darkshadow0202 Posted March 25, 2009 Report Share Posted March 25, 2009 highjack this:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:15:35 PM, on 3/25/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v8.00 (8.00.6001.18241)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\DisplayLink Core Software\DisplayLinkUI.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\rundll32.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\system32\RUNDLL32.EXEC:\Program Files\BitDefender\BitDefender 2009\bdagent.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\BitDefender\BitDefender 2009\seccenter.exeC:\Program Files\ScanSoft\PaperPort\pptd40nt.exeC:\Program Files\RocketDock\RocketDock.exeC:\Program Files\Mozilla Firefox 3.1 Beta 1\firefox.exeC:\Program Files\Roxio Creator 2009 Ultimate\5.0\CPMonitor.exeC:\Windows\system32\wuauclt.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Startup Faster\sfAgent.exeC:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLLO3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dllO4 - HKLM\..\Run: [startupFaster] "C:\Program Files\Startup Faster\startuploader.exe" -run SFAURUN SFCURUN SFAUSTARTUP SFCUSTARTUPO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - Global Startup: StartupFasterO8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htmO8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htmO8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO13 - Gopher Prefix: O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet ZoneO15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet ZoneO15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet ZoneO15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet ZoneO15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet ZoneO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dllO23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exeO23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exeO23 - Service: DisplayLink Service (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUPnPRenderer11.exeO23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009 Ultimate\Digital Home 11\RoxioUpnpService11.exeO23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exeO23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exeO23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exeO23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exeO23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exeO23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exeO23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exeO23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe--End of file - 6970 bytes~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Procexp or process explorer (whatever u wana call it)Process PID CPU Description Company NameSystem Idle Process 0 82.72 Interrupts n/a Hardware Interrupts DPCs n/a 0.77 Deferred Procedure Calls System 4 4.64 smss.exe 452 Windows Session Manager Microsoft Corporationcsrss.exe 584 Client Server Runtime Process Microsoft Corporationwininit.exe 636 Windows Start-Up Application Microsoft Corporation services.exe 680 Services and Controller app Microsoft Corporation svchost.exe 884 Host Process for Windows Services Microsoft Corporation dllhost.exe 1784 COM Surrogate Microsoft Corporation WmiPrvSE.exe 3692 WMI Provider Host Microsoft Corporation svchost.exe 944 Host Process for Windows Services Microsoft Corporation livesrv.exe 1040 BitDefender Update Service BitDefender SRL vsserv.exe 1100 BitDefender Security Service BitDefender S. R. L. svchost.exe 1172 Host Process for Windows Services Microsoft Corporation audiodg.exe 1324 Windows Audio Device Graph Isolation Microsoft Corporation svchost.exe 1200 2.32 Host Process for Windows Services Microsoft Corporation dwm.exe 1984 1.55 Desktop Window Manager Microsoft Corporation WUDFHost.exe 2820 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation svchost.exe 1212 Host Process for Windows Services Microsoft Corporation taskeng.exe 368 Task Scheduler Engine Microsoft Corporation taskeng.exe 2868 Task Scheduler Engine Microsoft Corporation wuauclt.exe 3476 Windows Update Automatic Updates Microsoft Corporation taskeng.exe 3028 Task Scheduler Engine Microsoft Corporation svchost.exe 1380 Host Process for Windows Services Microsoft Corporation SLsvc.exe 1416 Microsoft Software Licensing Service Microsoft Corporation svchost.exe 