mjumrani Posted May 2, 2008 Report Share Posted May 2, 2008 my utorrent crashes from time to time, usually once or twice a day. n its totally random. i read the forum but nothin helps.here's the hijackthis log file. please find whats causin this.thnxLogfile of Trend Micro HijackThis v2.0.2Scan saved at 3:46:38 PM, on 5/2/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:E:\WINDOWS\System32\smss.exeE:\WINDOWS\system32\winlogon.exeE:\WINDOWS\system32\services.exeE:\WINDOWS\system32\lsass.exeE:\WINDOWS\system32\svchost.exeE:\Program Files\Windows Defender\MsMpEng.exeE:\WINDOWS\System32\svchost.exeE:\WINDOWS\system32\spoolsv.exeE:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeE:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeE:\Program Files\Onlineeye\gmxffcsrv.exeE:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeE:\Program Files\Network Associates\Common Framework\FrameworkService.exeE:\Program Files\Network Associates\VirusScan\Mcshield.exeE:\Program Files\Network Associates\VirusScan\VsTskMgr.exeE:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeE:\WINDOWS\system32\SVCH0ST.EXEE:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeE:\Program Files\NVIDIA Corporation\nTune\nTuneService.exeE:\WINDOWS\system32\nvsvc32.exeE:\WINDOWS\system32\PnkBstrA.exeE:\WINDOWS\system32\PnkBstrB.exeE:\Program Files\Common Files\Protexis\License Service\PsiService_2.exeE:\WINDOWS\system32\svchost.exeE:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exeE:\Program Files\iPod\bin\iPodService.exeE:\WINDOWS\Explorer.EXEE:\Program Files\DAEMON Tools\daemon.exeE:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exeE:\Program Files\Network Associates\VirusScan\SHSTAT.EXEE:\Program Files\Network Associates\Common Framework\UpdaterUI.exeE:\Program Files\Analog Devices\SoundMAX\Smax4.exeE:\Program Files\Analog Devices\Core\smax4pnp.exeE:\WINDOWS\system32\RunDLL32.exeE:\Program Files\iTunes\iTunesHelper.exeE:\Program Files\Onlineeye\onlineeye.exeE:\Program Files\Java\jre1.6.0_03\bin\jusched.exeE:\WINDOWS\system32\ctfmon.exeE:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeE:\Program Files\DNA\btdna.exeE:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exeE:\Program Files\RivaTuner v2.08\RivaTuner.exeE:\Program Files\Mozilla Firefox\firefox.exeE:\Downloads\HiJackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157F2 - REG:system.ini: UserInit=Userinit.exeO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dllO3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - E:\Program Files\Canon\Easy-WebPrint\Toolband.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [OpwareSE2] "E:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"O4 - HKLM\..\Run: [shStatEXE] "E:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONEO4 - HKLM\..\Run: [McAfeeUpdaterUI] "E:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"O4 - HKLM\..\Run: [soundMAX] "E:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /trayO4 - HKLM\..\Run: [soundMAXPnP] E:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [RivaTunerStartupDaemon] "E:\Program Files\RivaTuner v2.08\RivaTuner.exe" /SO4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [OnlineTime] E:\Program Files\Onlineeye\onlineeye.exeO4 - HKLM\..\Run: [VersionCheck] "E:\Program Files\Onlineeye\vcheck.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [bitTorrent DNA] "E:\Program Files\DNA\btdna.exe"O4 - HKCU\..\Run: [sony Ericsson PC Suite] "E:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologonO4 - HKCU\..\Run: [NVIDIA nTune] "E:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "E:\Documents and Settings\Mohit\Local Settings\Application Data\NVIDIA Corporation\nTune\Profiles\nvsutil.nsu"O4 - HKCU\..\Run: [uTorrent] "E:\Program Files\uTorrent\uTorrent.exe"O4 - HKCU\..\Run: [uIWatcher] E:\Program Files\Ashampoo\Ashampoo UnInstaller 3\UIWatcher.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: RivaTuner.lnk = E:\Program Files\RivaTuner v2.08\RivaTuner.exeO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO8 - Extra context menu item: &Clean Traces - E:\Program Files\DAP\Privacy Package\dapcleanerie.htmO8 - Extra context menu item: &Download with &DAP - E:\Program Files\DAP\dapextie.htmO8 - Extra context menu item: Download &all with DAP - E:\Program Files\DAP\dapextie2.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://E:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.htmlO8 - Extra context menu item: Easy-WebPrint High Speed Print - res://E:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.htmlO8 - Extra context menu item: Easy-WebPrint Preview - res://E:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.htmlO8 - Extra context menu item: Easy-WebPrint Print - res://E:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.htmlO9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cabO16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{2EC485D4-114B-41CD-951A-96A5E1555318}: NameServer = 59.179.243.70,203.94.243.70O17 - HKLM\System\CS2\Services\Tcpip\..\{2EC485D4-114B-41CD-951A-96A5E1555318}: NameServer = 59.179.243.70,203.94.243.70O17 - HKLM\System\CS3\Services\Tcpip\..\{2EC485D4-114B-41CD-951A-96A5E1555318}: NameServer = 59.179.243.70,203.94.243.70O17 - HKLM\System\CS4\Services\Tcpip\..\{2EC485D4-114B-41CD-951A-96A5E1555318}: NameServer = 59.179.243.70,203.94.243.70O17 - HKLM\System\CS5\Services\Tcpip\..