OoWeirdoO Posted May 24, 2008 Report Share Posted May 24, 2008 Sometimes, when I try to check up on my uTorrent downloads, it freezes and I have to wait a few minutes before it works... why? http://forum.utorrent.com/viewtopic.php?pid=330851#p330851http://forum.utorrent.com/viewtopic.php?pid=330854#p330854 Link to comment Share on other sites More sharing options...
Ultima Posted May 25, 2008 Report Share Posted May 25, 2008 a) get HijackThis from trendsecure.com, run it, view the log, and post the contents here get Process Explorer from sysinternals.com, run it, Ctrl+D (to show the lower DLL pane), select the µTorrent process from the list, Ctrl+S (and save the list somewhere you'll find easily -- like the Desktop), then post the contents of the saved process list in the .txt file here Link to comment Share on other sites More sharing options...
OoWeirdoO Posted May 25, 2008 Author Report Share Posted May 25, 2008 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:21:45 PM, on 5/24/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0013)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exeC:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXEC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exeC:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exeC:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exeC:\WINDOWS\system32\HPZipm12.exec:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXEC:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\ApvxdWin.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\WebProxy.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Trillian\trillian.exeC:\Program Files\iTunes\iTunes.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exeC:\WINDOWS\system32\SNDVOL32.EXEC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Administrator\Desktop\Conquer 2.0\autopatch.exeC:\Program Files\DNA\btdna.exeC:\Documents and Settings\Administrator\Desktop\Conquer 2.0\Conquer.exeC:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\psimreal.exeC:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX02.531\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://jujumao.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gunbound.ijji.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://bar.baidu.com/sobar/defaultsearch.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://bar.baidu.com/sobar/defaultsearch.htmlR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://jujumao.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ??R3 - URLSearchHook: BdSearchHook Class - {02496EBD-8455-48db-B3C7-5DAC97D9F5A7} - C:\PROGRA~1\baidu\iexp\BDSrHook.dll (file missing)O2 - BHO: (no name) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)O2 - BHO: BdSearch - {02496EBD-8455-48db-B3C7-5DAC97D9F5A7} - C:\PROGRA~1\baidu\iexp\BDSrHook.dll (file missing)O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dllO3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dllO4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheModeO4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ulutil2.dll,SetWriteBackO4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [ptshell] C:\WINDOWS\ptshell.exeO4 - HKLM\..\Run: [tciocp64] C:\WINDOWS\tciocp64.exeO4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" /sO4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenuO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [bgswitch] C:\WINDOWS\system32\bgswitch.exeO4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htmO8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htmO8 - Extra context menu item: Download all links with IDM - C:\Documents and Settings\Administrator\Desktop\IEGetAll.htmO8 - Extra context menu item: Download FLV video content with IDM - C:\Documents and Settings\Administrator\Desktop\IEGetVL.htmO8 - Extra context menu item: Download with IDM - C:\Documents and Settings\Administrator\Desktop\IEExt.htmO9 - Extra button: (no name) - AutorunsDisabled - (no file)O9 - Extra button: ???? - {02496EBD-8455-48db-B3C7-5DAC97D9F5A7} - http://baidu.com/index.php?tn=wzjujumao_dg (file missing)O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java ??? - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exeO9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO11 - Options group: [!IESearch] ??????O15 - Trusted Zone: jujumao.2345.comO15 - Trusted Zone: *.jujumao.cnO15 - Trusted Zone: bt.jujumao.comO15 - Trusted Zone: down.jujumao.comO15 - Trusted Zone: *.jujumao.comO17 - HKLM\System\CCS\Services\Tcpip\..\{EAC2C4EF-CF9D-4552-9B5C-7136043223C6}: NameServer = 192.168.1.1,192.168.1.2O20 - AppInit_DLLs: ghjdtry.dll,dgxsrr.dll,fdght.dll,rgghjj.dll,sefawe.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gjjte.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,hktrre.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,fghshj.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,rdthr.dll,rgfjj.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfgh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,wfhyt.dll,sperls.dll,O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exeO23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exeO23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exeO23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXEO23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exeO23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeO23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe--End of file - 9767 bytesProcess PID CPU Description Company NameSystem Idle Process 0 93.94 Interrupts n/a Hardware Interrupts DPCs n/a Deferred Procedure Calls System 4 smss.exe 1088 Windows NT Session Manager Microsoft Corporation csrss.exe 1152 Client Server Runtime Process Microsoft Corporation winlogon.exe 1192 Windows NT Logon Application Microsoft Corporation services.exe 1236 0.76 Services and Controller app Microsoft Corporation svchost.exe 1452 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1528 Generic Host Process for Win32 Services Microsoft Corporation PAVSRV51.EXE 1640 Enhanced On-Access Anti-Malware Service. Panda Software International AVENGINE.EXE 1684 Enhanced On-Access Anti-Malware Protection. Panda Software International svchost.exe 1836 Generic Host Process for Win32 Services Microsoft Corporation TPSrv.exe 1896 TPSrv Application Panda Software International svchost.exe 224 Generic Host Process for Win32 Services Microsoft Corporation spoolsv.exe 696 Spooler SubSystem App Microsoft Corporation PsCtrlS.exe 216 Panda Software Controler Panda Software International APVXDWIN.EXE 704 ApVxdWin Panda Software International WEBPROXY.EXE 2980 Internet resident proxy Panda Security International