13, 2008 I definetly unistalled the firewall - but I left the antivirus and the spyware.I pasted the new logs but have just re-run them again:Hihack this:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:22:06 PM, on 13/01/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exeC:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exeC:\WINDOWS\cfgmng32.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.28\QOELoader.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exeC:\Program Files\PrevxCSI\prevxcsi.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exeC:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exeC:\WINDOWS\system32\svcprs32.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exeC:\Program Files\CA\CA Internet Security Suite\ccprovsp.exeC:\WINDOWS\system32\mdmcls32.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\MSN Messenger\usnsvc.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exeC:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CAGlobal.exeC:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Light\CAGlobalLight.exeC:\Program Files\Outlook Express\msimn.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.28\qoeapp.exeC:\Program Files\utorrent\utorrent.exeC:\WINDOWS\system32\taskmgr.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dllO2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dllO3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dllO3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"O4 - HKLM\..\Run: [dvHighMem] C:\WINDOWS\cfgmng32.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.28\QOELoader.exe"O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [PrevxCSI] "C:\Program Files\PrevxCSI\prevxcsi.exe" -bootO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.htmlO8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.htmlO8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.htmlO8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.htmlO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cabO16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/Downloads/AXELPlayerAX_Win32.cabO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exeO23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exeO23 - Service: HIPS Event Manager (UmxAgent) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (file missing)O23 - Service: HIPS Configuration Interpreter (UmxCfg) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe (file missing)O23 - Service: HIPS Firewall Helper (UmxFwHlp) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (file missing)O23 - Service: HIPS Policy Manager (UmxPol) - Unknown owner - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe (file missing)O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exeO23 - Service: WinSock Svchost Manager (WinSvchostManager) - Unknown owner - C:\WINDOWS\system32\svcprs32.exe--End of file - 8708 bytesprocess explorer:Process PID CPU Description Company NameSystem Idle Process 0 69.70 Interrupts n/a Hardware Interrupts DPCs n/a Deferred Procedure Calls System 4 1.52 smss.exe 272 Windows NT Session Manager Microsoft Corporation csrss.exe 592 Client Server Runtime Process Microsoft Corporation winlogon.exe 752 Windows NT Logon Application Microsoft Corporation services.exe 880 4.55 Services and Controller app Microsoft Corporation svchost.exe 1452 Generic Host Process for Win32 Services Microsoft Corporation mdmcls32.exe 2536 mdmcls32.exe mdmcls32.exe 2228 mdmcls32.exe WLLoginProxy.exe 3124 WLLoginProxy.exe Microsoft Corporation CAGlobal.exe 4084 CallingID Ltd. CAGlobalLight.exe 3824 CallingID Ltd. msmsgs.exe 3240 Windows Messenger Microsoft Corporation svchost.exe 1640 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1984 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 472 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 920 Generic Host Process for Win32 Services Microsoft Corporation spoolsv.exe 1708 Spooler SubSystem App Microsoft Corporation AppleMobileDeviceService.exe 1276 Apple Mobile Device Service Apple, Inc. isafe.exe 1472 CA ISafe Service Computer Associates International, Inc. ITMRTSVC.exe 1788 1.52 eTrust PestPatrol Real-time service CA, Inc. svchost.exe 1152 4.55 Generic Host Process for Win32 Services Microsoft Corporation vetmsg.exe 1872 CA Anti-Virus Realtime Messaging Service CA, Inc. svcprs32.exe 680 svcprs32.exe ppctlpriv.exe 2472 CA Anti-Spyware Elevation service CA, Inc. alg.exe 2884 Application Layer Gateway Service Microsoft Corporation ccprovsp.exe 3244 CCProvSP CA, Inc. iPodService.exe 3828 iPodService Module Apple Inc. usnsvc.exe 3336 Messenger Sharing USN Journal Reader Service Microsoft Corporation lsass.exe 940 1.52 LSA Shell (Export Version) Microsoft Corporation taskmgr.exe 1104 Windows TaskManager Microsoft Corporationexplorer.exe 404 Windows Explorer Microsoft Corporation SOUNDMAN.EXE 2044 Realtek Sound Manager Realtek Semiconductor Corp. iTunesHelper.exe 1000 iTunesHelper Module Apple Inc. cctray.exe 1168 CA Common Tray CA, Inc. cappactiveprotection.exe 1564 CAPPActiveProtection Application CA, Inc. cfgmng32.exe 1420 cfgmng32.exe QOELoader.exe 800 QOELoader Application CA cavrid.exe 984 CA Anti-Virus Realtime Infection Report CA, Inc. apdproxy.exe 1056 Adobe Photoshop Album Starter Edition 