coolcat24 Posted February 23, 2009 Report Share Posted February 23, 2009 can anyone help me... ive done the hijack thing, here is the results.. can anyone tell me what to do next plezzzzzLogfile of Trend Micro HijackThis v2.0.2Scan saved at 08:59:58, on 23/02/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\AVG\AVG8\avgtray.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\AOL 9.0 VRa\waol.exeC:\Program Files\Common Files\AOL\1228464140\ee\aolsoftware.exeC:\Program Files\AOL 9.0 VRa\shellmon.exeC:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exeC:\Program Files\Paltalk Messenger\paltalk.exeC:\Windows\System32\mobsync.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%sR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exeO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO13 - Gopher Prefix: O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231421565767O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228980455595O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO20 - AppInit_DLLs: avgrsstx.dllO23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeO23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exeO23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exeO23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeO23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe--End of file - 5859 bytes Link to comment Share on other sites More sharing options...
DreadWingKnight Posted February 23, 2009 Report Share Posted February 23, 2009 Vista + ZoneAlarm = MAJOR problems. Link to comment Share on other sites More sharing options...
ybrik Posted February 23, 2009 Report Share Posted February 23, 2009 Does uT's bt.graceful.shutdown has to do with some checking of joblists often? I remember checking was already done when I had manually loaded all the torrents, but sometimes I still get those when I run uT. Link to comment Share on other sites More sharing options...
moogly Posted February 23, 2009 Report Share Posted February 23, 2009 @coolcat24: choose another firewall like Comodo, there is a guide here to set it with uT. In addition it's better than ZA and free.@ybrik: yes surely because uT didn't quit properly. About your batteries I remember I read some computers met freezes when they were on batteries because of incompatibility beetwen the power manager and the OS (Vista). Link to comment Share on other sites More sharing options...
ybrik Posted February 23, 2009 Report Share Posted February 23, 2009 It seems that I have the idea of the freezing. When the checking of the joblists has stopped..."xx.x checked"; then following this shortly would be hang the uT and everything on my screen. Is there a way to disable this checkings? Is bt.graceful.shutdown enabled has something to do witht this? I have already manually loaded the torrents yesterday and this morning, I still have torrents in checking mode. Link to comment Share on other sites More sharing options...
moogly Posted February 23, 2009 Report Share Posted February 23, 2009 The default value of bt.graceful.shutdown is false. What is yours? Link to comment Share on other sites More sharing options...
ybrik Posted February 23, 2009 Report Share Posted February 23, 2009 I set it to TRUE because that is what I read at uT troubleshooting when I have to manually load all torrents. Link to comment Share on other sites More sharing options...
Sakarii Posted February 23, 2009 Report Share Posted February 23, 2009 @mooglySorry for the late reply. And McAfee doesn't have it's antivirus installed just the Security Center, SiteAdvisor, Parental Controls, and Backup and Restore.Process Explorer Log: Process PID CPU Description Company NameSystem Idle Process 0 90.91 Interrupts n/a Hardware Interrupts DPCs n/a 0.76 Deferred Procedure Calls System 4 smss.exe 936 Windows NT Session Manager Microsoft Corporation csrss.exe 984 Client Server Runtime Process Microsoft Corporation winlogon.exe 1008 Windows NT Logon Application Microsoft Corporation services.exe 1052 2.27 Services and Controller app Microsoft Corporation svchost.exe 1308 Generic Host Process for Win32 Services Microsoft Corporation mcagent.exe 784 McAfee Integrated Security Platform McAfee, Inc. wmiprvse.exe 3972 WMI Microsoft Corporation svchost.exe 1396 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1520 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1556 Generic Host Process for Win32 Services Microsoft Corporation WudfHost.exe 12184 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation svchost.exe 1704 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1844 Generic Host Process for Win32 Services Microsoft Corporation spoolsv.exe 1956 Spooler SubSystem App Microsoft Corporation LVPrcSrv.exe 1996 Logitech LVPrcSrv Module. Logitech Inc. sched.exe 2012 Antivirus Scheduler Avira GmbH avguard.exe 308 Antivirus On-Access Service Avira GmbH IAANTmon.exe 344 RAID Monitor Intel Corporation McSACore.exe 396 SiteAdvisor McAfee, Inc. mcmscsvc.exe 456 McAfee Services McAfee, Inc. McNASvc.exe 496 McAfee Network Agent McAfee, Inc. McProxy.exe 548 McAfee Proxy Service Module McAfee, Inc. nvsvc32.exe 636 NVIDIA Driver Helper Service, Version 82.68 NVIDIA Corporation svchost.exe 776 Generic Host Process for Win32 Services Microsoft Corporation ViewpointService.exe 908 ViewMgr Viewpoint Corporation svchost.exe 1140 Generic Host Process for Win32 Services Microsoft Corporation wuauclt.exe 2544 Windows Update Automatic Updates Microsoft Corporation xcommsvr.exe 1508 BitDefender Communicator Server SOFTWIN S.R.L ZuneBusEnum.exe 1632 Zune Bus Enumerator Service Microsoft Corporation livesrv.exe 1824 BitDefender Security Service SOFTWIN S.R.L. alg.exe 2568 Application Layer