Crashes with Vista

[dotEXE]

I installed utorrent at my father's Vista laptop at his request. It has an AMD Turion 64 x2 processor and uses NOD32 as the antivirus software. I've read that NOD32's IMON might be the cause, but I can't seem to find the IMON module anywhere. The funny thing is that yesterday, we were able to finish downloading and now we can't even get five minutes while utorrent is open before the laptop crashes? Please help. Thanks in advance.

[moogly]

You have to post Hijackthis and Process Explorer logs when uT is running.

Guide: http://forum.utorrent.com/viewtopic.php?id=29748

Dont forget to select utorrent.exe and enable DLL mode (ctrl+d) in PE.

Maybe IMON is not the culprit.

[dotEXE]

OK, here is the HJT Log:

--------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:37:23 AM, on 3/9/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16809)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Windows\RtHDVCpl.exe

C:\Program Files\Toshiba\ConfigFree\NDSTray.exe

C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Protector Suite QL\psqltray.exe

C:\Program Files\Toshiba\SmoothView\SmoothView.exe

C:\Program Files\Toshiba\FlashCards\TCrdMain.exe

C:\Program Files\Toshiba\Utilities\KeNotify.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\tsnpstd3.exe

C:\Windows\vsnpstd3.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe

O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/CursorManiaFWBInitialSetup1.0.1.0.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe

O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--

End of file - 11798 bytes

--------------------------------------

and the Process Explorer Log

--------------------------------------

Process PID CPU Description Company Name

System Idle Process 0 96.15

Interrupts n/a Hardware Interrupts

DPCs n/a Deferred Procedure Calls

System 4 0.77

smss.exe 396

csrss.exe 524

wininit.exe 572

services.exe 616 0.77

svchost.exe 836

ehmsas.exe 2596 Media Center Media Status Aggregator Service Microsoft Corporation

unsecapp.exe 3576 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation

WmiPrvSE.exe 4164

PresentationFontCache.exe 880

svchost.exe 924

svchost.exe 972

Ati2evxx.exe 1032

Ati2evxx.exe 1480

svchost.exe 1068

audiodg.exe 1196

svchost.exe 1104

dwm.exe 2308 0.77 Desktop Window Manager Microsoft Corporation

svchost.exe 1120

taskeng.exe 3108

taskeng.exe 3388 Task Scheduler Engine Microsoft Corporation

wuauclt.exe 5144 Windows Update Automatic Updates Microsoft Corporation

SLsvc.exe 1312

svchost.exe 1372

svchost.exe 1540

spoolsv.exe 1984 0.77

svchost.exe 2008

agrsmsvc.exe 1896

AppleMobileDeviceService.exe 1948

mDNSResponder.exe 1912

CFSvcs.exe 252

ekrn.exe 1388

svchost.exe 1860

PIFSvc.exe 2052

MDM.EXE 2064

svchost.exe 2108

pinger.exe 2144

svchost.exe 2180

svchost.exe 2196

svchost.exe 2360

swupdtmr.exe 2412

TNaviSrv.exe 2468

TODDSrv.exe 2496

TosCoSrv.exe 2528

TosBtSrv.exe 2544

ULCDRSvr.exe 2612

svchost.exe 2640

SearchIndexer.exe 2664

iPodService.exe 1808

lsass.exe 628

lsm.exe 636

csrss.exe 580

winlogon.exe 684

upeksvr.exe 1644

explorer.exe 2404 Windows Explorer Microsoft Corporation

Apoint.exe 2996 Alps Pointing-device Driver Alps Electric Co., Ltd.

ApMsgFwd.exe 3796

MSASCui.exe 3068 Windows Defender User Interface Microsoft Corporation

RtHDVCpl.exe 3284 HD Audio Control Panel Realtek Semiconductor

NDSTray.exe 3316 ConfigFree tray TOSHIBA CORPORATION

CFSwMgr.exe 4108 ConfigFree Switch Manager TOSHIBA CORPORATION

TPwrMain.exe 3368 TOSHIBA Power Saver TOSHIBA Corporation

SmoothView.exe 3440 SmoothView TOSHIBA Corporation

TCrdMain.exe 3520 TOSHIBA Flash Cards TOSHIBA Corporation

KeNotify.exe 3788

GoogleDesktop.exe 3820 Google Desktop Google

hpwuSchd2.exe 3836 Hewlett-Packard Product Assistant Hewlett-Packard Co.

