dotEXE Posted March 9, 2009 Report Share Posted March 9, 2009 I installed utorrent at my father's Vista laptop at his request. It has an AMD Turion 64 x2 processor and uses NOD32 as the antivirus software. I've read that NOD32's IMON might be the cause, but I can't seem to find the IMON module anywhere. The funny thing is that yesterday, we were able to finish downloading and now we can't even get five minutes while utorrent is open before the laptop crashes? Please help. Thanks in advance. Link to comment Share on other sites More sharing options...
moogly Posted March 9, 2009 Report Share Posted March 9, 2009 You have to post Hijackthis and Process Explorer logs when uT is running.Guide: http://forum.utorrent.com/viewtopic.php?id=29748Dont forget to select utorrent.exe and enable DLL mode (ctrl+d) in PE.Maybe IMON is not the culprit. Link to comment Share on other sites More sharing options...
dotEXE Posted March 9, 2009 Author Report Share Posted March 9, 2009 OK, here is the HJT Log:--------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:37:23 AM, on 3/9/2009Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16809)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Apoint2K\Apoint.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Windows\RtHDVCpl.exeC:\Program Files\Toshiba\ConfigFree\NDSTray.exeC:\Program Files\Toshiba\Power Saver\TPwrMain.exeC:\Windows\system32\taskeng.exeC:\Program Files\Protector Suite QL\psqltray.exeC:\Program Files\Toshiba\SmoothView\SmoothView.exeC:\Program Files\Toshiba\FlashCards\TCrdMain.exeC:\Program Files\Toshiba\Utilities\KeNotify.exeC:\Program Files\Apoint2K\ApMsgFwd.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\Program Files\Apoint2K\Apntex.exeC:\Windows\tsnpstd3.exeC:\Windows\vsnpstd3.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exeC:\Windows\ehome\ehtray.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Windows\ehome\ehmsas.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\Toshiba\ConfigFree\CFSwMgr.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\system32\wuauclt.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dllO1 - Hosts: ::1 localhostO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dllO4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exeO4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startupO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exeO4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUPO4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTILO4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXEO4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exeO4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exeO4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exeO4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exeO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitserviceO4 - HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exeO4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exeO4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exeO4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialogO4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLLO13 - Gopher Prefix: O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/CursorManiaFWBInitialSetup1.0.1.0.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exeO23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeO23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeO23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exeO23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exeO23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exeO23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exeO23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exeO23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exeO23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe--End of file - 11798 bytes--------------------------------------and the Process Explorer Log--------------------------------------Process PID CPU Description Company NameSystem Idle Process 0 96.15 Interrupts n/a Hardware Interrupts DPCs n/a Deferred Procedure Calls System 4 0.77 smss.exe 396 csrss.exe 524 wininit.exe 572 services.exe 616 0.77 svchost.exe 836 ehmsas.exe 2596 Media Center Media Status Aggregator Service Microsoft Corporation unsecapp.exe 3576 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation WmiPrvSE.exe 4164 PresentationFontCache.exe 880 svchost.exe 924 svchost.exe 972 Ati2evxx.exe 1032 Ati2evxx.exe 1480 svchost.exe 1068 audiodg.exe 1196 svchost.exe 1104 dwm.exe 2308 0.77 Desktop Window Manager Microsoft Corporation svchost.exe 1120 taskeng.exe 3108 taskeng.exe 3388 Task Scheduler Engine Microsoft Corporation