Gateway Service Microsoft Corporation svchost.exe 3544 Generic Host Process for Win32 Services Microsoft Corporation bdss.exe 6156 vsserv.exe 4924 BitDefender Security Service SOFTWIN S.R.L. lsass.exe 1064 LSA Shell (Export Version) Microsoft Corporationexplorer.exe 1484 Windows Explorer Microsoft Corporation stsystra.exe 2828 Sigmatel Audio system tray application SigmaTel, Inc. IAAnotif.exe 2840 Event Monitor User Notification Tool Intel Corporation DMXLauncher.exe 2856 DLACTRLW.EXE 2880 Drive Letter Access Component Sonic Solutions issch.exe 2948 InstallShield Update Service Scheduler InstallShield Software Corporation EULALauncher.exe 3124 bdmcon.exe 3176 BitDefender Management Console SOFTWIN S.R.L. bdagent.exe 3220 BDAgent Application SOFTWIN S.R.L. ZuneLauncher.exe 2044 Zune Auto-Launcher Microsoft Corporation Communications_Helper.exe 3696 Logitech Communications Manager Logitech Inc. LVComSX.exe 4028 LVCom Server Logitech Inc. avgnt.exe 836 Antivirus System Tray Tool Avira GmbH ctfmon.exe 1480 CTF Loader Microsoft Corporation YahooMessenger.exe 1316 Yahoo! Messenger Yahoo! Inc. aim6.exe 1812 AIM AOL LLC aolsoftware.exe 5612 AOL AOL LLC firefox.exe 3332 3.03 Firefox Mozilla Corporation AcroRd32.exe 5904 Adobe Reader 7.0 Adobe Systems Incorporated daemon.exe 2636 DAEMON Tools Lite DT Soft Ltd pg2.exe 3372 PeerGuardian 2 Phoenix Labs DLG.exe 1436 Digital Line Detection BVRP Software NintendoWFCReg.exe 3896 Nintendo Wi-Fi Connector USB taskmgr.exe 5020 Windows TaskManager Microsoft Corporation wmplayer.exe 13932 2.27 Windows Media Player Microsoft Corporation procexp.exe 11844 0.76 Sysinternals Process Explorer Sysinternals - www.sysinternals.com uTorrent.exe 13740 μTorrent BitTorrent, Inc.Process: Pid: 13740Name Description Company Name VersionACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation 5.1.2600.5512adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.1.2600.5512ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.1.2600.5512ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.5.2284.1c_1252.nls CLBCATQ.DLL Microsoft Corporation 2001.12.4414.700COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.0.2900.5512comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.0.2900.5512COMRes.dll Microsoft Corporation 2001.12.4414.700ctype.nls DnsApi.dll DNS Client API DLL Microsoft Corporation 5.1.2600.5625GDI32.dll GDI Client DLL Microsoft Corporation 5.1.2600.5698hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.1.2600.5512imjp81.ime Microsoft IME Standard Microsoft Corporation 8.1.4206.0imjp81k.dll Microsoft IME Microsoft Corporation 8.1.4202.0imjp81u.dic IMJPCD.DIC Microsoft IME Code Dictionary Microsoft Corporation 8.1.4202.0imjpcd.dic Microsoft IME Code Dictionary Microsoft Corporation 8.1.4202.0imjpch.dic Satori System Dictionary File Microsoft Corporation 8.0.2216.0imjpgn.grm Satori Grammar Dictionary File Microsoft Corporation 8.0.2210.0imjpln.dic Satori System Dictionary File Microsoft Corporation 8.0.2216.0imjpnm.dic Satori System Dictionary File Microsoft Corporation 8.0.2216.0imjpsb.dic Satori System Dictionary File Microsoft Corporation 8.0.2216.0imjpst.dic Satori System Dictionary File Microsoft Corporation 8.0.2408.0imjptk.dic Satori System Dictionary File Microsoft Corporation 8.0.2216.0imjpzp.dic Satori System Dictionary File Microsoft Corporation 8.0.2216.0IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.1.2600.5512Iphlpapi.dll IP Helper API Microsoft Corporation 5.1.2600.5512kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.1.2600.5512locale.nls LPK.DLL Language Pack Microsoft Corporation 5.1.2600.5512LVPrcInj.dll Logitech Helper Library. Logitech Inc. 10.0.0.1438MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.1.2600.5512MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.1.2600.5512msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.1.2600.5512msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.2600.5512mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.1.2600.5625netapi32.dll Net Win32 API DLL Microsoft Corporation 5.1.2600.5694ntdll.dll NT Layer DLL Microsoft Corporation 5.1.2600.5512ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.1.2600.5512oleaut32.dll Microsoft Corporation 5.1.2600.5512rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.1.2600.5512RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.1.2600.5512rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.1.2600.5507rtutils.dll Routing Utilities Microsoft Corporation 5.1.2600.5512saHook.dll SiteAdvisor McAfee, Inc. 2.9.0.242SAMLIB.dll SAM Library DLL Microsoft Corporation 5.1.2600.5512Secur32.dll Security Support Provider Interface Microsoft Corporation 5.1.2600.5512SETUPAPI.dll Windows Setup API Microsoft Corporation 5.1.2600.5512SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.0.2900.5512shfolder.dll Shell Folder Service Microsoft Corporation 6.0.2900.5512SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.0.2900.5512sockspy.dll sortkey.nls sorttbls.nls unicode.nls USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.1.2600.5512USERENV.dll Userenv Microsoft Corporation 5.1.2600.5512USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.420.2600.5512uTorrent.exe μTorrent BitTorrent, Inc. 1.8.2.14458UxTheme.dll Microsoft UxTheme Library Microsoft Corporation 6.0.2900.5512VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.1.2600.5512WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.1.2600.5512WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.1.2600.5512WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.1.2600.5512wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.1.2600.5512 Link to comment Share on other sites More sharing options...