PIFSvc.exe 3844 LiveUpdate Notice Service Symantec Corporation

GrooveMonitor.exe 3872 GrooveMonitor Utility Microsoft Corporation

egui.exe 3880 Eset GUI ESET

tsnpstd3.exe 3908 tsnp2std Microsoft SONIX

vsnpstd3.exe 3920 CameraMonitor Application

iTunesHelper.exe 3936 iTunesHelper Module Apple Inc.

TOSCDSPD.exe 3952 CD/DVD Drive Acoustic Silencer TOSHIBA

ehtray.exe 3968 Media Center Tray Applet Microsoft Corporation

hpqtra08.exe 4016 HP Digital Imaging Monitor Hewlett-Packard Co.

hpqste08.exe 3200 HP CUE Status Root Hewlett-Packard Co.

firefox.exe 5680 Firefox Mozilla Corporation

WinRAR.exe 3680 WinRAR archiver Alexander Roshal

procexp.exe 5572 1.54 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

MOM.exe 3228 Catalyst Control Center: Monitoring program ATI Technologies Inc.

CCC.exe 2620 Catalyst Control Centre: Host application ATI Technologies Inc.

psqltray.exe 3428 Fingerprint Tray Application UPEK Inc.

ApntEx.exe 3900 Alps Pointing-device Driver for Windows NT/2000/XP/Vista Alps Electric Co., Ltd.

Ymsgr_tray.exe 4536 Yahoo! Messenger Tray Yahoo! Inc.

---------------------------------------

I have another laptop that also uses NOD32 as the antivirus but it only has an Intel Celeron processor and runs Windows XP. I had utorrent installed in that laptop for a long time now, and not once have I experienced a crash.

[Firon]

Only NOD32 2.7 has the IMON feature.

If the computer itself is crashing, turn off automatic rebooting on BSODs and write down everything on the crash screen.

http://vistasupport.mvps.org/disable_automatic_restart_to_read_blue_screen_messages.htm

[dotEXE]

Ok thanks, I'll try that. I don't get BSOD's however, the laptop (the one with Vista) just locks up and becomes unresponsive to anything (doesn't recognize key strokes, mouse movement and the LED that blinks up when the computer is busy is not blinking).

[unklej]

Hi, I'm having the same problem. BSOD when uTorrent is running, hope someone can help me out.

Thanks in advance.

PROCESS EXPLORER

Process PID CPU Description Company Name

System Idle Process 0 97.95

Interrupts n/a Hardware Interrupts

DPCs n/a 1.03 Deferred Procedure Calls

System 4

smss.exe 416 Windows Session Manager Microsoft Corporation

csrss.exe 492 Client Server Runtime Process Microsoft Corporation

wininit.exe 552 Windows Start-Up Application Microsoft Corporation

services.exe 604 Services and Controller app Microsoft Corporation

svchost.exe 892 Host Process for Windows Services Microsoft Corporation

ehmsas.exe 1240 Media Center Media Status Aggregator Service Microsoft Corporation

unsecapp.exe 3960 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation

WmiPrvSE.exe 3980 WMI Provider Host Microsoft Corporation

NotiMan.exe 4996 Notification Manager Creative Technology Ltd.

winamp.exe 4160 Winamp Nullsoft

WmiPrvSE.exe 5148 WMI Provider Host Microsoft Corporation

iexplore.exe 5012 Internet Explorer Microsoft Corporation

aAvgApi.exe 4652 AVG Security Toolbar broker AVG Technologies CZ, s.r.o.