wuauclt.exe 5144 Windows Update Automatic Updates Microsoft Corporation SLsvc.exe 1312 svchost.exe 1372 svchost.exe 1540 spoolsv.exe 1984 0.77 svchost.exe 2008 agrsmsvc.exe 1896 AppleMobileDeviceService.exe 1948 mDNSResponder.exe 1912 CFSvcs.exe 252 ekrn.exe 1388 svchost.exe 1860 PIFSvc.exe 2052 MDM.EXE 2064 svchost.exe 2108 pinger.exe 2144 svchost.exe 2180 svchost.exe 2196 svchost.exe 2360 swupdtmr.exe 2412 TNaviSrv.exe 2468 TODDSrv.exe 2496 TosCoSrv.exe 2528 TosBtSrv.exe 2544 ULCDRSvr.exe 2612 svchost.exe 2640 SearchIndexer.exe 2664 iPodService.exe 1808 lsass.exe 628 lsm.exe 636 csrss.exe 580 winlogon.exe 684 upeksvr.exe 1644 explorer.exe 2404 Windows Explorer Microsoft Corporation Apoint.exe 2996 Alps Pointing-device Driver Alps Electric Co., Ltd. ApMsgFwd.exe 3796 MSASCui.exe 3068 Windows Defender User Interface Microsoft Corporation RtHDVCpl.exe 3284 HD Audio Control Panel Realtek Semiconductor NDSTray.exe 3316 ConfigFree tray TOSHIBA CORPORATION CFSwMgr.exe 4108 ConfigFree Switch Manager TOSHIBA CORPORATION TPwrMain.exe 3368 TOSHIBA Power Saver TOSHIBA Corporation SmoothView.exe 3440 SmoothView TOSHIBA Corporation TCrdMain.exe 3520 TOSHIBA Flash Cards TOSHIBA Corporation KeNotify.exe 3788 GoogleDesktop.exe 3820 Google Desktop Google hpwuSchd2.exe 3836 Hewlett-Packard Product Assistant Hewlett-Packard Co. PIFSvc.exe 3844 LiveUpdate Notice Service Symantec Corporation GrooveMonitor.exe 3872 GrooveMonitor Utility Microsoft Corporation egui.exe 3880 Eset GUI ESET tsnpstd3.exe 3908 tsnp2std Microsoft SONIX vsnpstd3.exe 3920 CameraMonitor Application iTunesHelper.exe 3936 iTunesHelper Module Apple Inc. TOSCDSPD.exe 3952 CD/DVD Drive Acoustic Silencer TOSHIBA ehtray.exe 3968 Media Center Tray Applet Microsoft Corporation hpqtra08.exe 4016 HP Digital Imaging Monitor Hewlett-Packard Co. hpqste08.exe 3200 HP CUE Status Root Hewlett-Packard Co. firefox.exe 5680 Firefox Mozilla Corporation WinRAR.exe 3680 WinRAR archiver Alexander Roshal procexp.exe 5572 1.54 Sysinternals Process Explorer Sysinternals - www.sysinternals.comMOM.exe 3228 Catalyst Control Center: Monitoring program ATI Technologies Inc. CCC.exe 2620 Catalyst Control Centre: Host application ATI Technologies Inc.psqltray.exe 3428 Fingerprint Tray Application UPEK Inc.ApntEx.exe 3900 Alps Pointing-device Driver for Windows NT/2000/XP/Vista Alps Electric Co., Ltd.Ymsgr_tray.exe 4536 Yahoo! Messenger Tray Yahoo! Inc.---------------------------------------I have another laptop that also uses NOD32 as the antivirus but it only has an Intel Celeron processor and runs Windows XP. I had utorrent installed in that laptop for a long time now, and not once have I experienced a crash. Link to comment Share on other sites More sharing options...
Firon Posted March 9, 2009 Report Share Posted March 9, 2009 Only NOD32 2.7 has the IMON feature.If the computer itself is crashing, turn off automatic rebooting on BSODs and write down everything on the crash screen.http://vistasupport.mvps.org/disable_automatic_restart_to_read_blue_screen_messages.htm Link to comment Share on other sites More sharing options...
dotEXE Posted March 9, 2009 Author Report Share Posted March 9, 2009 Ok thanks, I'll try that. I don't get BSOD's however, the laptop (the one with Vista) just locks up and becomes unresponsive to anything (doesn't recognize key strokes, mouse movement and the LED that blinks up when the computer is busy is not blinking). Link to comment Share on other sites More sharing options...
unklej Posted March 10, 2009 Report Share Posted March 10, 2009 Hi, I'm having the same problem. BSOD when uTorrent is running, hope someone can help me out.Thanks in advance.PROCESS EXPLORERProcess PID CPU Description Company NameSystem Idle Process 0 97.95 Interrupts n/a Hardware Interrupts DPCs n/a 1.03 Deferred Procedure Calls System 4 smss.exe 416 Windows Session Manager Microsoft Corporationcsrss.exe 492 Client Server Runtime Process Microsoft Corporationwininit.exe 552 Windows Start-Up Application Microsoft Corporation services.exe 604 Services and Controller app Microsoft Corporation svchost.exe 892 Host Process for Windows Services Microsoft Corporation ehmsas.exe 1240 Media Center Media Status Aggregator Service Microsoft Corporation unsecapp.exe 3960 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation WmiPrvSE.exe 3980 WMI Provider Host Microsoft Corporation NotiMan.exe 4996 Notification Manager Creative Technology Ltd. winamp.exe 4160 Winamp Nullsoft WmiPrvSE.exe 5148 WMI Provider Host Microsoft Corporation iexplore.exe 5012 Internet Explorer Microsoft Corporation aAvgApi.exe 4652 AVG Security Toolbar broker AVG Technologies CZ, s.r.o. svchost.exe 952 Host