Jump to content

uTorrent Crashed after some Hours


Jack1984

Recommended Posts

Hi my friends,

i used utorrent at a specific PC just for download.

but my problem is that crash every some hours .

thanks alot for your help.

i collect all data that i think necessary for this problem :

Minidump Files :

http://www.mediafire.com/?sharekey=3f4a4bb31851654791b20cc0d07ba4d233b7913953b1d785

Process Explorer all and for utorrent:

Process PID CPU Description Company Name

System Idle Process 0 97.69

Interrupts n/a 0.77 Hardware Interrupts

DPCs n/a Deferred Procedure Calls

System 4

smss.exe 1308 Windows NT Session Manager Microsoft Corporation

csrss.exe 1356 Client Server Runtime Process Microsoft Corporation

winlogon.exe 1384 Windows NT Logon Application Microsoft Corporation

services.exe 1428 Services and Controller app Microsoft Corporation

ati2evxx.exe 1624 ATI External Event Utility EXE Module ATI Technologies Inc.

svchost.exe 1640 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1736 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 2040 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 380 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 520 Generic Host Process for Win32 Services Microsoft Corporation

spoolsv.exe 828 Spooler SubSystem App Microsoft Corporation

NBService.exe 376 Nero BackItUp Nero AG

IoctlSvc.exe 956 PLFlash DeviceIoControl Service Prolific Technology Inc.

PRTG Traffic Grapher.exe 1012 PRTG Traffic Grapher Paessler GmbH

prtgwatchdog.exe 212

snmp.exe 796 SNMP Service Microsoft Corporation

winvnc4.exe 1032 VNC Server Enterprise Edition for Win32 RealVNC Ltd.

WasherSvc.exe 1272 Window Washer Engine Webroot Software, Inc.

alg.exe 3336 Application Layer Gateway Service Microsoft Corporation

lsass.exe 1448 LSA Shell (Export Version) Microsoft Corporation

ati2evxx.exe 712 ATI External Event Utility EXE Module ATI Technologies Inc.

explorer.exe 1140 Windows Explorer Microsoft Corporation

GBMAgent.exe 632 Genie Backup Agent Genie-soft

flashget.exe 1524 FlashGet FlashGet.com

ctfmon.exe 1704 CTF Loader Microsoft Corporation

uTorrent.exe 1780 0.77 µTorrent BitTorrent, Inc.

robotaskbaricon.exe 1848 RoboForm TaskBar Icon Siber Systems

BWMeter.exe 228 0.77 BWMeter Application DeskSoft

WinRAR.exe 680

procexp.exe 3700 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

Process: uTorrent.exe Pid: 1780

Name Description Company Name Version

ACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation 5.01.2600.5512

adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.01.2600.5512

ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.5512

appHelp.dll Application Compatibility Client Library Microsoft Corporation 5.01.2600.5512

ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0001

ATL80.DLL ATL Module for Windows (Unicode) Microsoft Corporation 8.00.50727.0762

CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0700

COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.5512

comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.2900.5512

COMRes.dll Microsoft Corporation 2001.12.4414.0700

credui.dll Credential Manager User Interface Microsoft Corporation 5.01.2600.5512

CRYPT32.dll Crypto API32 Microsoft Corporation 5.131.2600.5512

ctype.nls

DnsApi.dll DNS Client API DLL Microsoft Corporation 5.01.2600.5512

dot3api.dll 802.3 Autoconfiguration API Microsoft Corporation 5.01.2600.5512

dot3dlg.dll 802.3 UI Helper Microsoft Corporation 5.01.2600.5512

eappcfg.dll Eap Peer Config Microsoft Corporation 5.01.2600.5512

eappprxy.dll Microsoft EAPHost Peer Client DLL Microsoft Corporation 5.01.2600.5512

fgmgr.dll Flashget BHO Manager www.flashget.com 1.08.0004.1007

GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.5512

GrooveNew.DLL GrooveNew Module Microsoft Corporation 12.00.6211.1000

GrooveShellExtensions.dll GrooveShellExtensions Module Microsoft Corporation 12.00.6211.1000

GrooveSystemServices.dll GrooveSystemServices Module Microsoft Corporation 12.00.6211.1000