svchost.exe 952 Host Process for Windows Services Microsoft Corporation

svchost.exe 996 Host Process for Windows Services Microsoft Corporation

svchost.exe 1084 Host Process for Windows Services Microsoft Corporation

audiodg.exe 1204 Windows Audio Device Graph Isolation Microsoft Corporation

svchost.exe 1112 Host Process for Windows Services Microsoft Corporation

dwm.exe 1896 0.51 Desktop Window Manager Microsoft Corporation

svchost.exe 1140 Host Process for Windows Services Microsoft Corporation

taskeng.exe 2012 Task Scheduler Engine Microsoft Corporation

taskeng.exe 1452 Task Scheduler Engine Microsoft Corporation

SLsvc.exe 1276 Microsoft Software Licensing Service Microsoft Corporation

svchost.exe 1308 Host Process for Windows Services Microsoft Corporation

svchost.exe 1444 Host Process for Windows Services Microsoft Corporation

spoolsv.exe 1692 Spooler SubSystem App Microsoft Corporation

svchost.exe 1724 Host Process for Windows Services Microsoft Corporation

AppleMobileDeviceService.exe 2552 Apple Mobile Device Service Apple Inc.

avgwdsvc.exe 2580 AVG Watchdog Service AVG Technologies CZ, s.r.o.

avgrsx.exe 3356 AVG Resident Shield Service AVG Technologies CZ, s.r.o.

svchost.exe 2672 Host Process for Windows Services Microsoft Corporation

svchost.exe 2836 Host Process for Windows Services Microsoft Corporation

SearchIndexer.exe 2936 Microsoft Windows Search Indexer Microsoft Corporation

SearchProtocolHost.exe 1480 Microsoft Windows Search Protocol Host Microsoft Corporation

SearchFilterHost.exe 2376 Microsoft Windows Search Filter Host Microsoft Corporation

SDWinSec.exe 3212 Spybot-S&D Security Center integration Safer Networking Ltd.

usnsvc.exe 800 Messenger Sharing USN Journal Reader Service Microsoft Corporation

lsass.exe 644 Local Security Authority Process Microsoft Corporation

lsm.exe 652 Local Session Manager Service Microsoft Corporation

csrss.exe 564 Client Server Runtime Process Microsoft Corporation

winlogon.exe 752 Windows Logon Application Microsoft Corporation

explorer.exe 1996 Windows Explorer Microsoft Corporation

ipoint.exe 1388 0.51 IPoint.exe Microsoft Corporation

dpupdchk.exe 320 dpupdchk.exe Microsoft Corporation

VolPanlu.exe 1460 VolPanlu.exe Creative Technology Ltd

rundll32.exe 1584 Windows host process (Rundll32) Microsoft Corporation

avgtray.exe 208 AVG Tray Monitor AVG Technologies CZ, s.r.o.

itype.exe 344 IType.exe Microsoft Corporation

jusched.exe 548 Java Platform SE binary Sun Microsystems, Inc.

ehtray.exe 1812 Media Center Tray Applet Microsoft Corporation

wmpnscfg.exe 2092 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation

msnmsgr.exe 884 Windows Live Messenger Microsoft Corporation

slsk.exe 3536 SoulSeek

CTAudCS.exe 4932 Creative Audio Console Launcher Creative Technology Ltd

YahooMessenger.exe 724 Yahoo! Messenger Yahoo! Inc.

coolpro2.exe 5180 Cool Edit Pro Syntrillium Software Corporation

procexp.exe 5324 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

uTorrent.exe 4192 µTorrent BitTorrent, Inc.

realsched.exe 3164 RealNetworks Scheduler RealNetworks, Inc.

Process: uTorrent.exe Pid: 4192

Name Description Company Name Version

ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 6.0.6001.18000

avgrsstx.dll AVG Resident Shield Starter AVG Technologies CZ, s.r.o. 8.0.0.223

CLBCatQ.DLL COM+ Configuration Catalog Microsoft Corporation 2001.12.6931.18000

COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.10.6001.18000

comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.0.6001.18000

dhcpcsvc.DLL DHCP Client Service Microsoft Corporation 6.0.6001.18000

dhcpcsvc6.DLL DHCPv6 Client Microsoft Corporation 6.0.6001.18000

DnsApi.dll DNS Client API DLL Microsoft Corporation 6.0.6001.18000

FirewallAPI.dll Windows Firewall API Microsoft Corporation 6.0.6001.18000

GDI32.dll GDI Client DLL Microsoft Corporation 6.0.6001.18159

IMM32.DLL Multi-User Windows IMM32 API Client DLL Microsoft Corporation 6.0.6001.18000

