error 73?

[mison]

u torrent will work till the conection turns green. then the program freezes and it comes up with an error message called error 73.

[jewelisheaven]

How long after starting does this happen? Is it repeatable after a timeframe or time-of-day? Screenshot of the error maybe? You can use http://imageshack.us

[mison]

all it says is:

error 73: -1/16397/0/1

it happens after the network connection thing at the bottom of the screen turns green. and it happens every time i try to use utorrent

[jewelisheaven]

What version of uT are you using, In the window, Alt-H-A (Help menu in the bar, then About)..

[mison]

1.8.2

[DreadWingKnight]

Where's the screenshot that was requested?

[mison]

theres nothing 2 c xcept that. but if u rly need it?

[kellygreen]

I am also experiencing this error, exactly the same. The numbers inbetween -1 and 0/01 are always different, though.

For example, I've also had -1/1460/0/01 and -1/2920/0/01.

It started yesterday afternoon for no reason that I can figure.

http://s284.photobucket.com/albums/ll28/kellygreen9/?action=view&current=error73.jpg

PrtScn of it occuring. After that I have to End Program to get the window to close.

[DreadWingKnight]

http://forum.utorrent.com/viewtopic.php?id=29748 <-- both logs please.

[mauda3]

hello, I have the same problem as kellygreen, but i only get the error 73: -1/1460/0/01 after about a minute and utorrent crashes

the only way I can avoid it is by pausing all torrents. but as soon as I get even just one started again, utorrent crashes with the error 73: -1/1460/0/01

this is what I get from windows error report, I don't know if it helps

szAppName : uTorrent.exe szAppVer : 1.8.2.15227 szModName : hungapp

szModVer : 0.0.0.0 offset : 00000000

C:\DOCUME~1\mauda\LOCALS~1\Temp\WER5a82.dir00\uTorrent.exe.mdmp

C:\DOCUME~1\mauda\LOCALS~1\Temp\WER5a82.dir00\appcompat.txt

and this is from hijackthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:57:24, on 27/04/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\Program Files\Synaptics\SynTP\Toshiba.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\winlogon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Documents and Settings\mauda\Local Settings\Temporary Internet Files\Content.IE5\D9HO2TCV\HiJackThis[1].exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [awomu] c:\documents and settings\mauda\local settings\application data\awomu.exe awomu

O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"

O4 - HKCU\..\Run: [PoliceAV] C:\Program Files\XPPoliceAntivirus\xppolice.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-21-941708952-1740525327-3241195035-501\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User 'Invité')

O4 - HKUS\S-1-5-21-941708952-1740525327-3241195035-501\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Invité')

O4 - HKUS\S-1-5-21-941708952-1740525327-3241195035-501\..\Run: [miaeu] "c:\documents and settings\invité\local settings\application data\miaeu.exe" miaeu (User 'Invité')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-21-941708952-1740525327-3241195035-501 Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe (User 'Invité')

O4 - S-1-5-21-941708952-1740525327-3241195035-501 User Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe (User 'Invité')

O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\msntb.dll/search.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\mauda\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211844958609

O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1233948316088&h=ea2b006bd37f50266cc0d74204c83eaa/&filename=jinstall-6u11-windows-i586-jc.cab

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\..\svchost.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe

O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--

End of file - 14738 bytes

thanks everyone and excuse my english, it's only my second language

[epikorous]

I am also experiencing this error,

could be a virus?

it started yesterday

screen :

http://s668.photobucket.com/albums/vv41/epikorous/?action=view&current=carsh.jpg

this is NOT a version problem, I am using version 1.8.2 but I installed it yesterday just because I thought it might fix the problem. before I was using v 1.7.6

[mison]

the files that are crashing are also from the temp folder in my case. im not sure but i think the same names aswell.

[mauda3]

hello again

here are the links to some of my crashdumps

http://www.zshare.net/download/592655151bc2a864/

http://www.zshare.net/download/59265599b77866bf/

http://www.zshare.net/download/59265616a58d7b08/

thank you guys

[epikorous]

Well I activated windows in safe mode, and used HijackThis to fix all the reg problems he found.

this was half an hour ago, and so far utorrent did not crash even once, hopefully it will stay like this.

[mauda3]

how can you make hijackthis find the problems ? it tells me that scan results do not determine whether an item is bad or not

[epikorous]

you are right it can't determine whether an item is bad or not, however I decided to fix all the items he found, because my computer had a few "health" problems this week, and I found a few trojans in virus scan, I thought it might help, and it did

[jewelisheaven]

The reason that the logs are requested is because the programs to create them are 1) simple to use 2) generally used elsewhere for troubleshooting and 3) get a general idea about specific parts of your computer which may be interacting with uT.