PavFnSvr.exe 284 Panda Function Service Panda Software International PavPrSrv.exe 852 Panda Process Protection Service Panda Software HPZipm12.exe 1480 PML Driver HP PSHost.exe 352 Panda Host Service Panda Software International PsImSvc.exe 584 Panda Interface Manager Service Panda Software International StarWindService.exe 1628 StarWind iSCSI Target (Alcohol Edition) Rocket Division Software wdfmgr.exe 1132 Windows User Mode Driver Manager Microsoft Corporation iPodService.exe 1576 iPodService Module Apple Inc. lsass.exe 1248 LSA Shell (Export Version) Microsoft Corporationexplorer.exe 560 0.76 Windows Explorer Microsoft Corporation jusched.exe 3884 Java Platform SE binary Sun Microsystems, Inc. iTunesHelper.exe 2360 iTunesHelper Module Apple Inc. ctfmon.exe 3204 CTF Loader Microsoft Corporation trillian.exe 2392 Trillian Cerulean Studios iTunes.exe 3084 0.76 iTunes Apple Inc. AppleMobileDeviceHelper.exe 3520 AppleMobileDeviceHelper distnoted.exe 2728 distnoted.exe sndvol32.exe 3980 Volume Control Microsoft Corporation firefox.exe 2200 Firefox Mozilla Corporation btdna.exe 2788 DNA BitTorrent, Inc. WinRAR.exe 4940 procexp.exe 1664 Sysinternals Process Explorer Sysinternals - www.sysinternals.com uTorrent.exe 4920 AutoPatch.exe 2932 AutoPatch Tqdigital APP Conquer.exe 5852 3.79 Conquer Online TQ Digital EntertainmentProcess: uTorrent.exe Pid: 4920Name Description Company Name VersionACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation 5.01.2600.2180adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.01.2600.2180ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.2180apphelp.dll Application Compatibility Client Library Microsoft Corporation 5.01.2600.2180ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0000c_936.nls CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0308COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2982comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.2900.2180COMRes.dll Microsoft Corporation 2001.12.4414.0258ctype.nls DNSAPI.dll DNS Client API DLL Microsoft Corporation 5.01.2600.2938GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.3159hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.01.2600.2180icl_cfg.dll Internet Resident Configuration Panda Software International 7.09.0033.0503iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 7.00.5730.0013IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.2180Iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.2912kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.3119locale.nls LPK.DLL Language Pack Microsoft Corporation 5.01.2600.2180mdnsNSP.dll Bonjour Namespace Provider Apple Computer, Inc. 1.00.0003.0001MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.01.2600.2180MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.01.2600.2180msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.01.2600.2180MSVCP71.dll Microsoft?C++ Runtime Library Microsoft Corporation 7.10.3077.0000MSVCR71.dll Microsoft?C Runtime Library Microsoft Corporation 7.10.3052.0004msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.2180mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.01.2600.2180NETAPI32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.2976Normaliz.dll Unicode Normalization DLL Microsoft Corporation 6.00.5441.0000ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.2180ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.2726oleaut32.dll Microsoft Corporation 5.01.2600.3139pavipc.dll PavIpc Dynamic Link Library Panda Software International 8.00.0000.0000pavlsp.dll Internet Resident Layered Service Provider Panda Software International 7.09.0022.0502PAVSHOOK.DLL PavSHook Dynamic Link Library Panda Software International 8.00.0001.0000PavTrc.dll Internet resident forwarding Panda Security International 7.12.0026.0509PSAPI.DLL Process Status Helper Microsoft Corporation 5.01.2600.2180ptshell.dll rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.2938RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.3173rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.01.2600.2161rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.2180SAMLIB.dll SAM Library DLL Microsoft Corporation 5.01.2600.2180SETUPAPI.dll Windows Setup API Microsoft Corporation 5.01.2600.2180SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.3241SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.3231sortkey.nls sorttbls.nls systools.dll SYSTOOLS Panda Software 7.00.0002.0000TpUtil.dll TpUtil Dynamic Link Library Panda Software International 8.00.0001.0000unicode.nls USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.3099USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.420.2600.2180uTorrent.exe UxTheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.2523VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180WININET.dll Internet Extensions for Win32 Microsoft Corporation 7.00.5730.0013winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 5.01.2600.2180WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.2180WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.2180wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.2180WSOCK32.dll Windows Socket 32-Bit DLL Microsoft Corporation 5.01.2600.2180anything wrong?Btw how do i get rid of the jujumao and all the other useless things... it came with windows lol Link to comment Share on other sites More sharing options...
Ultima Posted May 25, 2008 Report Share Posted May 25, 2008 icl_cfg.dll Internet Resident Configuration Panda Software International 7.09.0033.0503mdnsNSP.dll Bonjour Namespace Provider Apple Computer, Inc. 1.00.0003.0001pavipc.dll PavIpc Dynamic Link Library Panda Software International 8.00.0000.0000pavlsp.dll Internet Resident Layered Service Provider Panda Software International 7.09.0022.0502PAVSHOOK.DLL PavSHook Dynamic Link Library Panda Software International 8.00.0001.0000PavTrc.dll Internet resident forwarding Panda Security International 7.12.0026.0509ptshell.dll TpUtil.dll TpUtil Dynamic Link Library Panda Software International 8.00.0001.0000I raise my eyebrow at these hooks.O4 - HKLM\..\Run: [tciocp64] C:\WINDOWS\tciocp64.exeLooks to me like your computer is malware infested. You might want to consider reinstalling Windows entirely. And ditch Panda Security -- it's obviously not doing its job correctly. Link to comment Share on other sites More sharing options...
Firon Posted May 25, 2008 Report Share Posted May 25, 2008 O20 - AppInit_DLLs: ghjdtry.dll,dgxsrr.dll,fdght.dll,rgghjj.dll,sefawe.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gjjte.dll,xgthis too... your system is definitely messed up.I also suggest a full reinstall. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.