Jump to content

All of the sudden


Recommended Posts

I don't know what happened, all of the sudden all the ports I tried seem to be blocked, yesterday I was able to download at 170kbps now it never goes above 30kbps. (Note: upload speed never changed.)

The green indicator turned to yellow, that is why I tested the ports, always with an "error!" response.

I've read the other posts about common procedures and all that stuff, I tried everything with no results at all.

Also now I cannot even surf the web if utorrent is active because, even when it says that is downloading at 20kbps, is like if it were using my entire brandwith.

I haven't installed anything new or changed the program's properties. My firewall is Karspersy and I have allowed al TCP and UDP connections for utorrent; I even stopped the firewall to see if that was the problem. I have no router and the dhcp of my cablemodem is disabled

So I haven't changed anything, there is no ruoter, the firewall is not blocking it, my ISP is not blocking it and I have followed the isntructions of the other posts (over and over again).

I have really no clue about what happend

please any help would be appreciated

Link to comment
Share on other sites

Traffic shaping enforces lower bandwidth period. If your uT settings do not accommodate for that your speed will be just as impacted with the limited speeds as you would be if your speed were what you pay for and you try to overload uT's speed settings for that limit.

(I.e. You have an xx/384 connection and set your upload to 45 or higher.... If you're being shaped by the ISP to xx/128 for going over some AUP/FUP quota that means your upload NEEDS to be below 14 at least, for uT to not try and go over your enforced speed)

Link to comment
Share on other sites

I tried lowering my speed setting for utorrent but the internet is still slow, I even tried with the dialup settings.

and about my ISP it does not cripple anything, the connection is always at the same speed wile downloading something, is surfing what doensn't work (ie: I start downloading something from the web, then I open uT, the download speed never goes down for the file mentioned, it only affects the surfing experience and of course the torrents speed)

So I still don't know what's going on, and I have no idea how to repair this :(

anyway thank you for the replies

Link to comment
Share on other sites

If your ISP has put you on a limited plan enforcing a shaping profile, you must lower all your settings in uT. If things go all good and work at your limited speed without uT running (i.e. testing via HTTP or FTP downloads) and then it chokes up with uT running, it is possible the sole fact it can detect bittorrent traffic causes this as Switeck says. That's what the disabling and lowering connection settings hopefully takes care of. If it's caused by bandwidth, then lowering the limits within uT should help more.

Have you noticed the status and icon change at all to green throughout the last two days? If all else fails, you can ask the ISP directly if you have exceeded some bandwidth allocation and are being shaped.

Link to comment
Share on other sites

ok I going to say this again...

My ISP doesn'y block or cripple any traffic, they cannot detect bittorrent traffic, they do nothing else but limiting the brandwith during certain hours of the day, but that only slows me down about 20%, nothing to really worry about. They have some limit in the amount of info that can be transferred, but is unreachable for a normal user (i.e. they start crippling only if you exeed the 50GB or so per month, but for me it is impossible to even reach the 10GB)

I have downloaded a lot more in the past and never changed, I asked if they've made some changes to their policies or whatever, but no, everything is just as it ever were.

resuming: as far as I know my ISP has nothing to do with it. Of course I have no ways of confirming this 100%, because I cannot guarantee that the info they gave me is real, or maybe the personal of the ISP support service doesn't even know about those kind of things

Link to comment
Share on other sites

I even tried with the dialup settings.

"the dialup settings" sounds like "Dial-up (56k)" or "Dial-up (28k)" to me.

Because of the lack of any real lead, I guess I'll ask for a process list just to attempt to weed out any potential problems...

a) get HijackThis from trendsecure.com, run it, view the log, and post the contents here

B) get Process Explorer from sysinternals.com, run it, Ctrl+D (to show the lower DLL pane), select the µTorrent process from the list, Ctrl+S (and save the list somewhere you'll find easily -- like the Desktop), then post the contents of the saved process list in the .txt file here

Also, regarding Kaspersky, disabling it or turning it off won't rid your computer of its influence. Try uninstalling it (temporarily) to make sure it's definitely not the problem here (again, weeding out possibilities).

