5aces Posted March 10, 2008 Report Share Posted March 10, 2008 AMD4800X2 // MarvellYukon88E8053 PCI-E Gigabit Ethernet(latest driver)D-Link DI604 Router H/W Ver.:E1(latest firmware)Motorola SB5100 Surfboard modem.http://www.mediafire.com/?nm2nvkjymny (hijackthis.txt[Trend])Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:12:20 PM, on 09/03/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Creative\Shared Files\CTAudSvc.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\Program Files\iolo\common\lib\ioloServiceManager.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeG:\PROGS1\Spy Sweeper\SpySweeper.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Webroot\Washer\WasherSvc.exeC:\WINDOWS\System32\alg.exeC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - G:\PROGS1\FLV Downloader\FLV Downloader\MoyeaCth.dllO3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exeO4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htmlO8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htmO8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htmO8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htmO8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlO8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlO9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlO9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlO9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlO9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dllO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197821904171O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cabO16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cabO16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cabO16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{2D22DFA8-F72C-44FD-A343-A12E1ED4C608}: NameServer = 192.168.0.1,4.2.2.3O17 - HKLM\System\CS1\Services\Tcpip\..\{2D22DFA8-F72C-44FD-A343-A12E1ED4C608}: NameServer = 192.168.0.1,4.2.2.3O17 - HKLM\System\CS2\Services\Tcpip\..\{2D22DFA8-F72C-44FD-A343-A12E1ED4C608}: NameServer = 192.168.0.1,4.2.2.3O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeO23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exeO23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeO23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exeO23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exeO23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - G:\PROGS1\Spy Sweeper\SpySweeper.exeO23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe--End of file - 9104 byteshttp://www.mediafire.com/?tzrfdxxmm5i (uTorrent.txt[sysinternals])Process PID CPU Description Company NameSystem Idle Process 0 98.46 Interrupts n/a Hardware Interrupts DPCs n/a 0.77 Deferred Procedure Calls System 4 smss.exe 820 Windows NT Session Manager Microsoft Corporation csrss.exe 964 Client Server Runtime Process Microsoft Corporation winlogon.exe 1036 Windows NT Logon Application Microsoft Corporation services.exe 1228 Services and Controller app Microsoft Corporation svchost.exe 1400 Generic Host Process for Win32 Services Microsoft Corporation WLLoginProxy.exe 3512 WLLoginProxy.exe Microsoft Corporation svchost.exe 1480 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1592 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1712 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1748 Generic Host Process for Win32 Services Microsoft Corporation spoolsv.exe 1932 Spooler SubSystem App Microsoft Corporation CTAudSvc.exe 1984 Creative Audio Service Creative Technology Ltd schedul2.exe 548 Acronis Scheduler 2 Acronis DkService.exe 576 Diskeeper Service Diskeeper Corporation ioloServiceManager.exe 616 LSSrvc.exe 880 LightScribe Service Hewlett-Packard Company nvsvc32.exe 1004 NVIDIA Driver Helper Service, Version 169.21 NVIDIA Corporation svchost.exe 1148 Generic Host Process for Win32 Services Microsoft Corporation SpySweeper.exe 1552 Spy Sweeper Engine Webroot Software, Inc. WasherSvc.exe 900 Window Washer Engine Webroot Software, Inc. alg.exe 2344 Application Layer Gateway Service Microsoft Corporation lsass.exe 1240 LSA Shell (Export Version) Microsoft Corporationexplorer.exe 1560 Windows Explorer Microsoft Corporation uTorrent.exe 4028 BITZIPPER.EXE 3832 BitZipper - File compression tool Bitberry Software procexp.exe 3064 0.77 Sysinternals Process Explorer Sysinternals - www.sysinternals.comiexplore.exe 2784 Internet Explorer Microsoft CorporationProcess: uTorrent.exe Pid: 4028Name Description Company Name VersionACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation 5.01.2600.2180adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.01.2600.2180ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.2180appHelp.dll Application Compatibility Client Library Microsoft Corporation 5.01.2600.2180APTRRNTl.dll TRSDK wave sound driver, link part High Criteria inc. 3.03.0000.0001APTRRNTm.dll TRSDK wave sound driver, main part High Criteria inc. 3.03.0000.0001ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0000CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0308COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2982comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.2900.2180COMRes.dll Microsoft Corporation 2001.12.4414.0258ctype.nls DNSAPI.dll DNS Client API DLL Microsoft Corporation 5.01.2600.2938GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.3159hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.01.2600.2180iavlsp.dll ieframe.dll Internet Explorer Microsoft Corporation 7.00.6000.16608iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 7.00.6000.16608IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.2180ioloHL.dll 2.05.0007.0010Iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.2912kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.3119locale.nls MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.01.2600.2180msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.01.2600.2180msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.2180mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.01.2600.2180NETAPI32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.2976ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.2180NTMARTA.DLL Windows NT MARTA provider Microsoft Corporation 5.01.2600.2180ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.2726oleaut32.dll Microsoft Corporation 5.01.2600.3266PSAPI.DLL Process Status Helper Microsoft Corporation 5.01.2600.2180rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.2938RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.3173rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.2180SAMLIB.dll SAM Library DLL Microsoft Corporation 5.01.2600.2180SASSEH.DLL ShellExecuteHook SuperAdBlocker.com 1.00.0000.1008Secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.2180SETUPAPI.dll Windows Setup API Microsoft Corporation 5.01.2600.2180SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.3241SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.3231sortkey.nls sorttbls.nls unicode.nls urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 7.00.6000.16608USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.3099uTorrent.exe uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.2180VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180winmm.dll MCI API DLL Microsoft Corporation 5.01.2600.2180winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 5.01.2600.2180WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.2180WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.2180wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.2180Followed all recommendations.Fixed I.P.Proper port forward.(test port O.K.)Disabled UPnp/Gamer settings in router and UTorrent.Working fine for over a year.Just started acting up past couple of days.Please advise,I miss uTorrent!Thank You. Link to comment Share on other sites More sharing options...
Ultima Posted March 10, 2008 Report Share Posted March 10, 2008 A note for next time... you can simply paste the contents of the text files here instead of uploading them to Mediafire.iavlsp.dll <-- a System Mechanic component, which has been known to cause problems with µTorrent. Can you try uninstalling the software to see if the problem persists?SpySweeper.exe <-- also previously reported to cause some problems with µTorrent... If uninstalling System Mechanic doesn't help, try uninstalling this too Link to comment Share on other sites More sharing options...
5aces Posted March 10, 2008 Author Report Share Posted March 10, 2008 First-"complete" uninstall of Iolo SM&Authentium Anti-Virus.uTorrent not responding.Second-"complete"uninstall of Webroot SpySweeper.Connect to "private" tracker site-DHT Status "not allowed" Tracker Status"offline"Network Connection "yellow"(Tracker Site is up and running in the green)Combed over the registry to do "full" deletes of all conflicting traces.Please advise,many thanks. Link to comment Share on other sites More sharing options...
Firon Posted March 10, 2008 Report Share Posted March 10, 2008 Can you post another HijackThis log? Link to comment Share on other sites More sharing options...