Indeed as epikorous said, HJT through its specific identification by numbering of parts of your system, means if you see things as 023: Service which are not from Windows or you (or the one helping you troubleshoot) doesn't recognize, then you may have a problem. Additionally 02: BHO and 20: Appinit are commonly used by trojan/rootkits to keep themselves in memory and redownload... for cases like that a manual removal is HIGHLY tedious and simply being able to restart in limited Safe Mode and having the program clean up the suspicious files on reboot is a godsend.

epikorous, do you remember if it cleaned up any 02, 20, or 23 section problems?

So mison, kellygreen, please follow mauda3's example and post the logfiles requested.

mauda3, if you could post the output from the other program, Process Explorer (procexp.exe) it may show exactly what's in uT. The logfile it creates when you select the utorrent.exe shows EXACTLY what's loaded into RAM. This in-memory problem is the most common reason for uT crashes.

Also mauda you have at least one suspicious program installed O4 - HKCU\..\Run: [awomu] c:\documents and settings\mauda\local settings\application data\awomu.exe awomu You can verify for yourself what other AV has to say about it by uploading it to http://virustotal.com

[epikorous]

this is my log file from HijackThis that I saves BEFORE I fixed problem:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:24:52, on 27/04/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\tsnp325.exe

C:\WINDOWS\vsnp325.exe

C:\Program Files\TP-LINK\TWCU\TWCU.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\SNIR\Desktop\ProcessExplorer\procexp.exe

C:\WINDOWS\system32\NOTEPAD.EXE

E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.colman.ac.il/Pages/default.aspx

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.not.co.il/%s

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: D - {582167AB-48CF-3DCA-8F8E-070EE4ED2E51} - C:\WINDOWS\system32\xwr93500.dll (file missing)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: 179223 helper - {B3FA56CF-B3F9-4328-9802-CFAACEA86646} - C:\WINDOWS\system32\179223\179223.dll (file missing)

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe

O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe

O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui

O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Auslogics BoostSpeed 4] c:\Program Files\Auslogics\AusLogics BoostSpeed\boostspeed.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O8 - Extra context menu item: &ייצוא אל Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: שלח אל OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: ש&לח אל OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230314460359

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

O23 - Service: websrvx - Unknown owner - C:\Program Files\websrvx\websrvx.exe (file missing)

O24 - Desktop Component 0: (no name) - http://www.102fm.co.il/Front/images/player_volume.gif

--

End of file - 9617 bytes

there are a few 02, and 23 section problems

[jewelisheaven]

yup 2 BHO clickjack (likely how they got in) 2 EXEs in \Windows :/ and the service. After that was all removed, you're good to go then?

Good job in poking at it until you fixed it

[mauda3]

hello once again

here is the output from process explorer

Process PID CPU Description Company Name

System Idle Process 0 55.15

Interrupts n/a 0.74 Hardware Interrupts

DPCs n/a Deferred Procedure Calls

System 4

smss.exe 1296 Gestionnaire de session Windows NT Microsoft Corporation

csrss.exe 1392 Client Server Runtime Process Microsoft Corporation

winlogon.exe 1416 Application d'ouverture de session Windows NT Microsoft Corporation

services.exe 1460 4.41 Applications Services et Contrôleur Microsoft Corporation

svchost.exe 1684 Generic Host Process for Win32 Services Microsoft Corporation

ehmsas.exe 3728 Media Center Media Status Aggregator Service Microsoft Corporation

Dot1XCfg.exe 3884 Intel 802.1x Server Intel Corporation

MPAPI3s.exe 2332 Mobile Phone API Nokia Corporation

DATALA~1.EXE 3196 DataLayer 2.0 Module Nokia Mobile Phones Ltd.

svchost.exe 1788 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1992 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 2040 Generic Host Process for Win32 Services Microsoft Corporation

EvtEng.exe 212 Intel® PROSet/Wireless Event Log Intel Corporation

S24EvMon.exe 356 5.15 Wireless Management Service Intel Corporation

svchost.exe 704 Generic Host Process for Win32 Services Microsoft Corporation

spoolsv.exe 1080 Spooler SubSystem App Microsoft Corporation

svchost.exe 564 Generic Host Process for Win32 Services Microsoft Corporation

AppleMobileDeviceService.exe 612 Apple Mobile Device Service Apple Inc.

avp.exe 632

mDNSResponder.exe 676 Bonjour Service Apple Inc.

