Jump to content

"An invalid Argument was supplied" response from every tracker 1.7&8


Recommended Posts

Yes, it does it (within 10 seconds or so of adding it) to the OOO torrent. And I'm not using a firewall. I don't actually run any AV/Firewall software, because they tend to cause lots of crap like this and I (I can't speak for my brother, unfortunately) have only infected my computer once or so within the past 2 years, and it was a minor virus, at that.

I did recently get hit by a rather annoying virus (thanks to my brother), however, I highly doubt there is anything left of it, since I cleaned it out with combofix, and hijack this, and bull guard. It still could have damaged something, but if so, I have no idea how to clean that up, since if it has done some lasting damage, none of my usual programs can pick it up.

My (rather shitty) router isn't the cause either, because despite the massive trouble I have with it's port forwarding, I haven't changed anything recently in there that might have done this, and uTorrent's been working fine for a long time with that router.

Link to comment
Share on other sites

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 03:35 PM, on 2008-06-25

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:










E:\Program Files\UltraMon\UltraMon.exe

E:\Program Files\Winamp\winampa.exe

E:\Program Files\DAEMON Tools\daemon.exe

E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe



E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe



E:\Program Files\Windows Live\Messenger\msnmsgr.exe

E:\Program Files\Windows Live\Messenger\usnsvc.exe

E:\Program Files\iPod\bin\iPodService.exe


E:\Program Files\Last.fm\LastFM.exe

E:\Program Files\Logitech\Video\Editor2.exe

E:\Program Files\Winamp\winamp.exe

E:\Program Files\Internet Explorer\IEXPLORE.EXE

E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

E:\Program Files\uTorrent\uTorrent.exe

E:\Program Files\Mozilla Firefox\firefox.exe

E:\Documents and Settings\Bobbias2.BOBBAS\Desktop\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O1 - Hosts: l2testauthd.lineage2.com

O1 - Hosts: l2authd.lineage2.com

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - E:\Program Files\GetRight\xx2gr.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [ultraMon] "E:\Program Files\UltraMon\UltraMon.exe" /auto

O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [bullGuard] "E:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot

O4 - HKCU\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\CTFMON.EXE

O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bullGuard] "E:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe"

O8 - Extra context menu item: Download with GetRight - E:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - E:\Program Files\GetRight\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.com/v/

O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.com/v/

O16 - DPF: Phlinx by pogo - http://game1.pogo.com/v/

O16 - DPF: PUFLITE - http://www.susanstacey.ca/ColpaControls/Photo/Control/PUFLITE.CAB

O16 - DPF: Swashbucks by pogo - http://game1.pogo.com/v/

O16 - DPF: Thousand Island Solitaire by pogo - http://game1.pogo.com/v/

O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/v/

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192392042953

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192392033671

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://clubgames.pogo.com/online2/pogop/astropop/popcaploader_v6.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3B93D62B-FA6D-4535-B312-DA29DF0B5FE7}: NameServer =,

O17 - HKLM\System\CS2\Services\Tcpip\..\{3B93D62B-FA6D-4535-B312-DA29DF0B5FE7}: NameServer =,

O17 - HKLM\System\CS3\Services\Tcpip\..\{3B93D62B-FA6D-4535-B312-DA29DF0B5FE7}: NameServer =,

O17 - HKLM\System\CS4\Services\Tcpip\..\{3B93D62B-FA6D-4535-B312-DA29DF0B5FE7}: NameServer =,

O17 - HKLM\System\CS5\Services\Tcpip\..\{3B93D62B-FA6D-4535-B312-DA29DF0B5FE7}: NameServer =,

O17 - HKLM\System\CS6\Services\Tcpip\..\{3B93D62B-FA6D-4535-B312-DA29DF0B5FE7}: NameServer =,

O17 - HKLM\System\CS7\Services\Tcpip\..\{3B93D62B-FA6D-4535-B312-DA29DF0B5FE7}: NameServer =,

O21 - SSODL: xvorfwbd - {509BF831-67A9-40DA-B844-410A5F4FDEAF} - E:\WINDOWS\xvorfwbd.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - E:\Program Files\Ares\chatServer.exe

O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe

O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - E:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe

O23 - Service: BGRaSvc - BullGuard - E:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe

O23 - Service: d2cs service (d2cs) - Unknown owner - E:\pvpgn-1.8.2\d2csConsole.exe

O23 - Service: d2dbs service (d2dbs) - Unknown owner - E:\pvpgn-1.8.2\d2dbsConsole.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PvPGN service (pvpgn) - Unknown owner - E:\pvpgn-1.8.2\PvPGNConsole.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - E:\Program Files\WinPcap\rpcapd.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - E:\Program Files\VMware\VMware Workstation\vmware-ufad.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\Program Files\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - E:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - E:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe


End of file - 9564 bytes

I can tell you right now that Remote Packet Capture Protocol v.0 (experimental) (rpcapd) was installed by myself ages ago. The weird DLL is the only thing remaining from the virus infection I had, and as you can see, the DLL itself is missing. (was deleted by combofix.) I just never got around to removing that entry. (I just did, no change.)

Link to comment
Share on other sites

It is only set for a specific port (which isn't the one utorrent is running on). I had it installed before uTorrent did this, so that shouldn't be the issue.

See, this is why I'm pissed, I generally know my way around the computer, but this just seemingly came out of the blue, and I honestly have no damn clue how to deal with it.

Link to comment
Share on other sites

The only entries not marked as being microsoft are:





mdnsNSP.dll (part of the apple bonjour namespace provider)


RTSUltraMonHookRes.dll (both part of a multi-monitor program that hooks the in and places 2 extra buttons by the minimize maximize close buttons)




All of those have no version/company name. Everything else is microsoft. The only odd looking one under microsoft is luna.msstyles (company Microsoft instead of Microsoft Corporation) I don't think I've ever had a theme on this computer so that stands out.

Everything else seems legit.

I also ran the Sophos Anti-Rootkit scan, which came up cleen.

Link to comment
Share on other sites

Does BullGuard do internet packet sniffing? Start uninstalling programs which affect internet traffic.. or maybe since you've got wireshark... start up uT, start wireshark, start OOo torrent, after you get the error in uT stop wireshark... maybe put up the pcap so one of <them> can look at it :P

Really though I don't think it's a big thing to just put out the whole PE logfile... it has less information in it than HJT. AND it relates directly to how uT is interfacing with windows.

Link to comment
Share on other sites

Process PID CPU Description Company Name

System Idle Process 0 87.50

Interrupts n/a Hardware Interrupts

DPCs n/a 1.56 Deferred Procedure Calls

System 4

UltraMon.exe 1824 UltraMon Realtime Soft

winampa.exe 1832

winamp.exe 396 Winamp Nullsoft

daemon.exe 1888 Virtual DAEMON Manager DT Soft Ltd.

ctfmon.exe 884 CTF Loader Microsoft Corporation

explorer.exe 1092 Windows Explorer Microsoft Corporation

msnmsgr.exe 1868 Windows Live Messenger Microsoft Corporation

firefox.exe 4088 Firefox Mozilla Corporation

WinRAR.exe 3636

procexp.exe 692 10.94 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

uTorrent.exe 2148 µTorrent BitTorrent, Inc.

LastFM.exe 2348 Last.fm Last.fm

Process: uTorrent.exe Pid: 2148

Name Description Company Name Version

ACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation 5.01.2600.2180

adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.01.2600.2180

ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.2180

ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0000



CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0308

COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2180

comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.2900.2180

COMRes.dll Microsoft Corporation 2001.12.4414.0258

credui.dll Credential Manager User Interface Microsoft Corporation 5.01.2600.2180


DNSAPI.dll DNS Client API DLL Microsoft Corporation 5.01.2600.2938

GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.3159

hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.01.2600.2180

IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.2180

Iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.2912

kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.3119


LPK.DLL Language Pack Microsoft Corporation 5.01.2600.2180

luna.msstyles luna Theme for Windows Microsoft 1.00.0000.0001

mdnsNSP.dll Bonjour Namespace Provider Apple Computer, Inc. 1.00.0003.0001

MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.01.2600.2180

MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.01.2600.2180

msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.01.2600.2180

MSIMG32.dll GDIEXT Client DLL Microsoft Corporation 5.01.2600.2180

mslbui.dll LangageBar Add In Microsoft Corporation 5.01.2600.2180

MSVCP60.dll Microsoft ® C++ Runtime Library Microsoft Corporation 6.02.3104.0000

msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.2180

mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.01.2600.2180

NETAPI32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.2952

netshell.dll Network Connections Shell Microsoft Corporation 5.01.2600.2180

ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.2180

ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.2726

OLEACC.dll Active Accessibility Core Component Microsoft Corporation 4.02.5406.0000

oleaccrc.dll Active Accessibility Resource DLL Microsoft Corporation 4.02.5406.0000