Process for Windows Services Microsoft Corporation svchost.exe 996 Host Process for Windows Services Microsoft Corporation svchost.exe 1084 Host Process for Windows Services Microsoft Corporation audiodg.exe 1204 Windows Audio Device Graph Isolation Microsoft Corporation svchost.exe 1112 Host Process for Windows Services Microsoft Corporation dwm.exe 1896 0.51 Desktop Window Manager Microsoft Corporation svchost.exe 1140 Host Process for Windows Services Microsoft Corporation taskeng.exe 2012 Task Scheduler Engine Microsoft Corporation taskeng.exe 1452 Task Scheduler Engine Microsoft Corporation SLsvc.exe 1276 Microsoft Software Licensing Service Microsoft Corporation svchost.exe 1308 Host Process for Windows Services Microsoft Corporation svchost.exe 1444 Host Process for Windows Services Microsoft Corporation spoolsv.exe 1692 Spooler SubSystem App Microsoft Corporation svchost.exe 1724 Host Process for Windows Services Microsoft Corporation AppleMobileDeviceService.exe 2552 Apple Mobile Device Service Apple Inc. avgwdsvc.exe 2580 AVG Watchdog Service AVG Technologies CZ, s.r.o. avgrsx.exe 3356 AVG Resident Shield Service AVG Technologies CZ, s.r.o. svchost.exe 2672 Host Process for Windows Services Microsoft Corporation svchost.exe 2836 Host Process for Windows Services Microsoft Corporation SearchIndexer.exe 2936 Microsoft Windows Search Indexer Microsoft Corporation SearchProtocolHost.exe 1480 Microsoft Windows Search Protocol Host Microsoft Corporation SearchFilterHost.exe 2376 Microsoft Windows Search Filter Host Microsoft Corporation SDWinSec.exe 3212 Spybot-S&D Security Center integration Safer Networking Ltd. usnsvc.exe 800 Messenger Sharing USN Journal Reader Service Microsoft Corporation lsass.exe 644 Local Security Authority Process Microsoft Corporation lsm.exe 652 Local Session Manager Service Microsoft Corporationcsrss.exe 564 Client Server Runtime Process Microsoft Corporationwinlogon.exe 752 Windows Logon Application Microsoft Corporationexplorer.exe 1996 Windows Explorer Microsoft Corporation ipoint.exe 1388 0.51 IPoint.exe Microsoft Corporation dpupdchk.exe 320 dpupdchk.exe Microsoft Corporation VolPanlu.exe 1460 VolPanlu.exe Creative Technology Ltd rundll32.exe 1584 Windows host process (Rundll32) Microsoft Corporation avgtray.exe 208 AVG Tray Monitor AVG Technologies CZ, s.r.o. itype.exe 344 IType.exe Microsoft Corporation jusched.exe 548 Java Platform SE binary Sun Microsystems, Inc. ehtray.exe 1812 Media Center Tray Applet Microsoft Corporation wmpnscfg.exe 2092 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation msnmsgr.exe 884 Windows Live Messenger Microsoft Corporation slsk.exe 3536 SoulSeek CTAudCS.exe 4932 Creative Audio Console Launcher Creative Technology Ltd YahooMessenger.exe 724 Yahoo! Messenger Yahoo! Inc. coolpro2.exe 5180 Cool Edit Pro Syntrillium Software Corporation procexp.exe 5324 Sysinternals Process Explorer Sysinternals - www.sysinternals.com uTorrent.exe 4192 µTorrent BitTorrent, Inc.realsched.exe 3164 RealNetworks Scheduler RealNetworks, Inc.Process: uTorrent.exe Pid: 4192Name Description Company Name VersionADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 6.0.6001.18000avgrsstx.dll AVG Resident Shield Starter AVG Technologies CZ, s.r.o. 8.0.0.223CLBCatQ.DLL COM+ Configuration Catalog Microsoft Corporation 2001.12.6931.18000COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.10.6001.18000comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.0.6001.18000dhcpcsvc.DLL DHCP Client Service Microsoft Corporation 6.0.6001.18000dhcpcsvc6.DLL DHCPv6 Client Microsoft Corporation 6.0.6001.18000DnsApi.dll DNS Client API DLL Microsoft Corporation 6.0.6001.18000FirewallAPI.dll Windows Firewall API Microsoft Corporation 6.0.6001.18000GDI32.dll GDI Client DLL Microsoft Corporation 6.0.6001.18159IMM32.DLL Multi-User Windows IMM32 API Client DLL Microsoft Corporation 6.0.6001.18000Iphlpapi.dll IP Helper API Microsoft Corporation 6.0.6001.18000kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 6.0.6001.18000locale.nls locale.nls LPK.DLL Language Pack Microsoft Corporation 6.0.6001.18000MSCTF.dll MSCTF Server DLL Microsoft Corporation 6.0.6001.18000msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.6001.18000mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 6.0.6001.18000napinsp.dll E-mail Naming Shim Provider Microsoft Corporation 6.0.6001.18000NLAapi.dll Network Location Awareness 2 Microsoft Corporation 6.0.6001.18000npmproxy.dll Network List Manager Proxy Microsoft Corporation 6.0.6000.16386NSI.dll NSI User-mode interface DLL Microsoft Corporation 6.0.6001.18000ntdll.dll NT Layer DLL Microsoft Corporation 6.0.6001.18000ole32.dll Microsoft