ybrik Posted February 24, 2009 Report Share Posted February 24, 2009 My uT is 100% working properly. I deleted all those torrents with "checking" status and put back the default setting of bt.graceful_shutdown to "false". Thanks for all those who helped me especially to moogly. Link to comment Share on other sites More sharing options...
pajcho Posted February 24, 2009 Report Share Posted February 24, 2009 OK, here is mine data... So can anybody tell me what to do?? I already excluded it from NOD32, but it did not helped...Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:36:19, on 24.2.2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Google\Google Talk\googletalk.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exeC:\Program Files\DU Super Controler\DUSuperControler.exeC:\Program Files\DU Super Controler\DUSuperControler.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\AskBarDis\bar\bin\AskService.exeC:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\MSN Messenger\usnsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\inetsrv\DavCData.exeC:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exeC:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\uTorrent\uTorrent.exeC:\Documents and Settings\Pajcho\Desktop\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=2057R3 - URLSearchHook: Enhanced search Toolbar - {abb88e4e-75f4-4fdc-8f42-d101484c4b3f} - C:\Program Files\Enhanced_search\tbEnha.dllO1 - Hosts: 79.110.86.230 board.ogame.orgO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Enhanced search Toolbar - {abb88e4e-75f4-4fdc-8f42-d101484c4b3f} - C:\Program Files\Enhanced_search\tbEnha.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dllO3 - Toolbar: Enhanced search Toolbar - {abb88e4e-75f4-4fdc-8f42-d101484c4b3f} - C:\Program Files\Enhanced_search\tbEnha.dllO4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe bootO4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostartO4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitserviceO4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXEO4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXEO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"O4 - HKCU\..\RunOnce: [PCSuite.exe] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe -onlytray -install -startgcwO4 - HKCU\..\RunOnce: [PcSync2.exe] C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe /NoDialogO4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')O4 - Global Startup: DUSuperControler.lnk = C:\Program Files\DU Super Controler\DUSuperControler.exeO8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dllO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exeO23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exeO23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe--End of file - 9172 bytes___________________________________________________________________Process PID CPU Description Company NameSystem Idle Process 0 99.23 Interrupts n/a Hardware Interrupts DPCs n/a Deferred Procedure Calls System 4 smss.exe 1084 Windows NT Session Manager Microsoft Corporation csrss.exe 1156 Client Server Runtime Process Microsoft Corporation winlogon.exe 1188 Windows NT Logon Application Microsoft Corporationexplorer.exe 800 Windows Explorer Microsoft Corporation googletalk.exe 904 Google Talk Google jusched.exe 920 Java Platform SE binary Sun Microsystems, Inc. egui.exe 940 Eset GUI ESET iTunesHelper.exe 996 iTunesHelper Module Apple Inc. ctfmon.exe 684 CTF Loader Microsoft Corporation msnmsgr.exe 1032 Messenger Microsoft Corporation NMBgMonitor.exe 1056 Nero Home Nero AG daemon.exe 1104 Virtual DAEMON Manager DT Soft Ltd. DUSuperControler.exe 1396 DU Super Controler Zukanovic Software DUSuperControler.exe 1480 DU Super Controler Zukanovic Software Acrotray.exe 4808 AcroTray Adobe Systems Inc. firefox.exe 4768 Firefox Mozilla Corporation uTorrent.exe 3228 µTorrent BitTorrent, Inc. procexp.exe 4156 Sysinternals Process Explorer Sysinternals - www.sysinternals.comProcess: uTorrent.exe Pid: 3228Name Description Company Name VersionACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation 5.1.2600.5512adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.1.2600.5512ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.1.2600.5512ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.5.2284.1c_1250.nls CLBCATQ.DLL Microsoft Corporation 2001.12.4414.700COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.0.2900.5512comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.0.2900.5512COMRes.dll Microsoft Corporation 2001.12.4414.700credui.dll Credential Manager User Interface Microsoft Corporation 5.1.2600.5512CRYPT32.dll Crypto API32 Microsoft Corporation 5.131.2600.5512ctype.nls DnsApi.dll DNS Client API DLL Microsoft Corporation 5.1.2600.5512dot3api.dll 802.3 Autoconfiguration API Microsoft Corporation 5.1.2600.5512dot3dlg.dll 802.3 UI Helper Microsoft Corporation 5.1.2600.5512dssenh.dll Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider Microsoft Corporation 5.1.2600.5507eappcfg.dll Eap Peer Config Microsoft Corporation 5.1.2600.5512eappprxy.dll Microsoft EAPHost Peer Client DLL Microsoft Corporation 5.1.2600.5512GDI32.dll GDI Client DLL Microsoft Corporation 5.1.2600.5512hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.1.2600.5512IMAGEHLP.dll Windows NT Image Helper Microsoft Corporation 5.1.2600.5512index.dat index.dat index.dat Iphlpapi.dll IP Helper API Microsoft Corporation 