Nobility Posted August 20, 2008 Report Share Posted August 20, 2008 I am having the exact same problem in Vista. I uninstalled the Zone Alarm firewall and just using the Windows one for now. Any ideas? Link to comment Share on other sites More sharing options...
Ultima Posted August 20, 2008 Report Share Posted August 20, 2008 a) get HijackThis from trendsecure.com, run it, view the log, and post the contents here get Process Explorer from sysinternals.com, run it, Ctrl+D (to show the lower DLL pane), select the µTorrent process from the list, Ctrl+S (and save the list somewhere you'll find easily -- like the Desktop), then post the contents of the saved process list in the .txt file here Link to comment Share on other sites More sharing options...
Nobility Posted August 20, 2008 Author Report Share Posted August 20, 2008 Here's the Hijack log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:41:14 AM, on 8/20/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Windows\ehome\ehtray.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\PeerGuardian2\pg2.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Taj\Program Files\uTorrent\uTorrent.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Windows\system32\SearchFilterHost.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gametrailers.com/index.phpR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exeO4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exeO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cabO23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exeO23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe--End of file - 3970 bytesProcess Explorer:Process PID CPU Description Company NameSystem Idle Process 0 98.17 Interrupts n/a 0.39 Hardware Interrupts DPCs n/a Deferred Procedure Calls System 4 smss.exe 416 csrss.exe 488 wininit.exe 536 services.exe 580 svchost.exe 748 ehmsas.exe 572 Media Center Media Status Aggregator Service Microsoft Corporation nvvsvc.exe 804 rundll32.exe 1344 svchost.exe 860 svchost.exe 916 svchost.exe 964 audiodg.exe 1132 svchost.exe 1024 dwm.exe 316 Desktop Window Manager Microsoft Corporation svchost.exe 1040 taskeng.exe 364 Task Scheduler Engine Microsoft Corporation taskeng.exe 2184 taskeng.exe 856 CTAudSvc.exe 1188 SLsvc.exe 1224 svchost.exe 1292 svchost.exe 1428 spoolsv.exe 1680 svchost.exe 1704 PnkBstrA.exe 2352 svchost.exe 2408 svchost.exe 2428 svchost.exe 2480 SearchIndexer.exe 2532 SearchProtocolHost.exe 3848 SearchFilterHost.exe 2224 lsass.exe 592 lsm.exe 604 csrss.exe 548 winlogon.exe 816 explorer.exe 448 Windows Explorer Microsoft Corporation ehtray.exe 2028 Media Center Tray Applet Microsoft Corporation pg2.exe 3408 firefox.exe 3592 Firefox Mozilla Corporation uTorrent.exe 3748 0.39 µTorrent BitTorrent, Inc. procexp.exe 1964 Sysinternals Process Explorer Sysinternals - www.sysinternals.comProcess: uTorrent.exe Pid: 3748Name Description Company Name VersionADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 6.00.6001.18000ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0000CLBCatQ.DLL COM+ Configuration Catalog Microsoft Corporation 2001.12.6931.18000COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.10.6001.18000comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.6001.18000dhcpcsvc.DLL DHCP Client Service Microsoft Corporation 6.00.6001.18000dhcpcsvc6.DLL DHCPv6 Client Microsoft Corporation 6.00.6001.18000DNSAPI.dll DNS Client API DLL Microsoft Corporation 6.00.6001.18000FirewallAPI.dll Windows Firewall API Microsoft Corporation 6.00.6001.18000GDI32.dll GDI Client DLL Microsoft Corporation 6.00.6001.18023GPAPI.dll Group Policy Client API Microsoft Corporation 6.00.6001.18000hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 6.00.6001.18000iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 7.00.6001.18000IMM32.DLL Multi-User Windows IMM32 API Client DLL Microsoft Corporation 6.00.6001.18000Iphlpapi.dll IP Helper API Microsoft Corporation 6.00.6001.18000kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 6.00.6001.18000locale.nls locale.nls LPK.DLL Language Pack Microsoft Corporation 6.00.6001.18000MSCTF.dll MSCTF Server DLL Microsoft Corporation 6.00.6001.18000msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.6001.18000mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 6.00.6001.18000msxml3.dll MSXML 3.0 SP10 Microsoft Corporation 8.100.1043.0000msxml3r.dll XML Resources Microsoft Corporation 8.20.8730.0001napinsp.dll E-mail Naming Shim Provider Microsoft Corporation 6.00.6001.18000NETAPI32.dll Net Win32 API DLL Microsoft Corporation 6.00.6001.18000netshell.dll Network Connections Shell Microsoft Corporation 6.00.6001.18000NLAapi.dll Network Location Awareness 2 Microsoft Corporation 6.00.6001.18000npmproxy.dll Network List Manager Proxy Microsoft Corporation 6.00.6000.16386NSI.dll NSI User-mode interface DLL Microsoft Corporation 6.00.6001.18000ntdll.dll NT Layer DLL Microsoft Corporation 6.00.6001.18000ole32.dll Microsoft OLE for Windows Microsoft Corporation 6.00.6001.18000oleaut32.dll Microsoft Corporation 6.00.6001.18000pnrpnsp.dll PNRP Name Space Provider Microsoft Corporation 6.00.6001.18000PSAPI.DLL Process Status Helper Microsoft Corporation 6.00.6000.16386rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 6.00.6000.16386RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 6.00.6001.18051rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 6.00.6001.18000Secur32.dll Security Support Provider Interface Microsoft Corporation 6.00.6001.18000SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.6001.18062shfolder.dll Shell Folder Service Microsoft Corporation 6.00.6000.16386SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.6001.18000slc.dll Software Licensing Client Dll Microsoft Corporation 6.00.6001.18000SSDPAPI.dll SSDP Client API DLL Microsoft Corporation 6.00.6000.16386SXS.DLL Fusion 2.5 Microsoft Corporation 6.00.6001.18000upnp.dll UPnP Control Point API Microsoft Corporation 6.00.6001.18000urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 7.00.6001.18099USER32.dll Multi-User Windows USER API Client DLL Microsoft Corporation 6.00.6001.18000USERENV.dll Userenv Microsoft Corporation 6.00.6001.18000USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.626.6001.18000uTorrent.exe µTorrent BitTorrent, Inc. 1.08.0000.11813uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.6001.18000VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 6.00.6001.18000WINHTTP.dll Windows HTTP Services Microsoft Corporation 6.00.6001.18000WINNSI.DLL Network Store Information RPC interface Microsoft Corporation 6.00.6001.18000winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 6.00.6000.16386WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 6.00.6001.18000WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 6.00.6001.18000wship6.dll Winsock2 Helper DLL (TL/IPv6) Microsoft Corporation 6.00.6001.18000wshtcpip.dll Winsock2 Helper DLL (TL/IPv4) Microsoft Corporation 6.00.6001.18000 Link to comment Share on other sites More sharing options...
Ultima Posted August 20, 2008 Report Share Posted August 20, 2008 O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exeSeems like the ZA uninstall may not have been clean... Link to comment Share on other sites More sharing options...
Nobility Posted August 20, 2008 Author Report Share Posted August 20, 2008 I uninstalled it from program and features but I guess it was just hiding. Uninstalled it through CCleaner and the problem seems to have gone away. Thanks! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.