Iphlpapi.dll IP Helper API Microsoft Corporation 6.0.6001.18000

kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 6.0.6001.18000

locale.nls

locale.nls

LPK.DLL Language Pack Microsoft Corporation 6.0.6001.18000

MSCTF.dll MSCTF Server DLL Microsoft Corporation 6.0.6001.18000

msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.6001.18000

mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 6.0.6001.18000

napinsp.dll E-mail Naming Shim Provider Microsoft Corporation 6.0.6001.18000

NLAapi.dll Network Location Awareness 2 Microsoft Corporation 6.0.6001.18000

npmproxy.dll Network List Manager Proxy Microsoft Corporation 6.0.6000.16386

NSI.dll NSI User-mode interface DLL Microsoft Corporation 6.0.6001.18000

ntdll.dll NT Layer DLL Microsoft Corporation 6.0.6001.18000

ole32.dll Microsoft OLE for Windows Microsoft Corporation 6.0.6001.18000

oleaut32.dll Microsoft Corporation 6.0.6001.18000

pnrpnsp.dll PNRP Name Space Provider Microsoft Corporation 6.0.6001.18000

PSAPI.DLL Process Status Helper Microsoft Corporation 6.0.6000.16386

rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 6.0.6000.16386

RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 6.0.6001.18051

rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 6.0.6001.18000

Secur32.dll Security Support Provider Interface Microsoft Corporation 6.0.6001.18000

SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.0.6001.18167

shfolder.dll Shell Folder Service Microsoft Corporation 6.0.6000.16386

SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.0.6001.18000

USER32.dll Multi-User Windows USER API Client DLL Microsoft Corporation 6.0.6001.18000

USERENV.dll Userenv Microsoft Corporation 6.0.6001.18000

USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.626.6001.18000

uTorrent.exe µTorrent BitTorrent, Inc. 1.8.3.14755

uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.0.6001.18000

VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 6.0.6001.18000

WINNSI.DLL Network Store Information RPC interface Microsoft Corporation 6.0.6001.18000

winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 6.0.6000.16386

WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 6.0.6001.18000

WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 6.0.6001.18000

wship6.dll Winsock2 Helper DLL (TL/IPv6) Microsoft Corporation 6.0.6001.18000

wshtcpip.dll Winsock2 Helper DLL (TL/IPv4) Microsoft Corporation 6.0.6001.18000

HIJACKTHIS

Logfile of HijackThis v1.99.1

Scan saved at 00:36:58, on 10/03/2009

Platform: Unknown Windows (WinNT 6.00.1905 SP1)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\SoulseekNS\slsk.exe

C:\Program Files\Creative\SBAudigy\AudioCS\CTAudCS.exe

C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\AVG\AVG8\aAvgApi.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Users\Kennie\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.thetechguys.com/welcome

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r

O4 - HKLM\..\Run: [P17RunE] "C:\Windows\system32\rundll32.exe" P17RunE.dll,RunDLLEntry

O4 - HKLM\..\Run: [updReg] "C:\Windows\UpdReg.EXE"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {678940D3-080C-4FCE-A54D-D443E1177F01} -

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1234557292411&h=45ffc1fcf8281d4534ea12e42e40fc26/&filename=jinstall-6u12-windows-i586-jc.cab

O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} -

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (file missing)

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

[moogly]

You posted the same log twice, in addition you didn't select utorrent.exe and enable DLL mode (ctrl+d) in Proc Exp.

Edit you post please.

[unklej]

Is it ok now?

[moogly]

Yes it's ok for logs.

Are you running wireless? Because it can be a pbm with your drivers. Are they updated?

Can you report the message you got during the BSOD.

[unklej]

No, I'm not running wireless.

MULTIPLE IRQ COMPLETE REQUESTS

Next time it comes up I'll try and get some more info.