5aces Posted March 10, 2008 Author Report Share Posted March 10, 2008 Scan saved at 1:28:08 AM, on 10/03/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Creative\Shared Files\CTAudSvc.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Webroot\Washer\WasherSvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Windows Media Player\wmplayer.exec:\program files\internet explorer\iexplore.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exeC:\Program Files\DFX\WMP\Apps\dfxgApp.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - G:\PROGS1\FLV Downloader\FLV Downloader\MoyeaCth.dllO3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exeO4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "90MPH"O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htmlO8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htmO8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htmO8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htmO8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlO8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlO9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlO9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlO9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlO9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dllO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197821904171O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cabO16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cabO16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cabO16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{2D22DFA8-F72C-44FD-A343-A12E1ED4C608}: NameServer = 192.168.0.1,4.2.2.3O17 - HKLM\System\CS1\Services\Tcpip\..\{2D22DFA8-F72C-44FD-A343-A12E1ED4C608}: NameServer = 192.168.0.1,4.2.2.3O17 - HKLM\System\CS2\Services\Tcpip\..\{2D22DFA8-F72C-44FD-A343-A12E1ED4C608}: NameServer = 192.168.0.1,4.2.2.3O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeO23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exeO23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - (no file)O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - (no file)O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exeO23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe--End of file - 8682 bytesListening to WMP with DFX for Windows at the moment.Tough to remove those two conflicting programs.Sunday evening wind down.Nightshift help gets respect.Much obliged...(heh,I see those dang Iolo clingons,I'll kill them off now,there were over a thousand registry items to deal with) Link to comment Share on other sites More sharing options...
Firon Posted March 10, 2008 Report Share Posted March 10, 2008 Try removing Webroot Washer... Link to comment Share on other sites More sharing options...
5aces Posted March 10, 2008 Author Report Share Posted March 10, 2008 Removed all the Webroot.Iolo has been slayed.Three for one.Removed uTorrent(saved settings;getting lazy)Reinstalled UT.12 reboots at least.All Red.Network next?Red Swoosh--->uTorrent?Much Obliged,take it easy! Link to comment Share on other sites More sharing options...
jewelisheaven Posted March 10, 2008 Report Share Posted March 10, 2008 Did you get rid of the superadblocker DLL too? Link to comment Share on other sites More sharing options...
5aces Posted March 10, 2008 Author Report Share Posted March 10, 2008 Allright,SAS is removed,uninstalled uTorrent,log off/on,reinstall UT.Same.What's next reformat?Talk to ya'll tomorrow.Byeo... Link to comment Share on other sites More sharing options...
jewelisheaven Posted March 10, 2008 Report Share Posted March 10, 2008 I didn't even see O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll but yeah, i remember it causing trouble before. You haven't actually described HOW it freezes, or WHEN it freezes. Does it freeze the whole GUI? Does it freeze after you start it up and bring up the window? Does it always freeze after running 4 hours? Does it freeze @ 3am every day?APTRRNTm.dll TRSDK wave sound driver, main part High Criteria inc. 3.03.0000.0001 <-- what and why are replay radio dlls injected into uT? Link to comment Share on other sites More sharing options...
5aces Posted March 10, 2008 Author Report Share Posted March 10, 2008 Utorrent becomes non responsive(after a clean install)when setting the preferences, add new or incomplete torrents with the window up or if I get that far, shortly after it is minimized to tray.Torrents never connect to any tracker and the program must be closed off with TaskManager/processes.I have Applian Replay A/V and Replay Radio installed.All these programs played together nicely in the sandbox,until I began to ferret out sed.exeLook2me,mchinjdrv.sys and other malware drive by entries in the past few days.Testing with OpenOffice.org,bottom bar shows no connectivity(no colored icon at all) but Test Port comes back green and O.K.Every other program on this PC is working.Perplexed.Thanks.*EDIT*Iolo o23,when removed with Hijackthis improved the situation.Iavlsp.dll on the other hand was a very tough nut to crack.At least six processes were snapped to this .dll.Used Unlocker : http://ccollomb.free.fr/unlocker/ to kill the processes(mostly svchosts),then went to Windows/System32 to delete the .dll, quickly emptying the Recyle bin or it would pop back.After that,I had no Internet access.Fortunately,LSP-Fix: http://cexx.org/lspfix.htm was in my files to repair the Winsock 2 settings.uTorrent is now fully functional,the torment has ceased and another PC is steadfastedly working away.Question remains:Which Anti-Virus and SpyWare programs will not upset the uTorrent karma? Much Obliged... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.