5.1.2600.5512kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.1.2600.5512locale.nls MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.1.2600.5512MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 5.1.2600.5512MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.1.2600.5512MSVCP60.dll Microsoft ® C++ Runtime Library Microsoft Corporation 6.2.3104.0msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.2600.5512mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.1.2600.5512netapi32.dll Net Win32 API DLL Microsoft Corporation 5.1.2600.5512NETSHELL.dll Network Connections Shell Microsoft Corporation 5.1.2600.5512ntdll.dll NT Layer DLL Microsoft Corporation 5.1.2600.5512ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.1.2600.5512oleaut32.dll Microsoft Corporation 5.1.2600.5512OneX.DLL IEEE 802.1X supplicant library Microsoft Corporation 5.1.2600.5512rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.1.2600.5512RASAPI32.DLL Remote Access API Microsoft Corporation 5.1.2600.5512rasman.dll Remote Access Connection Manager Microsoft Corporation 5.1.2600.5512RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.1.2600.5512rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.1.2600.5507rtutils.dll Routing Utilities Microsoft Corporation 5.1.2600.5512SAMLIB.dll SAM Library DLL Microsoft Corporation 5.1.2600.5512schannel.dll TLS / SSL Security Provider Microsoft Corporation 5.1.2600.5512Secur32.dll Security Support Provider Interface Microsoft Corporation 5.1.2600.5512sensapi.dll SENS Connectivity API DLL Microsoft Corporation 5.1.2600.5512SETUPAPI.dll Windows Setup API Microsoft Corporation 5.1.2600.5512SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.0.2900.5512shfolder.dll Shell Folder Service Microsoft Corporation 6.0.2900.5512SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.0.2900.5512sortkey.nls sorttbls.nls SXS.DLL Fusion 2.5 Microsoft Corporation 5.1.2600.5512TAPI32.dll Microsoft® Windows Telephony API Client DLL Microsoft Corporation 5.1.2600.5512unicode.nls urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 6.0.2900.5512USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.1.2600.5512USERENV.dll Userenv Microsoft Corporation 5.1.2600.5512uTorrent.exe µTorrent BitTorrent, Inc. 1.8.2.14458uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.0.2900.5512VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.1.2600.5512wininet.dll Internet Extensions for Win32 Microsoft Corporation 6.0.2900.5512WINMM.dll MCI API DLL Microsoft Corporation 5.1.2600.5512WINSTA.dll Winstation Library Microsoft Corporation 5.1.2600.5512wintrust.dll Microsoft Trust Verification APIs Microsoft Corporation 5.131.2600.5512WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.1.2600.5512WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.1.2600.5512WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.1.2600.5512wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.1.2600.5512wsock32.dll Windows Socket 32-Bit DLL Microsoft Corporation 5.1.2600.5512WTSAPI32.dll Windows Terminal Server SDK APIs Microsoft Corporation 5.1.2600.5512xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.1.2600.5512 Link to comment Share on other sites More sharing options...
moogly Posted February 24, 2009 Report Share Posted February 24, 2009 @pajcho:Your PE log looks fine but there is a weird DLL in HJT jog:O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dllAre you trying to crack the Windows' copy protection? Because that's the role of this malware:http://dll-repair-tools.com/dll-files/cracking-the-window%E2%80%99s-copy-protection-by-antiwpadllhttp://www.bleepingcomputer.com/startups/antiwpa.dll-21379.htmlIf you're using a cracked version of Windows (intentionally or not), don't be surprised if some programs are ruined when they are working.And are you running wireless?@Sakarii:saHook.dll SiteAdvisor McAfee, Inc. 2.9.0.242Did you try to remove it? Because it's injected in uT, maybe the culprit of freezing. Link to comment Share on other sites More sharing options...
pajcho Posted February 25, 2009 Report Share Posted February 25, 2009 OK, it wasn't nothing of that, i just uninstalled NOD32 and put Kaspersky AV instead of it, and everithing works just fine But thanks for your answer... Link to comment Share on other sites More sharing options...
Sakarii Posted February 25, 2009 Report Share Posted February 25, 2009 @mooglyThanks for your help! I've waited 24 hours and so far no problems. I hope it continues this way... Link to comment Share on other sites More sharing options...
hecookaz Posted February 28, 2009 Report Share Posted February 28, 2009 I am having a problem with uTorrent freezing also. I am using 1.8.2 (build 14458), XP SP2. When I try to download a file it just sits there with ETA at infinity (if the seeds & peers are zero). If the seeds or peers are any number the window freezes and the banner says Not Responding. It also freezes when I do a port test although I get a message like this: OK! Port 58192 is open and accepting connections. It also sends the VM size thru the roof (1,997,166K). I have went thru several postings and have tried some things W/O any luck. Any help you can give will be greatly appreciated.Thanks Link to comment Share on other sites More sharing options...
DreadWingKnight Posted February 28, 2009 Report Share Posted February 28, 2009 process explorer process list with the dll list for the utorrent.exe process Link to comment Share on other sites More sharing options...