OLE for Windows Microsoft Corporation 6.0.6001.18000oleaut32.dll Microsoft Corporation 6.0.6001.18000pnrpnsp.dll PNRP Name Space Provider Microsoft Corporation 6.0.6001.18000PSAPI.DLL Process Status Helper Microsoft Corporation 6.0.6000.16386rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 6.0.6000.16386RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 6.0.6001.18051rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 6.0.6001.18000Secur32.dll Security Support Provider Interface Microsoft Corporation 6.0.6001.18000SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.0.6001.18167shfolder.dll Shell Folder Service Microsoft Corporation 6.0.6000.16386SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.0.6001.18000USER32.dll Multi-User Windows USER API Client DLL Microsoft Corporation 6.0.6001.18000USERENV.dll Userenv Microsoft Corporation 6.0.6001.18000USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.626.6001.18000uTorrent.exe µTorrent BitTorrent, Inc. 1.8.3.14755uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.0.6001.18000VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 6.0.6001.18000WINNSI.DLL Network Store Information RPC interface Microsoft Corporation 6.0.6001.18000winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 6.0.6000.16386WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 6.0.6001.18000WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 6.0.6001.18000wship6.dll Winsock2 Helper DLL (TL/IPv6) Microsoft Corporation 6.0.6001.18000wshtcpip.dll Winsock2 Helper DLL (TL/IPv4) Microsoft Corporation 6.0.6001.18000HIJACKTHISLogfile of HijackThis v1.99.1Scan saved at 00:36:58, on 10/03/2009Platform: Unknown Windows (WinNT 6.00.1905 SP1)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Running processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exeC:\Windows\System32\rundll32.exeC:\Program Files\AVG\AVG8\avgtray.exeC:\Program Files\Microsoft IntelliType Pro\itype.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Windows\ehome\ehtray.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\Microsoft IntelliPoint\dpupdchk.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\SoulseekNS\slsk.exeC:\Program Files\Creative\SBAudigy\AudioCS\CTAudCS.exeC:\Program Files\Creative\ShareDLL\CADI\NotiMan.exeC:\Program Files\Winamp\winamp.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Yahoo!\Messenger\YahooMessenger.exeC:\Program Files\Internet Explorer\iexplore.exeC:\PROGRA~1\AVG\AVG8\aAvgApi.exeC:\Program Files\uTorrent\uTorrent.exeC:\Users\Kennie\Desktop\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.thetechguys.com/welcomeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLLO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLLO4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /rO4 - HKLM\..\Run: [P17RunE] "C:\Windows\system32\rundll32.exe" P17RunE.dll,RunDLLEntryO4 - HKLM\..\Run: [updReg] "C:\Windows\UpdReg.EXE"O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRunO4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exeO4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dllO11 - Options group: [iNTERNATIONAL] International*O13 - Gopher Prefix: O16 - DPF: {678940D3-080C-4FCE-A54D-D443E1177F01} - O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1234557292411&h=45ffc1fcf8281d4534ea12e42e40fc26/&filename=jinstall-6u12-windows-i586-jc.cabO16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLLO20 - AppInit_DLLs: avgrsstx.dllO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (file missing)O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exeO23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exeO23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) Link to comment Share on other sites More sharing options...
moogly Posted March 10, 2009 Report Share Posted March 10, 2009 You posted the same log twice, in addition you didn't select utorrent.exe and enable DLL mode (ctrl+d) in Proc Exp.Edit you post please. Link to comment Share on other sites More sharing options...
unklej Posted March 10, 2009 Report Share Posted March 10, 2009 Is it ok now? Link to comment Share on other sites More sharing options...
moogly Posted March 10, 2009 Report Share Posted March 10, 2009 Yes it's ok for logs.Are you running wireless? Because it can be a pbm with your drivers. Are they updated?Can you report the message you got during the BSOD. Link to comment Share on other sites More sharing options...
unklej Posted March 10, 2009 Report Share Posted March 10, 2009 No, I'm not running wireless.MULTIPLE IRQ COMPLETE REQUESTSNext time it comes up I'll try and get some more info. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.