Darkstar3330 Posted December 29, 2008 Report Share Posted December 29, 2008 So utorrent was working fine for the longest time, now all of a sudden when i open it it will randomly close without any warning with in a couple of minutes. I have an exception for it in my firewall, i did just get norton's endpoint security but the problem happens even if i have endpoint completely turned off and shut down so i dont think that its the problem, i've done multiple virus searches and found nothing. I have also completly uninstalled (went through the registry and all) and re installed utorrent and the random closings still happen. Any ideas or help will be greatly appreciated, thanks all! Link to comment Share on other sites More sharing options...
moogly Posted December 29, 2008 Report Share Posted December 29, 2008 Hi.Post HJT & PE logs here to look at what is injected in uT.Tutorial: http://forum.utorrent.com/viewtopic.php?id=29748Dont forget to select utorrent.exe and enable DLL mode (ctrl+d) in PE. Link to comment Share on other sites More sharing options...
Darkstar3330 Posted December 29, 2008 Author Report Share Posted December 29, 2008 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:34:29 AM, on 12/29/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exec:\windows\explorer.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\PROGRA~1\PHAROS~1\Core\CTskMstr.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Hp\HP Software Update\HPWuSchd2.exeC:\Program Files\HPQ\Quick Launch Buttons\EabServr.exeC:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeC:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\PeerGuardian2\pg2.exeC:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeC:\Program Files\DAEMON Tools Lite\daemon.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\HPQ\shared\hpqwmi.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exeC:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\Stardock\ObjectDock\ObjectDock.exeC:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXEC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Program Files\uTorrent\uTorrent.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=laptopR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localF2 - REG:system.ini: Shell=c:\windows\explorer.exeF2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exeO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /StartO4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeO4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXEO4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\RunOnce: [Delete_C:\WINDOWS\Downloaded Program Files\ConnectorScriptEngine.exe] command /c del C:\WINDOWS\DOWNLO~1\CONNEC~1.EXEO4 - HKLM\..\RunOnce: [Delete_C:\WINDOWS\Downloaded Program Files\ConnectorBroker.exe] command /c del C:\WINDOWS\DOWNLO~1\CONNEC~3.EXEO4 - HKLM\..\RunOnce: [Delete_C:\WINDOWS\Downloaded Program Files\Connector.dll] command /c del C:\WINDOWS\DOWNLO~1\CONNEC~2.DLLO4 - HKLM\..\RunOnce: [Delete_C:\WINDOWS\DOWNLO~1\CONNEC~2.EXE] command /c del C:\WINDOWS\DOWNLO~1\CONNEC~2.EXEO4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exeO4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeO4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorunO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exeO4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exeO4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO4 - Global Startup: Logitech SetPoint.lnk = ?O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1223431953421O16 - DPF: {D4F3F795-7712-4D92-91DF-AEB055D8AC73} (Invoke Solutions Compatibility Test Control) - http://rms2.invokesolutions.com/events/bin/comptest/4.1.0.34000/MILiveCompTest.ocxO16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://rms2.invokesolutions.com/events/bin/6.2.0.1450/MILive.cabO18 - Protocol: bw+0 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw+0s - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0s - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00s - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10s - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20s - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30s - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40s - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50s - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60s - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70s - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80s - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90s - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0s - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0s - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0s - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0s - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0s - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0s - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllO18 - Protocol: bwg0 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwg0s - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0s - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0s - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0s - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0s - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0s - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0s - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0s - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0s - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0s - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0s - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0s - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0s - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0s - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0s - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0s - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0s - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0s - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0s - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0s - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: offline-8876480 - {D969C3D8-C972-4308-B820-4613911C1404} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Linksys Updater (LinksysUpdater) - Logitech Inc. - (no file)O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exeO23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXEO23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe--End of file - 22650 bytesProcess PID CPU Description Company NameSystem Idle Process 0 95.52 Interrupts n/a Hardware Interrupts DPCs n/a Deferred Procedure Calls System 4 smss.exe 640 Windows NT Session Manager Microsoft Corporation csrss.exe 692 Client Server Runtime Process Microsoft Corporation winlogon.exe 736 Windows NT Logon Application Microsoft Corporation services.exe 788 0.75 Services and Controller app Microsoft Corporation ati2evxx.exe 972 ATI External Event Utility EXE Module ATI Technologies Inc. svchost.exe 988 Generic Host Process for Win32 Services Microsoft Corporation wmiprvse.exe 2544 WMI Microsoft Corporation NMIndexStoreSvr.exe 3620 Nero Home Nero AG svchost.exe 1044 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1104 Generic Host Process for Win32 Services Microsoft Corporation Smc.exe 1180 Symantec CMC Smc Symantec Corporation SmcGui.exe 2108 Symantec CMC SmcGui Symantec Corporation svchost.exe 1308 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1348 Generic Host Process for Win32 Services Microsoft Corporation ccSvcHst.exe 1560 Symantec Service Framework Symantec Corporation spoolsv.exe 236 Spooler SubSystem App Microsoft Corporation AppleMobileDeviceService.exe 336 Apple Mobile Device Service Apple Inc. mDNSResponder.exe 372 Bonjour Service Apple Inc. CTskMstr.exe 1248 Pharos Systems ComTaskMaster Pharos Systems International svchost.exe 1904 Generic Host Process for Win32 Services Microsoft Corporation Rtvscan.exe 176 Symantec AntiVirus Symantec Corporation alg.exe 2424 Application Layer Gateway Service Microsoft Corporation iPodService.exe 3980 iPodService Module Apple Inc. hpqwmi.exe 2096 hpqwmi Module Hewlett-Packard Development Company, L.P. svchost.exe 2156 Generic Host Process for Win32 Services Microsoft Corporation jqs.exe 3292 Java Quick Starter Service Sun Microsystems, Inc. lsass.exe 800 LSA Shell (Export Version) Microsoft Corporation ati2evxx.exe 684 ATI External Event Utility EXE Module ATI Technologies Inc.explorer.exe 1176 Windows Explorer Microsoft Corporation SynTPEnh.exe 556 Synaptics TouchPad Enhancements Synaptics, Inc. atiptaxx.exe 572 ATI Desktop Control Panel ATI Technologies, Inc. hpwuSchd2.exe 924 hpwuSchd Application Hewlett-Packard eabservr.exe 1456 Quick Launch Buttons Hewlett-Packard HP Wireless Assistant.exe 2060 hp Wireless Assistant Module Hewlett-Packard Company iTunesHelper.exe 2564 iTunesHelper Module Apple Inc. ccApp.exe 2608 Symantec User Session Symantec Corporation pg2.exe 2660 PeerGuardian 2 Methlabs LogitechDesktopMessenger.exe 2724 Logitech Desktop Messenger Logitech daemon.exe 2732 DAEMON Tools Lite DT Soft Ltd ctfmon.exe 2776 CTF Loader Microsoft Corporation NMBgMonitor.exe 2788 Nero Home Nero AG hpqtra08.exe 1168 HP Digital Imaging Monitor Hewlett-Packard Co. WinCinemaMgr.exe 2880 WinCinema Manager InterVideo Inc. SetPoint.exe 3012 Logitech SetPoint Event Manager (UNICODE) Logitech Inc. KHALMNPR.exe 3112 Logitech KHAL Main Process Logitech Inc. ObjectDock.exe 3024 0.75 ObjectDock Stardock firefox.exe 3312 Firefox Mozilla Corporation uTorrent.exe 232 µTorrent BitTorrent, Inc. procexp.exe 1148 2.99 Sysinternals Process Explorer Sysinternals - www.sysinternals.comjusched.exe 1712 Java Platform SE binary Sun Microsystems, Inc.Process: uTorrent.exe Pid: 232Name Description Company Name VersionACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation 5.01.2600.5512adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.01.2600.5512ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.5512ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0001CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0700COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.5512comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.2900.5512COMRes.dll Microsoft Corporation 2001.12.4414.0700credui.dll Credential Manager User Interface Microsoft Corporation 5.01.2600.5512CRYPT32.dll Crypto API32 Microsoft Corporation 5.131.2600.5512ctype.nls DnsApi.dll DNS Client API DLL Microsoft Corporation 5.01.2600.5625DockShellHook.dll dot3api.dll 802.3 Autoconfiguration API Microsoft Corporation 5.01.2600.5512dot3dlg.dll 802.3 UI Helper Microsoft Corporation 5.01.2600.5512eappcfg.dll Eap Peer Config Microsoft Corporation 5.01.2600.5512eappprxy.dll Microsoft EAPHost Peer Client DLL Microsoft Corporation 5.01.2600.5512GameHook.dll Logitech Gaming Hook (UNICODE) Logitech Inc. 3.01.0116.0000GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.5698hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.01.2600.5512IadHide5.dll IAdHide BackWeb 7.02.0000.0157IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.5512Iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.5512kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.5512lgscroll.dll Logitech Scroll Enabler (UNICODE) Logitech Inc. 3.01.0116.0000locale.nls LPK.DLL Language Pack Microsoft Corporation 5.01.2600.5512MADCHOOK.DLL api hooking for 9x/nt www.madshi.net 2.01.0005.0000mdnsNSP.dll Bonjour Namespace Provider Apple Inc. 1.00.0005.0011MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.01.2600.5512MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.5512MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.01.2600.5512msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.01.2600.5512MSVCP60.dll Microsoft ® C++ Runtime Library Microsoft Corporation 6.02.3104.0000MSVCP80.dll Microsoft® C++ Runtime Library Microsoft Corporation 8.00.50727.0762MSVCR80.dll Microsoft® C Runtime Library Microsoft Corporation 8.00.50727.0762msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.5512mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.01.2600.5625netapi32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.5694netshell.dll Network Connections Shell Microsoft Corporation 5.01.2600.5512ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.5512NTMARTA.DLL Windows NT MARTA provider Microsoft Corporation 5.01.2600.5512ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.5512oleaut32.dll Microsoft Corporation 5.01.2600.5512OneX.DLL IEEE 802.1X supplicant library Microsoft Corporation 5.01.2600.5512PRNTRACK.DLL Print Tracker Pharos Systems International 7.02.0000.4273rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.5512RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.5512rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.01.2600.5507rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.5512SAMLIB.dll SAM Library DLL Microsoft Corporation 5.01.2600.5512Secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.5512SETUPAPI.dll Windows Setup API Microsoft Corporation 5.01.2600.5512SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.5512shfolder.dll Shell Folder Service Microsoft Corporation 6.00.2900.5512SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.5512sortkey.nls sorttbls.nls SXS.DLL Fusion 2.5 Microsoft Corporation 5.01.2600.5512unicode.nls USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.5512USERENV.dll Userenv Microsoft Corporation 5.01.2600.5512USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.420.2600.5512uTorrent.exe µTorrent BitTorrent, Inc. 1.08.0001.12639uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.5512VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.5512WINSTA.dll Winstation Library Microsoft Corporation 5.01.2600.5512WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.5512WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.5512WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.5512wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.5512WTSAPI32.dll Windows Terminal Server SDK APIs Microsoft Corporation 5.01.2600.5512xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.01.2600.5512theres the two reports, hope it shows something. thanks for all of the help. Link to comment Share on other sites More sharing options...
DreadWingKnight Posted December 29, 2008 Report Share Posted December 29, 2008 DockShellHook.dll IadHide5.dll IAdHide BackWeb 7.02.0000.0157PRNTRACK.DLL Print Tracker Pharos Systems International 7.02.0000.4273MADCHOOK.DLL api hooking for 9x/nt www.madshi.net 2.01.0005.0000Potential problems. Find out what is associated with each and try removing/disabling the hook. Link to comment Share on other sites More sharing options...
Darkstar3330 Posted December 29, 2008 Author Report Share Posted December 29, 2008 tried all of them individually and all at the same time, utorrent still starts up fine then just randomly closes in the next few minutes. its so weird. Any other Ideas? thanks for the help so far!! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.