Link to comment
Share on other sites

ok Ultima here is what you asked for (2 very long lists)


Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 05:50:25 p.m., on 13/04/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:










C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe




C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE


C:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe




C:\Archivos de programa\Java\jre1.6.0_05\bin\jusched.exe

C:\Archivos de programa\Lexmark X1100 Series\lxbkbmgr.exe



C:\Archivos de programa\Lexmark X1100 Series\lxbkbmon.exe

C:\Archivos de programa\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe


C:\Archivos de programa\ATI Technologies\ATI.ACE\Core-Static\ccc.exe


C:\Archivos de programa\Mozilla Firefox\firefox.exe

C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe

C:\Archivos de programa\Windows Live\Messenger\usnsvc.exe

C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {8071E65A-3F56-4426-8372-8667CD213057} - (no file)

O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Archivos de programa\Free Download Manager\iefdmcks.dll

O2 - BHO: (no name) - {E8FBBC14-69C7-4231-8A22-AB1E63CAFBB4} - (no file)

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Archivos de programa\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [WService] WService.EXE

O4 - HKLM\..\Run: [startCCC] "C:\Archivos de programa\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"


O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AVP] "C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Archivos de programa\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARCHIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICIO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm451YYMX

O8 - Extra context menu item: Add to Anti-Banner - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Archivos de programa\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Archivos de programa\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Archivos de programa\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15-3.cab

O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab

O20 - AppInit_DLLs: wbsys.dll,c:\archiv~1\kasper~1\kasper~1.0\adialhk.dll

O20 - Winlogon Notify: ÈÐ - ÈÐ (file missing)

O20 - Winlogon Notify: ÈØ - ÈØ (file missing)

O20 - Winlogon Notify: @èø - @èø (file missing)

O20 - Winlogon Notify: fsp_lmwl - C:\WINDOWS\

O20 - Winlogon Notify: geeba - C:\WINDOWS\

O20 - Winlogon Notify: h - h (file missing)

O20 - Winlogon Notify: h - h (file missing)

O20 - Winlogon Notify: Hø - Hø (file missing)

O20 - Winlogon Notify: instcat - instcat.dll (file missing)

O20 - Winlogon Notify: Pø - Pø (file missing)

O20 - Winlogon Notify: rqrsppq - C:\WINDOWS\

O20 - Winlogon Notify: X - X (file missing)

O20 - Winlogon Notify: x 0 - x 0 (file missing)

O20 - Winlogon Notify: ` - ` (file missing)

O20 - Winlogon Notify: HX - HX (file missing)

O20 - Winlogon Notify: ¨P` - ¨P` (file missing)

O20 - Winlogon Notify: ¸`p - ¸`p (file missing)

O20 - Winlogon Notify: àˆ˜ - àˆ˜ (file missing)

O20 - Winlogon Notify: 𘨠- 𘨠(file missing)

O20 - Winlogon Notify: ø ° - ø ° (file missing)

O20 - Winlogon Notify: ؀ - ؀ (file missing)

O20 - Winlogon Notify: ˜@P - ˜@P (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NBService - Nero AG - C:\Archivos de programa\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe


End of file - 10738 bytes

Process Explorer

Process: uTorrent.exe Pid: 2156

Name Description Company Name Version

ACTIVEDS.dll DLL de nivel de enrutado para AD Microsoft Corporation 5.01.2600.2180

adialhk.dll kldialhk Kaspersky Lab 7.00.0001.0325

adsldpc.dll DLL de proveedor LDAP de AD Microsoft Corporation 5.01.2600.2180

ADVAPI32.dll API base de Windows 32 avanzado Microsoft Corporation 5.01.2600.2180

apphelp.dll Application Compatibility Client Library Microsoft Corporation 5.01.2600.2180

ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0000

CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0308

COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2982

comdlg32.dll DLL de diálogos comunes Microsoft Corporation 6.00.2900.2180

COMRes.dll Microsoft Corporation 2001.12.4414.0258


DNSAPI.dll DNS Client API DLL Microsoft Corporation 5.01.2600.3316

dnsq.dll DNSQ Kaspersky Lab 7.00.0001.0325

fssync.dll FSSYNC.DLL Kaspersky Lab 7.00.0005.0325

GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.3316

hnetcfg.dll Administrador de configuración de redes domésticas Microsoft Corporation 5.01.2600.2180

IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.2180

Iphlpapi.dll API auxiliar para IP Microsoft Corporation 5.01.2600.2912

kernel32.dll DLL de cliente API BASE de Windows NT Microsoft Corporation 5.01.2600.3119