OLEAUT32.dll Microsoft Corporation 5.01.2600.3139

rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.2938

RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.3173

RTSUltraMonHook.dll Hook DLL for Realtime Soft UltraMon Realtime Soft 2.07.0001.0000

RTSUltraMonHookRes.dll UltraMon Resource DLL Realtime Soft 2.06.0023.0003

rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.2180

SAMLIB.dll SAM Library DLL Microsoft Corporation 5.01.2600.2180

Secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.2180

SETUPAPI.dll Windows Setup API Microsoft Corporation 5.01.2600.2180

SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.3241

shfolder.dll Shell Folder Service Microsoft Corporation 6.00.2900.2180

SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.3199



SPGRMR.DLL SPTIP Grammar DLL Microsoft Corporation 5.01.2600.2180

sptip.dll SAPI5.0/CTF layer DLL Microsoft Corporation 5.01.2600.2180


USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.3099

USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.420.2600.2180

uTorrent.exe µTorrent BitTorrent, Inc. 1.08.0000.10431

uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.2180

VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180

WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.2180

WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180

WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.2180

wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.2180

xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.01.2600.2180


And I haven't touched pcap in forever. I just know i installed it ages ago, lol.

Installed wireshark ( actually manually installed pcap way back then, I forget what tool i wanted to use.). I tried logging it, and got absolutely nothing except MSN messages. I got nothing at all from it when i ran uTorrent.

Link to comment
Share on other sites

You're capturing the wrong port, or something. In order for anything to be shown in uT it has to send out packets. Are you running filtered or wide open?

Yeah Nothing non-ms there... but I don't recognize those sptip.dlls :/ Nothing bad, but still nothing to account for the error. Are you running any proxy settings in uT or IE Preferences?

Link to comment
Share on other sites

ccording to http://www.liutilities.com/products/wintaskspro/processlibrary/sptip/ "sptip.dll is a Microsoft Windows module which add functionality to the Microsoft Windows networking suite."

I was running wide open, no filters. I saw no activity whatsoever until msn started doing it's thing. Not even when the torrent status changed from the default unchecked value of online to "An invalid argument was supplied."

Link to comment
Share on other sites

I've tried Azureus/Vuze and Arctic Torrent. Arctic simply sits at "Connecting..." and Vuze gives me something like "SocketException: Invalid Argument: connect" IIRC.

So yep, all bittorrent is broken on my computer. Since I last posted, I had to fix my computer (it crashed and the hard drive I boot off of ended up with a damaged boot sector) so I've kinda reinstalled windows (only kinda, because I used the recovery console to format the other hard drive, made a partial windows install to get NTLDR installed, and then repaired my main windows installation. Yeah, my computer is a bit of a hackjob).

It's still doing it. And I'm now apparently running SP1 instead of SP2.

This is REALLY beginning to piss me off.

Link to comment
Share on other sites

I try not to reinstall windows unless absolutely necessary, but it's almost getting to that point. I won't format my drive because, well, it's 320 GB of stuff I'd have a hell of a time tracking down again. I'll reinstall the network driver and report back.

Link to comment
Share on other sites

It's not my place to decide how one controls their finances, but... Hard drives are relatively cheap nowadays, so I would consider investing in another hard drive just to back up the data. Afterwards, you can reinstall Windows, and also partition the existing drive in such a way that even if you need to reinstall Windows later, you won't have to wipe out the entire drive -- only the partition that Windows exists on.

It sure saves a lot of headache to have things set up that way (because sometimes, reinstalling Windows is the simplest solution -- especially if a problem is deep-rooted).

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...