CFSvcs.exe 792 Service of ConfigFree. TOSHIBA CORPORATION

ehrecvr.exe 936 Media Center Receiver Service Microsoft Corporation

ehSched.exe 1192 Service de planification Media Center Microsoft Corporation

jqs.exe 1308 Java Quick Starter Service Sun Microsystems, Inc.

nvsvc32.exe 1384 NVIDIA Driver Helper Service, Version 84.68 NVIDIA Corporation

RegSrvc.exe 1964 Intel® PROSet/Wireless Registry Service Intel Corporation

svchost.exe 244 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 928 Generic Host Process for Win32 Services Microsoft Corporation

TAPPSRV.exe 996 TOSHIBA TAPPSRV TOSHIBA Corp.

X10nets.exe 1980 X10 Module X10

mcrdsvc.exe 2176 MCRD Device Service Microsoft Corporation

dllhost.exe 3212 0.74 COM Surrogate Microsoft Corporation

alg.exe 3436 Application Layer Gateway Service Microsoft Corporation

wmiapsrv.exe 3916 Service de la carte de performance WMI Microsoft Corporation

ServiceLayer.exe 3356 ServiceLayer Module Nokia.

iPodService.exe 3504 iPodService Module Apple Inc.

lsass.exe 1472 LSA Shell (Export Version) Microsoft Corporation

explorer.exe 2660 Explorateur Windows Microsoft Corporation

ehtray.exe 3668 Media Center Tray Applet Microsoft Corporation

rundll32.exe 3784 Exécuter une DLL en tant qu'application Microsoft Corporation

SynTPEnh.exe 3792 0.74 Synaptics TouchPad Enhancements Synaptics, Inc.

Toshiba.exe 3392 Toshiba Custom PlugIn Application Synaptics, Inc.

RTHDCPL.exe 3592 Realtek HD Audio Control Panel Realtek Semiconductor Corp.

ltmoh.exe 4088 LtMoh MFC Application Agere Systems

agrsmmsg.exe 484 SoftModem Messaging Applet Agere Systems

THotkey.exe 504 Hotkey Utility TOSHIBA

TPSMain.exe 1924 TOSHIBA Corporation

TPSBattM.exe 620 TOSHIBA Corporation

TvsTray.exe 404 TOSHIBA Virtual Sound Taskbar Module TOSHIBA Corporation

SmoothView.exe 788 0.74 SmoothView TOSHIBA Corporation

DLACTRLW.EXE 804 Drive Letter Access Component Sonic Solutions

ZCfgSvc.exe 860 ZeroCfgSvc MFC Application Intel Corporation

iFrmewrk.exe 1116 4.41 Intel Framework MFC Application Intel Corporation

realsched.exe 2068 RealNetworks Scheduler RealNetworks, Inc.

hpwuSchd2.exe 1588 hpwuSchd Application Hewlett-Packard

LAUNCH~1.EXE 4060 PC Suite Nokia

avp.exe 1552

jusched.exe 140 Java Platform SE binary Sun Microsystems, Inc.

iTunesHelper.exe 700 iTunesHelper Module Apple Inc.

ctfmon.exe 3172 0.74 CTF Loader Microsoft Corporation

TOSCDSPD.exe 3660 CD/DVD Drive Acoustic Silencer TOSHIBA

msnmsgr.exe 3900 Windows Live Messenger Microsoft Corporation

PcSync2.exe 1204 PC Sync Time Information Services Ltd.

veohwebplayer.exe 3292 Veoh Web Player Beta Veoh Networks

TeaTimer.exe 3856 5.15 System settings protector Safer-Networking Ltd.

hpqtra08.exe 3688 HP Digital Imaging Monitor Hewlett-Packard Development Company, L.P.

hpqste08.exe 152 HP CUE Status Hewlett-Packard Development Company, L.P.

procexp.exe 2024 2.94 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

uTorrent.exe 3812 19.12 µTorrent BitTorrent, Inc.

rundll32.exe 3844 Exécuter une DLL en tant qu'application Microsoft Corporation

iexplore.exe 3600 Internet Explorer Microsoft Corporation

Process: uTorrent.exe Pid: 3812

Name Description Company Name Version

ACTIVEDS.dll DLL de la couche de routage AD Microsoft Corporation 5.1.2600.5512

adsldpc.dll DLL C du fournisseur LDAP AD Microsoft Corporation 5.1.2600.5512

ADVAPI32.dll API avancées Windows 32 Microsoft Corporation 5.1.2600.5755

ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.5.2284.1

CLBCATQ.DLL Microsoft Corporation 2001.12.4414.700

COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.0.2900.5512

comdlg32.dll DLL commune de boîtes de dialogues Microsoft Corporation 6.0.2900.5512