LPK.DLL Language Pack Microsoft Corporation 5.01.2600.2180

miscr3.dll Kaspersky Anti-Virus Ring 3 Hooker Helper Kaspersky Lab 7.00.0001.0325

MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.01.2600.2180

MSCTF.dll DLL del servidor MSCTF Microsoft Corporation 5.01.2600.2180

msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.01.2600.2180

msimg32.dll GDIEXT Client DLL Microsoft Corporation 5.01.2600.2180

MSVCR80.dll Microsoft® C Runtime Library Microsoft Corporation 8.00.50727.1433

msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.2180

mswsock.dll Proveedor de servicios de Microsoft Windows Sockets 2.0 Microsoft Corporation 5.01.2600.2180

NETAPI32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.2976

ntdll.dll DLL de la capa de Windows NT Microsoft Corporation 5.01.2600.2180

ole32.dll Microsoft OLE para Windows Microsoft Corporation 5.01.2600.2726

oleaut32.dll Microsoft Corporation 5.01.2600.3266

rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.2938

RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.3173

rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.2180

SAMLIB.dll SAM Library DLL Microsoft Corporation 5.01.2600.2180

Secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.2180

SETUPAPI.dll API de instalación de Windows Microsoft Corporation 5.01.2600.2180

SHELL32.dll DLL común del shell de Windows Microsoft Corporation 6.00.2900.3241

shfolder.dll Shell Folder Service Microsoft Corporation 6.00.2900.2180

SHLWAPI.dll Biblioteca de utilidades de Shell Microsoft Corporation 6.00.2900.3157




USER32.dll DLL de cliente USER API de Windows XP Microsoft Corporation 5.01.2600.3099

USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.420.2600.2180

uTorrent.exe µTorrent BitTorrent, Inc. 1.08.0000.9363

UXTHEME.DLL Biblioteca UxTheme de Microsoft Microsoft Corporation 6.00.2900.2180

VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180

wbhelp.dll WindowBlinds Helper DLL Stardock.Net, Inc 4.00.0000.0001

wblind.dll WindowBlinds (32 bit XP) Stardock Corporation 6.00.0000.0000

wbsys.dll WindowBlinds Stardock.Net, Inc 5.05.0000.0000

WINMM.dll MCI API DLL Microsoft Corporation 5.01.2600.2180

WLDAP32.dll DLL de API de LDAP Win32 Microsoft Corporation 5.01.2600.2180

WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180

WS2HELP.dll Ayuda de Windows Socket 2.0 para Windows NT Microsoft Corporation 5.01.2600.2180

wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.2180

I'll try uninstalling kaspersky later

Link to comment
Share on other sites

... you were genfected by SOMETHING. Winlogon is rarely used by legitimate programs and to have so many corrupted entries >< I'd see if you can scan with a different anti-rootkit/spyware app to see if something comes up.... and I'd remove these O20 - Winlogon Notify: entries if possible.

The other mentions of those Kaspersky hooking DLLs on this forum don't seem to have identical symptoms :(

Link to comment
Share on other sites

okO20 Winlogon entries removed

full scans and rootkit scans done with ad-aware, panda,kaspersky and avast: some trojans were found (but nothign to worry about)

searched for registry failures using registry mechanic and CCleaner

I uninstalled kasperky

and guess what... none of that worked :(

also Firon, my upload speed is 512kbps and the net.max_halfopen is set to 8

Oh man... I have absolutely no idea of what to do next....I'm gonna cry :(

Link to comment
Share on other sites

oh WindowBlinds is just a skin manager

now to the important thing: I finally discovered the cause

I tought: nothing is wrong with my pc and nothing is wrong with my ISP, but between those two there is this cablemodem, of course it does not block any ports, but I've been doing some research and found about uncapping and all those things, so I realized that someone cloned my MAC adress, adn my connection got crippled. Now I'm making some changes to my modem settings that will render my MAC useless, that is to stop the other guy. I cannot tell about this problem to my ISP because how I'm I supposed to tell that I discovered that, that will get me in trouble too; because those thing are not supposed to be known by jsut anybody.

Anyway I have connection again, I "deleted" the other one, so I can download again and the cloner will get no connection.

Thank you to all you who listened to my problem

thank you for your replies, for your patience, for your help.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...