GrooveUtil.DLL GrooveUtil Module Microsoft Corporation 12.00.6211.1000

hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.01.2600.5512

iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 7.00.6000.16640

IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.5512

Iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.5512

kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.5512

locale.nls

LPK.DLL Language Pack Microsoft Corporation 5.01.2600.5512

MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.01.2600.5512

MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.5512

MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.01.2600.5512

msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.01.2600.5512

MSImg32.dll GDIEXT Client DLL Microsoft Corporation 5.01.2600.5512

MSVCP60.dll Microsoft ® C++ Runtime Library Microsoft Corporation 6.02.3104.0000

MSVCR80.dll Microsoft® C Runtime Library Microsoft Corporation 8.00.50727.0762

msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.5512

mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.01.2600.5512

msxml3.dll MSXML 3.0 SP9 Microsoft Corporation 8.90.1101.0000

msxml3r.dll XML Resources Microsoft Corporation 8.20.8730.0001

netapi32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.5512

NETSHELL.dll Network Connections Shell Microsoft Corporation 5.01.2600.5512

Normaliz.dll Unicode Normalization DLL Microsoft Corporation 6.00.5441.0000

ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.5512

ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.5512

oleaut32.dll Microsoft Corporation 5.01.2600.5512

OneX.DLL IEEE 802.1X supplicant library Microsoft Corporation 5.01.2600.5512

rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.5512

RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.5512

rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.01.2600.5507

rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.5512

SAMLIB.dll SAM Library DLL Microsoft Corporation 5.01.2600.5512

Secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.5512

SETUPAPI.dll Windows Setup API Microsoft Corporation 5.01.2600.5512

SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.5512

shfolder.dll Shell Folder Service Microsoft Corporation 6.00.2900.5512

SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.5512

sortkey.nls

sorttbls.nls

unicode.nls

urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 7.00.6000.16640

USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.5512

USERENV.dll Userenv Microsoft Corporation 5.01.2600.5512

USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.420.2600.5512

uTorrent.exe µTorrent BitTorrent, Inc. 1.08.0001.12616

uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.5512

VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.5512

WININET.dll Internet Extensions for Win32 Microsoft Corporation 7.00.6000.16640

WINSTA.dll Winstation Library Microsoft Corporation 5.01.2600.5512

WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.5512

WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.5512

WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.5512

wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.5512

WTSAPI32.dll Windows Terminal Server SDK APIs Microsoft Corporation 5.01.2600.5512

xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.01.2600.5512

HiJack This 2.0.2 :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:52:25 AM, on 12/18/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Genie-Soft\GBMAgent.exe

C:\Program Files\FlashGet\flashget.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\Program Files\BWMeter\BWMeter.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe

C:\Program Files\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe

C:\WINDOWS\System32\snmp.exe

C:\Program Files\RealVNC\WinVNC4.exe

C:\Program Files\Washer\WasherSvc.exe

\192.168.2.104\f\T\HijackThis 2.0.2\Setup.exe

C:\DOCUME~1\Down\LOCALS~1\Temp\RarSFX0\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O4 - HKLM\..\Run: [GBMPro8Agent] C:\Program Files\Genie-Soft\GBMAgent.exe

O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [GBMPro8Agent] C:\Program Files\Genie-Soft\GBMAgent.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: BWMeter.lnk = C:\Program Files\BWMeter\BWMeter.exe

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{5F4FE6B7-534D-4A46-B8F3-ED894CAE70A3}: NameServer = 4.2.2.4,77.237.83.25

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: PRTG Service (PRTGService) - Paessler GmbH - C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe

O23 - Service: PRTG Watchdog (prtgwatchservice) - Unknown owner - C:\Program Files\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC4.exe

O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Washer\WasherSvc.exe

--

End of file - 8387 bytes

Link to comment
Share on other sites

fgmgr.dll Flashget BHO Manager www.flashget.com 1.08.0004.1007

Hmmm, not very good to see this FlashGet injected in uT.

Can you try to uninstall FlashGet and see if uT is continuing to crash.

In addition i see Nero Scout media indexer but strange if that's the source of crashing, it's a current source of "error access" anyway.

Are you running wireless / ethernet ?

Link to comment
Share on other sites

Hello... I have more or less the same issue.