hecookaz Posted March 1, 2009 Report Share Posted March 1, 2009 I hope this is what you ask for.Process PID CPU Description Company NameSystem Idle Process 0 92.42 Interrupts n/a 0.76 Hardware Interrupts DPCs n/a Deferred Procedure Calls System 4 1.52 smss.exe 708 Windows NT Session Manager Microsoft Corporation csrss.exe 764 Client Server Runtime Process Microsoft Corporation winlogon.exe 792 Windows NT Logon Application Microsoft Corporation services.exe 836 0.76 Services and Controller app Microsoft Corporation svchost.exe 1012 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1116 Generic Host Process for Win32 Services Microsoft Corporation livesrv.exe 1220 BitDefender Update Service BitDefender SRL vsserv.exe 1232 BitDefender Security Service BitDefender S. R. L. svchost.exe 1312 Generic Host Process for Win32 Services Microsoft Corporation GoogleUpdate.exe 688 Google Installer Google Inc. svchost.exe 1348 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1720 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1880 Generic Host Process for Win32 Services Microsoft Corporation aawservice.exe 1968 Ad-Aware Service Lavasoft spoolsv.exe 468 Spooler SubSystem App Microsoft Corporation PhotoshopElementsFileAgent.exe 580 svchost.exe 408 Generic Host Process for Win32 Services Microsoft Corporation DTSRVC.exe 748 GoogleUpdaterService.exe 1200 gusvc Google ioloServiceManager.exe 1524 jqs.exe 1708 Java Quick Starter Service Sun Microsystems, Inc. mdm.exe 1780 Machine Debug Manager Microsoft Corporation svchost.exe 2236 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 2412 Generic Host Process for Win32 Services Microsoft Corporation vssvc.exe 2572 Microsoft® Volume Shadow Copy Service Microsoft Corporation searchindexer.exe 2668 0.76 Microsoft Windows Search Indexer Microsoft Corporation CALMAIN.exe 2924 Canon Camera Access Library 8 Canon Inc. alg.exe 4008 Application Layer Gateway Service Microsoft Corporation lsass.exe 848 LSA Shell (Export Version) Microsoft Corporationexplorer.exe 308 Windows Explorer Microsoft Corporation devldr32.exe 2516 DevLdr32 Creative Technology Ltd. SM1bg.exe 3444 Cypress USB Mass Storage Driver Background Application Cypress Semiconductor PDUiP6700DMon.exe 3464 PDUMon CANON INC. rundll32.exe 3472 Run a DLL as an App Microsoft Corporation PdfPro5Hook.exe 3484 PdfCreateHook Application Nuance Communications, Inc. bdagent.exe 3740 1.52 BitDefender Agent BitDefender S.R.L. seccenter.exe 4068 0.76 BitDefender Security Center SecCopy.exe 3784 Second Copy 2000 Centered Systems ctfmon.exe 3860 CTF Loader Microsoft Corporation JetTB.exe 4016 jetToolBar JetAudio, Inc. firefox.exe 2060 Firefox Mozilla Corporation thunderbird.exe 4032 Mozilla Thunderbird Mozilla Corporation WindowsSearch.exe 4084 0.76 Windows Search System Tray Microsoft Corporation uTorrent.exe 3940 µTorrent BitTorrent, Inc. notepad.exe 948 Notepad Microsoft Corporation procexp.exe 2184 0.76 Sysinternals Process Explorer Sysinternals - www.sysinternals.comProcess: uTorrent.exe Pid: 3940Name Description Company Name VersionACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation 5.1.2600.2180adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.1.2600.2180ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.1.2600.2180ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.5.2284.0CLBCATQ.DLL Microsoft Corporation 2001.12.4414.308COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.0.2900.2982comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.0.2900.2180COMRes.dll Microsoft Corporation 2001.12.4414.258CRYPT32.dll Crypto API32 Microsoft Corporation 5.131.2600.2180ctype.nls DnsApi.dll DNS Client API DLL Microsoft Corporation 5.1.2600.3394FarLsp.dll GDI32.dll GDI Client DLL Microsoft Corporation 5.1.2600.3466hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.1.2600.2180IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.1.2600.2180ioloHL.dll 2.1.10.24Iphlpapi.dll IP Helper API Microsoft Corporation 5.1.2600.2912kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.1.2600.3119locale.nls mdnsNSP.dll Bonjour Namespace Provider Apple Computer, Inc. 1.0.2.9MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.1.2600.2180MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 5.1.2600.2180MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.1.2600.3319msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.1.2600.2180msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.2600.2180mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.1.2600.3394netapi32.dll Net Win32 API DLL Microsoft Corporation 5.1.2600.3462ntdll.dll NT Layer DLL Microsoft Corporation 5.1.2600.2180ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.1.2600.2726oleaut32.dll Microsoft Corporation 5.1.2600.3266rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.1.2600.2938RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.1.2600.3173rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.1.2600.2161rtutils.dll Routing Utilities Microsoft Corporation 5.1.2600.2180SAMLIB.dll SAM Library DLL Microsoft Corporation 5.1.2600.2180Secur32.dll Security Support Provider Interface Microsoft Corporation 5.1.2600.2180SETUPAPI.dll Windows Setup API Microsoft Corporation 5.1.2600.2180SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.0.2900.3402shfolder.dll Shell Folder Service Microsoft Corporation 6.0.2900.2180SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.0.2900.3395sortkey.nls sorttbls.nls unicode.nls USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.1.2600.3099USERENV.dll Userenv Microsoft Corporation 5.1.2600.2180uTorrent.exe µTorrent BitTorrent, Inc. 1.8.2.14458uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.0.2900.2180VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.1.2600.2180winmm.dll MCI API DLL Microsoft Corporation 5.1.2600.2180WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.1.2600.2180WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.1.2600.2180WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.1.2600.2180wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.1.2600.2180Thanks Link to comment Share on other sites More sharing options...