1452 Host Process for Windows Services Microsoft Corporation DisplayLinkService.exe 1664 DisplayLinkSerivce Application DisplayLink Corp. DisplayLinkManager.exe 460 DisplayLinkManager Application DisplayLink Corp. DisplayLinkUI.exe 1508 DisplayLinkUI.exe svchost.exe 1740 Host Process for Windows Services Microsoft Corporation spoolsv.exe 212 Spooler SubSystem App Microsoft Corporation svchost.exe 332 Host Process for Windows Services Microsoft Corporation SaibSVC.exe 1624 SaibSVC Application mbamservice.exe 2148 0.77 Malwarebytes' Anti-Malware Malwarebytes Corporation svchost.exe 2208 Host Process for Windows Services Microsoft Corporation stacsv.exe 2484 STacSV Module IDT, Inc. svchost.exe 2520 Host Process for Windows Services Microsoft Corporation TUProgSt.exe 2544 TuneUp Program Statistics Service TuneUp Software svchost.exe 2572 Host Process for Windows Services Microsoft Corporation SearchIndexer.exe 2608 Microsoft Windows Search Indexer Microsoft Corporation SearchProtocolHost.exe 176 Microsoft Windows Search Protocol Host Microsoft Corporation SearchFilterHost.exe 3568 Microsoft Windows Search Filter Host Microsoft Corporation wmpnetwk.exe 3820 Windows Media Player Network Sharing Service Microsoft Corporation lsass.exe 692 Local Security Authority Process Microsoft Corporation lsm.exe 700 Local Session Manager Service Microsoft Corporationcsrss.exe 648 Client Server Runtime Process Microsoft Corporationwinlogon.exe 776 Windows Logon Application Microsoft Corporationexplorer.exe 324 1.55 Windows Explorer Microsoft Corporation wmpnscfg.exe 3780 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation firefox.exe 3548 Firefox Mozilla Corporation WinRAR.exe 3508 WinRAR archiver Alexander Roshal procexp.exe 2340 4.64 Sysinternals Process Explorer Sysinternals - www.sysinternals.com vlc.exe 3052 VLC media player the VideoLAN Teamrundll32.exe 3412 Windows host process (Rundll32) Microsoft Corporationrundll32.exe 1060 Windows host process (Rundll32) Microsoft Corporationbdagent.exe 4068 1.55 BitDefender Agent BitDefender S.R.L. seccenter.exe 2368 BitDefender Security Center GrooveMonitor.exe 708 GrooveMonitor Utility Microsoft Corporationpptd40nt.exe 2476 PaperPort Print to Desktop for NT Nuance Communications, Inc.RocketDock.exe 3364 CPMonitor.exe 3012 CPMonitor Application mbamgui.exe 2708 Malwarebytes' Anti-Malware Malwarebytes CorporationSFAgent.exe 1056 Startup Faster! - Boot Windows faster. URSoft,IncHijackThis.exe 1852 HijackThis Trend Micro Inc. notepad.exe 1752 Notepad Microsoft Corporation~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~i dont know how the problem started but the frezzez are killing me plz solve this for meand this happend yesterday it froze without downloading anything , the only think was runnung was firefox, vlc media player and bitdefender why did it froze?SONY VAIO Link to comment Share on other sites More sharing options...
Ultima Posted March 25, 2009 Report Share Posted March 25, 2009 What happened to the DLL list that Process Explorer should have for µTorrent?Also...When µTorrent freezes, you can actually force a crash dump to be generated, like so:In the Windows Task Manager or Process Explorer, look for the [PID] of the µTorrent process. From there, File > Run > ntsd.exe -p [PID] -e [PID] -c ".dump c:\jit.dmp;q"where [PID] needs to be replaced with the PID of the µTorrent process found in the process list viewer (don't include square brackets). The resulting dump can be found as c:\jit.dmp. Do this when µTorrent hangs, and post the dump.Under Windows Vista, ntsd.exe no longer comes installed by default. In this case, users can force a crash dump to be generated via Task Manager's right-click context menu for the µTorrent process, compress it, then upload it.Upload the dump to mediafire.com or savefile.com. Link to comment Share on other sites More sharing options...
darkshadow0202 Posted March 26, 2009 Author Report Share Posted March 26, 2009 then how do i get dll to work? does registry cleaner remove that type of things?and i really got confused with the crash bump.sorry for the slow response T.T Link to comment Share on other sites More sharing options...
moogly Posted March 26, 2009 Report Share Posted March 26, 2009 In Process Explorer select utorrent.exe and enable DLL mode (ctrl+d). So repost the log of PE. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.