I'm running 1.8.1 on Vista Ultimate x64 on an AMD Phenom 9850.. I had no issues with the version until recently after building my new pc, I was unsatisfied with all the junk in my OS, so I formatted and started clean. Now uTorrent crashes every 30 minutes.. It happily downloads and uploads in up till it falls over.

The Dump files are located here : http://www.mediafire.com/?sharekey=e5e756e934ae45cb91b20cc0d07ba4d289720e9e148665af

Process Explorer :

Process PID CPU Description Company Name

System Idle Process 0 13.19

Interrupts n/a 0.39 Hardware Interrupts

DPCs n/a 0.39 Deferred Procedure Calls

System 4 0.39

smss.exe 432 Windows Session Manager Microsoft Corporation

csrss.exe 500 Client Server Runtime Process Microsoft Corporation

csrss.exe 556 Client Server Runtime Process Microsoft Corporation

wininit.exe 564 Windows Start-Up Application Microsoft Corporation

services.exe 604 Services and Controller app Microsoft Corporation

svchost.exe 772 Host Process for Windows Services Microsoft Corporation

NMIndexStoreSvr.exe 3684 Nero Home Nero AG

MPAPI3s.exe 3388 Mobile Phone API Nokia Corporation

WmiPrvSE.exe 4732 WMI Provider Host Microsoft Corporation

nvvsvc.exe 820 NVIDIA Driver Helper Service, Version 178.13 NVIDIA Corporation

rundll32.exe 1456 Windows host process (Rundll32) Microsoft Corporation

svchost.exe 848 Host Process for Windows Services Microsoft Corporation

svchost.exe 984 Host Process for Windows Services Microsoft Corporation

audiodg.exe 452 Windows Audio Device Graph Isolation Microsoft Corporation

svchost.exe 1016 Host Process for Windows Services Microsoft Corporation

dwm.exe 1668 0.39 Desktop Window Manager Microsoft Corporation

WUDFHost.exe 2904 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation

svchost.exe 216 Host Process for Windows Services Microsoft Corporation

taskeng.exe 1680 Task Scheduler Engine Microsoft Corporation

taskeng.exe 336 Task Scheduler Engine Microsoft Corporation

wuauclt.exe 5772 Windows Update Automatic Updates Microsoft Corporation

svchost.exe 460 Host Process for Windows Services Microsoft Corporation

SLsvc.exe 488 Microsoft Software Licensing Service Microsoft Corporation

svchost.exe 828 Host Process for Windows Services Microsoft Corporation

svchost.exe 1108 Host Process for Windows Services Microsoft Corporation

spoolsv.exe 1372 Spooler SubSystem App Microsoft Corporation

CCSVCHST.EXE 1428 Symantec Service Framework Symantec Corporation

svchost.exe 2004 Host Process for Windows Services Microsoft Corporation

mDNSResponder.exe 2372 Bonjour Service Apple Computer, Inc.

CTAudSvc.exe 2468 Creative Audio Service Creative Technology Ltd

nTuneService.exe 2504 NVIDIA Access Manager NVIDIA

PnkBstrA.exe 2692

svchost.exe 2704 Host Process for Windows Services Microsoft Corporation

svchost.exe 2720 Host Process for Windows Services Microsoft Corporation

UpdateCenterService.exe 2768 NVIDIA Update Center Service NVIDIA

svchost.exe 2812 Host Process for Windows Services Microsoft Corporation

SearchIndexer.exe 2840 Microsoft Windows Search Indexer Microsoft Corporation

nSvcAppFlt.exe 3028 app_filter Module

nSvcIp.exe 2632 NVIDIA Corporation

NMIndexingService.exe 3304 Nero Home Nero AG

ServiceLayer.exe 1816 ServiceLayer Module Nokia.