myyas Posted March 1, 2009 Report Share Posted March 1, 2009 I have the freezing problem also.Here are my Hijack This & Process Explorer Logs:Hijack This Log==========Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:26:30 AM, on 3/1/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\BOINC\boinctray.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Spyware Doctor\pctsTray.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Weather Watcher Live\ww.exeC:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exeC:\Program Files\BOINC\boincmgr.exeC:\Program Files\NeoWatch\NeoWatchTray.exeC:\Program Files\ACD Systems\ImageFox\ImageFox.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\Program Files\BOINC\boinc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Documents and Settings\All Users\Application Data\BOINC\projects\setiathome.berkeley.edu\astropulse_5.03_windows_intelx86.exeC:\PROGRA~1\NeoWatch\NWSERVICE.exeC:\Program Files\Spyware Doctor\pctsAuxs.exeC:\Program Files\Spyware Doctor\pctsSvc.exeC:\WINDOWS\system32\tcpsvcs.exeC:\WINDOWS\System32\snmp.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\system32\wbem\unsecapp.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\Program Files\PC Connectivity Solution\ServiceLayer.exeC:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exeC:\Program Files\Spyware Doctor\TFEngine\TFService.exeC:\WINDOWS\System32\alg.exeC:\Documents and Settings\All Users\Application Data\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_1.54_windows_intelx86.exeC:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exeC:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exeD:\2 Downloads\Active\HijackThis\HijackThis.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\SearchProtocolHost.exeC:\WINDOWS\system32\SearchFilterHost.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dllO2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLLO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dllO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [boinctray] "C:\Program Files\BOINC\boinctray.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [WeatherWatcherLive] "C:\Program Files\Weather Watcher Live\ww.exe"O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytrayO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-21-1715567821-823518204-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'boinc_master')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: ImageFox.lnk = C:\Program Files\ACD Systems\ImageFox\ImageFox.exeO4 - Global Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exeO4 - Global Startup: NeoWatch Startup.lnk = C:\Program Files\NeoWatch\NeoWatchTray.exeO8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NeoWatch\NTXcontext.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NeoWatch\NTXtoolbar.htm (HKCU)O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228920172347O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228920309925O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLLO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeO23 - Service: BOINC - Space Sciences Laboratory - C:\Program Files\BOINC\boinc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXEO23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: NeoWatch Monitor Service (NWService) - Unknown owner - C:\PROGRA~1\NeoWatch\NWSERVICE.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exeO23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exeO23 - Service: Symantec RemoteAssist - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (file missing)O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe--End of file - 10540 bytes=======================================Process Explorer Log==============Process PID CPU Description Company NameSystem Idle Process 0 Interrupts n/a Hardware Interrupts DPCs n/a 2.27 Deferred Procedure Calls System 4 smss.exe 956 Windows NT Session Manager Microsoft Corporation csrss.exe 1052 Client Server Runtime Process Microsoft Corporation winlogon.exe 1096 Windows NT Logon Application Microsoft Corporation services.exe 1140 1.52 Services and Controller app Microsoft Corporation ati2evxx.exe 1328 ATI External Event Utility EXE Module ATI Technologies Inc. svchost.exe 1348 Generic Host Process for Win32 Services Microsoft Corporation unsecapp.exe 2000 WMI Microsoft Corporation wmiprvse.exe 3576 WMI Microsoft Corporation svchost.exe 1416 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1552 Generic Host Process for Win32 Services Microsoft Corporation wuauclt.exe 2572 Windows Update Automatic Updates Microsoft Corporation svchost.exe 1592 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1700 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1844 Generic Host Process for Win32 Services Microsoft Corporation CCSVCHST.EXE 1892 Symantec Service Framework Symantec Corporation AAWService.exe 408 Ad-Aware Service Application Lavasoft spoolsv.exe 1036 Spooler SubSystem App Microsoft Corporation AluSchedulerSvc.exe 2260 Automatic LiveUpdate Scheduler Service Symantec Corporation boinc.exe 2508 BOINC client Space Sciences Laboratory astropulse_5.03_windows_intelx86.exe 2720 44.70 minirosetta_1.54_windows_intelx86.exe 448 45.45 svchost.exe 2604 Generic Host Process for Win32 Services Microsoft Corporation jqs.exe 2672 Java Quick Starter Service Sun Microsystems, Inc. NWService.exe 2732 pctsAuxs.exe 2800 PC Tools Auxiliary Service PC Tools pctsSvc.exe 2912 2.27 PC Tools Security Service PC Tools tcpsvcs.exe 3512 TCP/IP Services Application Microsoft Corporation snmp.exe 3544 SNMP Service Microsoft Corporation svchost.exe 3604 Generic Host Process for Win32 Services Microsoft Corporation searchindexer.exe 3716 Microsoft Windows Search Indexer Microsoft Corporation searchprotocolhost.exe 4600 Microsoft Windows Search Protocol Host Microsoft Corporation searchfilterhost.exe 2636 Microsoft Windows Search Filter Host Microsoft Corporation ServiceLayer.exe 3660 ServiceLayer Module Nokia. NclMSBTSrv.exe 2708 MSBTSrv Application NclUSBSrv.exe 1480 NclUSBSrv Application NclRSSrv.exe 1132 NclRSSrv Application TFService.exe 2860 0.76 PC Tools ThreatFire Service PC Tools alg.exe 4092 Application Layer Gateway Service Microsoft Corporation symlcsvc.exe 3016 lsass.exe 1152 LSA Shell (Export Version) Microsoft Corporation ati2evxx.exe 1948 ATI External Event Utility EXE Module ATI Technologies Inc.explorer.exe 1372 Windows Explorer Microsoft Corporation ctfmon.exe 1216 CTF Loader Microsoft Corporation soundman.exe 888 Realtek Sound Manager Realtek Semiconductor Corp. boinctray.exe 964 BOINC System Tray for Windows Space Sciences Laboratory jusched.exe 1044 Java Platform SE binary Sun Microsystems, Inc. AAWTray.exe 1064 Ad-Aware Tray Application Lavasoft rundll32.exe 1472 Run a DLL as an App Microsoft Corporation pctsTray.exe 1544 PC Tools Tray Application PC Tools GrooveMonitor.exe 1644 GrooveMonitor Utility Microsoft Corporation ww.exe 912 Weather Watcher Live Singer's Creations PCSuite.exe 1196 Nokia Launch Application Nokia boincmgr.exe 500 BOINC Manager for Windows Space Sciences Laboratory NeoWatchTray.exe 580 1.52 NeoWatch Tray Monitor NeoWorx Inc. ImageFox.exe 752 ImageFox - Image File Open eXtension ACD Systems, Ltd. uTorrent.exe 4856 3.03 µTorrent BitTorrent, Inc. procexp 11.33..exe 5104 Sysinternals Process Explorer Sysinternals - www.sysinternals.comCCSVCHST.EXE 1532 Symantec Service Framework Symantec Corporationfirefox.exe 4936 Firefox Mozilla Corporation====================================Thank you Link to comment Share on other sites More sharing options...
