Jump to content

Freezing (1.8)


Recommended Posts

a) get HijackThis from trendsecure.com, run it, view the log, and post the contents here

B) get Process Explorer from sysinternals.com, run it, Ctrl+D (to show the lower DLL pane), select the µTorrent process from the list, Ctrl+S (and save the list somewhere you'll find easily -- like the Desktop), then post the contents of the saved process list in the .txt file here

Link to comment
Share on other sites

Here's the Hijack log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:41:14 AM, on 8/20/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:






C:\Program Files\PeerGuardian2\pg2.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\Taj\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gametrailers.com/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe


End of file - 3970 bytes

Process Explorer:

Process PID CPU Description Company Name

System Idle Process 0 98.17

Interrupts n/a 0.39 Hardware Interrupts

DPCs n/a Deferred Procedure Calls

System 4

smss.exe 416

csrss.exe 488

wininit.exe 536

services.exe 580

svchost.exe 748

ehmsas.exe 572 Media Center Media Status Aggregator Service Microsoft Corporation

nvvsvc.exe 804

rundll32.exe 1344

svchost.exe 860

svchost.exe 916

svchost.exe 964

audiodg.exe 1132

svchost.exe 1024

dwm.exe 316 Desktop Window Manager Microsoft Corporation

svchost.exe 1040

taskeng.exe 364 Task Scheduler Engine Microsoft Corporation

taskeng.exe 2184

taskeng.exe 856

CTAudSvc.exe 1188

SLsvc.exe 1224

svchost.exe 1292

svchost.exe 1428

spoolsv.exe 1680

svchost.exe 1704

PnkBstrA.exe 2352

svchost.exe 2408

svchost.exe 2428

svchost.exe 2480

SearchIndexer.exe 2532

SearchProtocolHost.exe 3848

SearchFilterHost.exe 2224

lsass.exe 592

lsm.exe 604

csrss.exe 548

winlogon.exe 816

explorer.exe 448 Windows Explorer Microsoft Corporation

ehtray.exe 2028 Media Center Tray Applet Microsoft Corporation

pg2.exe 3408

firefox.exe 3592 Firefox Mozilla Corporation

uTorrent.exe 3748 0.39 µTorrent BitTorrent, Inc.

procexp.exe 1964 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

Process: uTorrent.exe Pid: 3748

Name Description Company Name Version

ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 6.00.6001.18000

ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0000

CLBCatQ.DLL COM+ Configuration Catalog Microsoft Corporation 2001.12.6931.18000

COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.10.6001.18000

comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.6001.18000

dhcpcsvc.DLL DHCP Client Service Microsoft Corporation 6.00.6001.18000

dhcpcsvc6.DLL DHCPv6 Client Microsoft Corporation 6.00.6001.18000

DNSAPI.dll DNS Client API DLL Microsoft Corporation 6.00.6001.18000

FirewallAPI.dll Windows Firewall API Microsoft Corporation 6.00.6001.18000

GDI32.dll GDI Client DLL Microsoft Corporation 6.00.6001.18023

GPAPI.dll Group Policy Client API Microsoft Corporation 6.00.6001.18000

hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 6.00.6001.18000

iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 7.00.6001.18000

IMM32.DLL Multi-User Windows IMM32 API Client DLL Microsoft Corporation 6.00.6001.18000

Iphlpapi.dll IP Helper API Microsoft Corporation 6.00.6001.18000

kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 6.00.6001.18000



LPK.DLL Language Pack Microsoft Corporation 6.00.6001.18000

MSCTF.dll MSCTF Server DLL Microsoft Corporation 6.00.6001.18000

msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.6001.18000

mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 6.00.6001.18000

msxml3.dll MSXML 3.0 SP10 Microsoft Corporation 8.100.1043.0000

msxml3r.dll XML Resources Microsoft Corporation 8.20.8730.0001

napinsp.dll E-mail Naming Shim Provider Microsoft Corporation 6.00.6001.18000

NETAPI32.dll Net Win32 API DLL Microsoft Corporation 6.00.6001.18000

netshell.dll Network Connections Shell Microsoft Corporation 6.00.6001.18000

NLAapi.dll Network Location Awareness 2 Microsoft Corporation 6.00.6001.18000

npmproxy.dll Network List Manager Proxy Microsoft Corporation 6.00.6000.16386

NSI.dll NSI User-mode interface DLL Microsoft Corporation 6.00.6001.18000

ntdll.dll NT Layer DLL Microsoft Corporation 6.00.6001.18000

ole32.dll Microsoft OLE for Windows Microsoft Corporation 6.00.6001.18000

oleaut32.dll Microsoft Corporation 6.00.6001.18000

pnrpnsp.dll PNRP Name Space Provider Microsoft Corporation 6.00.6001.18000

PSAPI.DLL Process Status Helper Microsoft Corporation 6.00.6000.16386

rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 6.00.6000.16386

RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 6.00.6001.18051

rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 6.00.6001.18000

Secur32.dll Security Support Provider Interface Microsoft Corporation 6.00.6001.18000

SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.6001.18062

shfolder.dll Shell Folder Service Microsoft Corporation 6.00.6000.16386

SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.6001.18000

slc.dll Software Licensing Client Dll Microsoft Corporation 6.00.6001.18000

SSDPAPI.dll SSDP Client API DLL Microsoft Corporation 6.00.6000.16386

SXS.DLL Fusion 2.5 Microsoft Corporation 6.00.6001.18000

upnp.dll UPnP Control Point API Microsoft Corporation 6.00.6001.18000

urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 7.00.6001.18099

USER32.dll Multi-User Windows USER API Client DLL Microsoft Corporation 6.00.6001.18000

USERENV.dll Userenv Microsoft Corporation 6.00.6001.18000

USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.626.6001.18000

uTorrent.exe µTorrent BitTorrent, Inc. 1.08.0000.11813

uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.6001.18000

VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 6.00.6001.18000

WINHTTP.dll Windows HTTP Services Microsoft Corporation 6.00.6001.18000

WINNSI.DLL Network Store Information RPC interface Microsoft Corporation 6.00.6001.18000

winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 6.00.6000.16386

WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 6.00.6001.18000

WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 6.00.6001.18000

wship6.dll Winsock2 Helper DLL (TL/IPv6) Microsoft Corporation 6.00.6001.18000

wshtcpip.dll Winsock2 Helper DLL (TL/IPv4) Microsoft Corporation 6.00.6001.18000

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...