NclUSBSrv64.exe 3268 NclUSBSrv Application

NclRSSrv.exe 888 NclRSSrv Application

AluSchedulerSvc.exe 4968 Automatic LiveUpdate Scheduler Service Symantec Corporation

symlcsvc.exe 2672

boinc.exe 3212 BOINC client Space Sciences Laboratory

astropulse_5.00_windows_intelx86.exe 2800 23.28

hadcm3trans_6.04_windows_intelx86.exe 3424

hadcm3trans_um_6.04_windows_intelx86.exe 4484 23.28

milkyway_0.7_windows_intelx86.exe 6124 25.22

aisystem_1.08_windows_intelx86.exe 6036 12.42

lsass.exe 616 Local Security Authority Process Microsoft Corporation

lsm.exe 628 Local Session Manager Service Microsoft Corporation

winlogon.exe 936 Windows Logon Application Microsoft Corporation

explorer.exe 1784 Windows Explorer Microsoft Corporation

rundll32.exe 3048 Windows host process (Rundll32) Microsoft Corporation

GoogleUpdate.exe 2304 Google Installer Google Inc.

NMBgMonitor.exe 2832 Nero Home Nero AG

CurseClient.exe 704 0.39

PcSync2.exe 1224 PC Sync Time Information Services Ltd.

PCSuite.exe 1288 Nokia Launch Application Nokia

daemon.exe 3020 DAEMON Tools Lite DT Soft Ltd

Xfire.exe 844 Xfire Xfire Inc.

xfire64.exe 2384

xfire64.exe 3300

boincmgr.exe 1568 BOINC Manager for Windows Space Sciences Laboratory

explorer.exe 6056 Windows Explorer Microsoft Corporation

vlc.exe 5264 VLC media player the VideoLAN Team

WinRAR.exe 4736

procexp.exe 5316 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

procexp64.exe 5448 0.78 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

chrome.exe 5444 Google Chrome Google Inc.

chrome.exe 328 Google Chrome Google Inc.

chrome.exe 2572 Google Chrome Google Inc.

chrome.exe 5492 0.78 Google Chrome Google Inc.

chrome.exe 3652 Google Chrome Google Inc.

rundll32.exe 548 Windows host process (Rundll32) Microsoft Corporation

DualCore.exe 3912 DualCore MFC Application

GreenPowerCenter.exe 4772 GreenPowerCenter MFC Application

CCSVCHST.EXE 4136 Symantec Service Framework Symantec Corporation

winampa.exe 4144

boinctray.exe 4184 BOINC System Tray for Windows Space Sciences Laboratory

jusched.exe 4200 Java Platform SE binary Sun Microsystems, Inc.

splwow64.exe 4368 Thunking Spooler APIS from 32 to 64 Process Microsoft Corporation

HijackThis.exe 3544 HijackThis Trend Micro Inc.

---------------------------

HijackThis Dump :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:35:19, on 18/12/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Users\PsyBeats\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe

C:\Program Files (x86)\Curse\CurseClient.exe

C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PcSync2.exe

C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe

C:\Program Files (x86)\Xfire\Xfire.exe

C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\Users\PsyBeats\AppData\Local\MSI\DualCoreCenterSideBar\DualCore.exe

C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files (x86)\Winamp\winampa.exe

C:\Program Files (x86)\BOINC\boinctray.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Users\PsyBeats\AppData\Local\MSI\DualCoreCenterSideBar\Green Power Center\GreenPowerCenter.exe

C:\Program Files (x86)\BOINC\boincmgr.exe

C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

C:\Users\PsyBeats\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\PsyBeats\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\PsyBeats\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\PsyBeats\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\PsyBeats\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe

O1 - Hosts: ::1 localhost

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

O4 - HKLM\..\Run: [sPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry

O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [boinctray] "C:\Program Files (x86)\BOINC\boinctray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [Google Update] "C:\Users\PsyBeats\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [CurseClient] C:\Program Files (x86)\Curse\CurseClient.exe -silent

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-1900530714-1456842180-148505419-1002\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'boinc_master')

O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe

O4 - Global Startup: DualCoreCenterSideBar.lnk = C:\Users\PsyBeats\AppData\Local\MSI\DualCoreCenterSideBar\StartDualCoreNow.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O13 - Gopher Prefix:

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futuremark.com/virtualmark/tc/FMSI.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: BOINC - Space Sciences Laboratory - C:\Program Files (x86)\BOINC\boinc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

O23 - Service: Icecast-trunk Streaming Media Server (Icecast-trunk) - Unknown owner - C:\Program Files (x86)\Icecast2 Win32\icecastService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 11902 bytes

--------------------------

Any ideas??

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...