DreadWingKnight Posted March 1, 2009 Report Share Posted March 1, 2009 threatfire.uninstall it. Link to comment Share on other sites More sharing options...
moogly Posted March 1, 2009 Report Share Posted March 1, 2009 @hecookaz:ioloHL.dll 2.1.10.24What's this DLL? It's injected in uT, maybe the culprit.@myyas: as said DWK, uninstall ThreatFire. Link to comment Share on other sites More sharing options...
hecookaz Posted March 1, 2009 Report Share Posted March 1, 2009 I disabled ioloHL.dll and uTorrent acts the same. ioloHL.dll is part of System Mechanic 8 pro. Link to comment Share on other sites More sharing options...
New_Lexicon90 Posted March 1, 2009 Report Share Posted March 1, 2009 Here's my original post. I just tried hijackthis and process explorer. It was my first time, but I think I included all the information. Any help would be appreciated greatly."Ok, I am having similar problems. Recently my Utorrent started freezing with the new update, so I figured I'd just reinstall and it'd be cool again. I've deleted (I think) every trace of utorrent from computer--even cleaning the registry. However when I redownload utorrent's .exe file it just gives me the options "run" or "cancel". Clicking "run" just opens my old utorrent and freezes instantly. I can't even get it to properly uninstall it seems."Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:59:26 PM, on 3/1/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\PC Tools Firewall Plus\FWService.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeD:\Program Files\Executive Software\Diskeeper\DkService.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\WINDOWS\system32\r_server.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\alg.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\WiFiConnector\NintendoWFCReg.exeC:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Webroot\Spy Sweeper\SSU.EXEC:\Program Files\Vuze\Azureus.exeC:\Program Files\Last.fm\LastFM.exeC:\Program Files\Windows Live\Messenger\usnsvc.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeD:\Program Files\HijackThis.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO4 - HKLM\..\Run: [Tweak UI] "RUNDLL32.EXE" TWEAKUI.CPL,TweakMeUpO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintrayO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exeO4 - Global Startup: Run Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157309283234O17 - HKLM\System\CCS\Services\Tcpip\..\{4F3113C0-6918-4713-B18D-BE3CF8B4C5E6}: NameServer = 192.168.0.1O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Diskeeper - Executive Software International, Inc. - D:\Program Files\Executive Software\Diskeeper\DkService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exeO23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exeO23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe--End of file - 5991 bytesProcess PID CPU Description Company NameSystem Idle Process 0 44.78 Interrupts n/a Hardware Interrupts DPCs n/a Deferred Procedure Calls System 4 smss.exe 1008 Windows NT Session Manager Microsoft Corporation csrss.exe 1080 Client Server Runtime Process Microsoft Corporation winlogon.exe 1120 Windows NT Logon Application Microsoft Corporation services.exe 1164 0.75 Services and Controller app Microsoft Corporation ati2evxx.exe 1348 ATI External Event Utility EXE Module ATI Technologies Inc. svchost.exe 1368 Generic Host Process for Win32 Services Microsoft Corporation FWService.exe 1408 49.25 PC Tools Firewall Plus service PC Tools svchost.exe 1472 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1592 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1664 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1732 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1920 Generic Host Process for Win32 Services Microsoft Corporation spoolsv.exe 320 Spooler SubSystem App Microsoft Corporation schedul2.exe 644 Acronis Scheduler 2 Acronis AppleMobileDeviceService.exe 844 Apple Mobile Device Service Apple Inc. mDNSResponder.exe 956 Bonjour Service Apple Inc. DkService.exe 1060 DKSERVICE.EXE Executive Software International, Inc. RichVideo.exe 1876 RichVideo Module r_server.exe 680 SMAgent.exe 800 SoundMAX service agent component Analog Devices, Inc. svchost.exe 888 Generic Host Process for Win32 Services Microsoft Corporation SpySweeper.exe 912 0.75 Spy Sweeper Engine Webroot Software, Inc. ssu.exe 3492 alg.exe 2612 Application Layer Gateway Service Microsoft Corporation svchost.exe 3380 Generic Host Process for Win32 Services Microsoft Corporation usnsvc.exe 2128 Messenger Sharing USN Journal Reader Service Microsoft Corporation lsass.exe 1176 LSA Shell (Export Version) Microsoft Corporation ati2evxx.exe 348 ATI External Event Utility EXE Module ATI Technologies Inc.explorer.exe 1424 0.75 Windows Explorer Microsoft Corporation realsched.exe 2660 RealNetworks Scheduler RealNetworks, Inc. SpySweeperUI.exe 2684 Spy Sweeper Client Executable Webroot Software, Inc. ctfmon.exe 2816 CTF Loader Microsoft Corporation NintendoWFCReg.exe 2964 Nintendo Wi-Fi Connector USB RocketDock.exe 3028 Azureus.exe 3864 Vuze Inc. firefox.exe 3792 Firefox Mozilla Corporation procexp.exe 1316 Sysinternals Process Explorer Sysinternals - www.sysinternals.com utorrent.exe 