\{2EC485D4-114B-41CD-951A-96A5E1555318}: NameServer = 59.179.243.70,203.94.243.70O17 - HKLM\System\CS6\Services\Tcpip\..\{2EC485D4-114B-41CD-951A-96A5E1555318}: NameServer = 59.179.243.70,203.94.243.70O17 - HKLM\System\CS7\Services\Tcpip\..\{2EC485D4-114B-41CD-951A-96A5E1555318}: NameServer = 59.179.243.70,203.94.243.70O17 - HKLM\System\CS8\Services\Tcpip\..\{2EC485D4-114B-41CD-951A-96A5E1555318}: NameServer = 59.179.243.70,203.94.243.70O17 - HKLM\System\CS9\Services\Tcpip\..\{2EC485D4-114B-41CD-951A-96A5E1555318}: NameServer = 59.179.243.70,203.94.243.70O17 - HKLM\System\CS10\Services\Tcpip\..\{2EC485D4-114B-41CD-951A-96A5E1555318}: NameServer = 59.179.243.70,203.94.243.70O17 - HKLM\System\CS11\Services\Tcpip\..\{2EC485D4-114B-41CD-951A-96A5E1555318}: NameServer = 59.179.243.70,203.94.243.70O17 - HKLM\System\CS12\Services\Tcpip\..\{2EC485D4-114B-41CD-951A-96A5E1555318}: NameServer = 59.179.243.70,203.94.243.70O17 - HKLM\System\CS13\Services\Tcpip\..\{2EC485D4-114B-41CD-951A-96A5E1555318}: NameServer = 59.179.243.70,203.94.243.70O17 - HKLM\System\CS14\Services\Tcpip\..\{2EC485D4-114B-41CD-951A-96A5E1555318}: NameServer = 59.179.243.70,203.94.243.70O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - E:\Program Files\Ares\chatServer.exeO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - E:\Program Files\Canon\CAL\CALMAIN.exeO23 - Service: Onlineeye Firewall Service (gmxfwsvc) - GMX - E:\Program Files\Onlineeye\gmxffcsrv.exeO23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exeO23 - Service: IviRegMgr - InterVideo - E:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeO23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - E:\Program Files\Network Associates\Common Framework\FrameworkService.exeO23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - E:\Program Files\Network Associates\VirusScan\Mcshield.exeO23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - E:\Program Files\Network Associates\VirusScan\VsTskMgr.exeO23 - Service: MicrosoftHelp - Unknown owner - E:\WINDOWS\system32\SVCH0ST.EXEO23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Nero\Lib\NMIndexingService.exeO23 - Service: nTune Service (nTuneService) - NVIDIA - E:\Program Files\NVIDIA Corporation\nTune\nTuneService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exeO23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exeO23 - Service: PnkBstrB - Unknown owner - E:\WINDOWS\system32\PnkBstrB.exeO23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - E:\Program Files\Common Files\Protexis\License Service\PsiService_2.exeO23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - E:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exeO23 - Service: VideoAcceleratorService - Unknown owner - E:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe (file missing)O24 - Desktop Component 0: (no name) - E:\Documents and Settings\Mohit\My Documents\hilary-duff-today-21.jpgO24 - Desktop Component 1: (no name) - E:\Documents and Settings\Mohit\My Documents\hilary-duff-today-19.jpgO24 - Desktop Component 2: (no name) - E:\Documents and Settings\Mohit\My Documents\hilary-duff-today-17.jpg--End of file - 13522 bytes Link to comment Share on other sites More sharing options...
jewelisheaven Posted May 2, 2008 Report Share Posted May 2, 2008 You are infected with mal/spy/bad-ware O23 - Service: MicrosoftHelp - Unknown owner - E:\WINDOWS\system32\SVCH0ST.EXE is not legitimate as a service. Run some anti-spyware and rootkit detection...I also have NO CLUE O17 - HKLM\System\CCS\Services\Tcpip\..\{2EC485D4-114B-41CD-951A-96A5E1555318}: NameServer = 59.179.243.70,203.94.243.70 why you have so many current control sets >< Are you sure you weren't DNS hijacked?You would do well to stop/disable Nero Scout (the indexingservice you see). I have also never heard of the online eye firewall.. follow procedures in the troubleshooting sticky to create an injected DLLs list for utorrent.exe to see if it's possibly that. Link to comment Share on other sites More sharing options...
mjumrani Posted May 2, 2008 Author Report Share Posted May 2, 2008 ill run spybot to clean that.online eye is not a firewall, it jus detects the current connection speed in bytes constantly..for the rest please give me proper instructionsn wht too many control sets??? Link to comment Share on other sites More sharing options...
jewelisheaven Posted May 2, 2008 Report Share Posted May 2, 2008 If you start->run->cmd /k ipconfig /all and check your DNS Servers do they match those numbers?For the other logfile procedure http://forum.utorrent.com/viewtopic.php?id=15992 same as where you got the HJT instructions from. Link to comment Share on other sites More sharing options...
mjumrani Posted May 2, 2008 Author Report Share Posted May 2, 2008 ive done wht u asked. if it crashes again i will let u kno.thnx Link to comment Share on other sites More sharing options...
Firon Posted May 2, 2008 Report Share Posted May 2, 2008 Spybot probably isn't good enough. You'll likely need an antivirus app. Link to comment Share on other sites More sharing options...
mjumrani Posted May 2, 2008 Author Report Share Posted May 2, 2008 any suggestion? i have mcafee virus scan (not firewall) Link to comment Share on other sites More sharing options...
Firon Posted May 2, 2008 Report Share Posted May 2, 2008 Something good.You know, AVG or NOD32. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.