3.2 component Adobe Systems Incorporated prevxcsi.exe 1148 Prevx Computer Security Investigator Prevx ctfmon.exe 1020 CTF Loader Microsoft Corporation GoogleToolbarNotifier.exe 1412 GoogleToolbarNotifier Google Inc. msnmsgr.exe 1836 Messenger Microsoft Corporation NMBgMonitor.exe 1976 Nero Home Nero AG IEXPLORE.EXE 4020 Internet Explorer Microsoft Corporation msimn.exe 3480 Outlook Express Microsoft Corporation QOEApp.exe 2356 QOEApp Application CA utorrent.exe 3696 3.03 procexp.exe 3704 13.64 Sysinternals Process Explorer SysinternalsProcess: utorrent.exe Pid: 3696Name Description Company Name VersionADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.2180CIDLinkAdvisor.dll CallingID Ltd. 1.01.0000.0064CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0308COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2982comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.2900.2180COMRes.dll Microsoft Corporation 2001.12.4414.0258CRYPT32.dll Crypto API32 Microsoft Corporation 5.131.2600.2180ctype.nls DNSAPI.dll DNS Client API DLL Microsoft Corporation 5.01.2600.2938GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.3159hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.01.2600.2180ISafeIf.dll CA ISafe Interface DLL Computer Associates International, Inc. 8.00.0008.0000kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.3119locale.nls MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.2180MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.01.2600.2180msi.dll Windows Installer Microsoft Corporation 3.01.4000.4039MSVCP60.dll Microsoft ® C++ Runtime Library Microsoft Corporation 6.02.3104.0000msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.2180mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.01.2600.2180ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.2180ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.2726OLEACC.dll Active Accessibility Core Component Microsoft Corporation 4.02.5406.0000oleaccrc.dll Active Accessibility Resource DLL Microsoft Corporation 4.02.5406.0000OLEAUT32.dll Microsoft Corporation 5.01.2600.3139QOEHook.dll QOEHook Dynamic Link Library CA 6.00.0001.0028rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.2938rnapxs.dat RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.3173Secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.2180SETUPAPI.dll Windows Setup API Microsoft Corporation 5.01.2600.2180SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.3241SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.3231sortkey.nls sorttbls.nls SXS.DLL Fusion 2.5 Microsoft Corporation 5.01.2600.3019unicode.nls USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.3099utorrent.exe uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.2180VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180VetRedir.dll CA ISafe LSP DLL Computer Associates International, Inc. 8.00.0008.0000WININET.dll Internet Extensions for Win32 Microsoft Corporation 6.00.2900.3231winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 5.01.2600.2180winsflt.dll winsflt.dll 5.00.0038.0000WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.2180WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.2180wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.2180xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.01.2600.2180memory usage is now 56500 and VM 61700thanks Link to comment Share on other sites More sharing options...
jewelisheaven Posted January 13, 2008 Report Share Posted January 13, 2008 OK, sorry about that, but if you look there through the DLL list the ones I pointed out could be the problem are still there. You will NEED to get them out of the process. The easiest way would be to uninstall the suite (unhooking the DLL or closing uT in the meantime)... if you're sure they are not in the suite, you can start->run->cmd THEN cd / THEN dir/s "name\of\dll"As you see though in the descriptions the DLLs give Isafe is part of your CA Antivirus and QOE is part of your anti-spam (which you should be able to exempt utorrent.exe from) and it is HIGHLY likely the LSP (layered service provider) dll VETRedir is causing your browsing to slow down. Ahha! Winsflt appears to be that parental control you were talking about http://www.castlecops.com/lsp-145.html ...This may seem extreme, but the fact of the matter is uT doesn't crash or do this on its own. If you diagnose this, and let the software provider know about the problem, they may already know about the incompatibility and be able to tell you "an upgrade to XX version patched that problem" or they will say thank you for the incompatibility.ASIDE: Ugh I need to add Software Firewall Configuration to my bookmarks, it definitely covers some of the main ones people use... and / or it should be augmented with all these other ones users post about. Link to comment Share on other sites More sharing options...
sim21 Posted January 14, 2008 Author Report Share Posted January 14, 2008 I contacted Vet. Winsflt is not theirs. They did suggest an upgrade which i have installed and turned off the parental controls, so far an improvement, utorrent only using 8500 VM. will cross my fingers and see how it goes. thanks for your help. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.