1864 3.73 µTorrent BitTorrent, Inc. notepad.exe 1636 Notepad Microsoft CorporationProcess: utorrent.exe Pid: 1864Name Description Company Name VersionACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation 5.1.2600.5512adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.1.2600.5512ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.1.2600.5512ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.5.2284.1CLBCATQ.DLL Microsoft Corporation 2001.12.4414.700COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.0.2900.5512comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.0.2900.5512COMRes.dll Microsoft Corporation 2001.12.4414.700credui.dll Credential Manager User Interface Microsoft Corporation 5.1.2600.5512CRYPT32.dll Crypto API32 Microsoft Corporation 5.131.2600.5512ctype.nls DnsApi.dll DNS Client API DLL Microsoft Corporation 5.1.2600.5625dot3api.dll 802.3 Autoconfiguration API Microsoft Corporation 5.1.2600.5512dot3dlg.dll 802.3 UI Helper Microsoft Corporation 5.1.2600.5512eappcfg.dll Eap Peer Config Microsoft Corporation 5.1.2600.5512eappprxy.dll Microsoft EAPHost Peer Client DLL Microsoft Corporation 5.1.2600.5512FwHook.dll FwHook.dll PC Tools Pty Ltd 1.0.44.0GDI32.dll GDI Client DLL Microsoft Corporation 5.1.2600.5698hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.1.2600.5512IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.1.2600.5512Iphlpapi.dll IP Helper API Microsoft Corporation 5.1.2600.5512kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.1.2600.5512locale.nls mdnsNSP.dll Bonjour Namespace Provider Apple Inc. 1.0.5.11MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.1.2600.5512MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 5.1.2600.5512msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.1.2600.5512MSVCP60.dll Microsoft ® C++ Runtime Library Microsoft Corporation 6.2.3104.0msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.2600.5512mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.1.2600.5625netapi32.dll Net Win32 API DLL Microsoft Corporation 5.1.2600.5694netshell.dll Network Connections Shell Microsoft Corporation 5.1.2600.5512ntdll.dll NT Layer DLL Microsoft Corporation 5.1.2600.5512ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.1.2600.5512OLEAUT32.dll Microsoft Corporation 5.1.2600.5512OneX.DLL IEEE 802.1X supplicant library Microsoft Corporation 5.1.2600.5512PSAPI.DLL Process Status Helper Microsoft Corporation 5.1.2600.5512rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.1.2600.5512RocketDock.dll RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.1.2600.5512rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.1.2600.5507rtutils.dll Routing Utilities Microsoft Corporation 5.1.2600.5512SAMLIB.dll SAM Library DLL Microsoft Corporation 5.1.2600.5512Secur32.dll Security Support Provider Interface Microsoft Corporation 5.1.2600.5512SETUPAPI.dll Windows Setup API Microsoft Corporation 5.1.2600.5512SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.0.2900.5622shfolder.dll Shell Folder Service Microsoft Corporation 6.0.2900.5512SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.0.2900.5512sortkey.nls sorttbls.nls unicode.nls USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.1.2600.5512USERENV.dll Userenv Microsoft Corporation 5.1.2600.5512utorrent.exe µTorrent BitTorrent, Inc. 1.8.2.14458uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.0.2900.5512VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.1.2600.5512WINSTA.dll Winstation Library Microsoft Corporation 5.1.2600.5512WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.1.2600.5512WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.1.2600.5512WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.1.2600.5512wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.1.2600.5512WTSAPI32.dll Windows Terminal Server SDK APIs Microsoft Corporation 5.1.2600.5512xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.1.2600.5512 Link to comment Share on other sites More sharing options...
moogly Posted March 1, 2009 Report Share Posted March 1, 2009 @ hecookaz:I missed too this DLL injected in uT: FarLsp.dllWhat's that? It's really weird to have freezing when you are checking your port...@New_Lexicon90:FwHook.dll FwHook.dll PC Tools Pty Ltd 1.0.44.0Did you try to set PC Tools to accept the new version of uT?Can you uninstall it temporarily and control if freezing continues. Link to comment Share on other sites More sharing options...
New_Lexicon90 Posted March 2, 2009 Report Share Posted March 2, 2009 Sorry, what is PC tools? Link to comment Share on other sites More sharing options...
moogly Posted March 2, 2009 Report Share Posted March 2, 2009 Seriously, that's your computer, not mine! Your firewall!O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe Link to comment Share on other sites More sharing options...
New_Lexicon90 Posted March 2, 2009 Report Share Posted March 2, 2009 I just came here to delete that post after I remembered. I swear I'm not retarded. I can't find utorrent as listed in PC tool's list of applications. Maybe because it's "uninstalled" but it's not at the same time.EDIT: Ok, I just found it and it works now. Thanks so much man! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.