COMRes.dll Microsoft Corporation 2001.12.4414.700

credui.dll Interface utilisateur du gestionnaire d'informations d'identification Microsoft Corporation 5.1.2600.5512

CRYPT32.dll Crypto API32 Microsoft Corporation 5.131.2600.5512

ctype.nls

DnsApi.dll DNS Client API DLL Microsoft Corporation 5.1.2600.5625

dot3api.dll API de configuration 802.3 Microsoft Corporation 5.1.2600.5512

dot3dlg.dll Application d'assistance de l'IU 802.3 Microsoft Corporation 5.1.2600.5512

eappcfg.dll Configuration d'homologue EAP Microsoft Corporation 5.1.2600.5512

eappprxy.dll Microsoft EAPHost Peer Client DLL Microsoft Corporation 5.1.2600.5512

GDI32.dll GDI Client DLL Microsoft Corporation 5.1.2600.5698

hnetcfg.dll Gestionnaire de configuration de réseau domestique Microsoft Corporation 5.1.2600.5512

iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 7.0.6000.16825

IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.1.2600.5512

index.dat

index.dat

index.dat

iphlpapi.dll API de l'application d'assistance IP Microsoft Corporation 5.1.2600.5512

kernel32.dll DLL du client API BASE Windows NT Microsoft Corporation 5.1.2600.5781

LINKINFO.dll Windows Volume Tracking Microsoft Corporation 5.1.2600.5512

locale.nls

LPK.DLL Language Pack Microsoft Corporation 5.1.2600.5512

mdnsNSP.dll Bonjour Namespace Provider Apple Inc. 1.0.6.2

MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.1.2600.5512

MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 5.1.2600.5512

MSCTF.dll DLL de MSCTF Server Microsoft Corporation 5.1.2600.5512

msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.1.2600.5512

msv1_0.dll Microsoft Authentication Package v1.0 Microsoft Corporation 5.1.2600.5512

MSVCP60.dll Microsoft ® C++ Runtime Library Microsoft Corporation 6.2.3104.0

msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.2600.5512

mswsock.dll Fournisseur de service Sockets 2.0 de Microsoft Windows Microsoft Corporation 5.1.2600.5625

netapi32.dll Net Win32 API DLL Microsoft Corporation 5.1.2600.5694

netshell.dll Noyau des Connexions réseau Microsoft Corporation 5.1.2600.5512

Normaliz.dll Unicode Normalization DLL Microsoft Corporation 6.0.5441.0

ntdll.dll DLL Couche NT Microsoft Corporation 5.1.2600.5755

NTMARTA.DLL Fournisseur MARTA Windows NT Microsoft Corporation 5.1.2600.5512

ntshrui.dll Extensions de l'interpréteur de commandes pour le partage Microsoft Corporation 5.1.2600.5512

nview.dll NVIDIA nView Desktop and Window Manager 110.33 NVIDIA Corporation 6.14.10.11033

nvwddi.dll NVIDIA nView Display Driver Interface Lib, Version 84.68 NVIDIA Corporation 6.14.10.8468

NVWRSFR.DLL NVIDIA nView Desktop and Window Manager NVIDIA Corporation 6.14.10.11033

ole32.dll Microsoft OLE pour Windows Microsoft Corporation 5.1.2600.5512

oleaut32.dll Microsoft Corporation 5.1.2600.5512

OneX.DLL Bibliothèque de demandeur IEEE 802.1X Microsoft Corporation 5.1.2600.5512

PSAPI.DLL Process Status Helper Microsoft Corporation 5.1.2600.5512

rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.1.2600.5512

RASAPI32.dll API d'Accès réseau à distance Microsoft Corporation 5.1.2600.5512

rasman.dll Remote Access Connection Manager Microsoft Corporation 5.1.2600.5512

RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.1.2600.5512

rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.1.2600.5507

rtutils.dll Routing Utilities Microsoft Corporation 5.1.2600.5512

SAMLIB.dll SAM Library DLL Microsoft Corporation 5.1.2600.5512

Secur32.dll Security Support Provider Interface Microsoft Corporation 5.1.2600.5753

sensapi.dll SENS Connectivity API DLL Microsoft Corporation 5.1.2600.5512

SETUPAPI.dll Installation de L'API Windows Microsoft Corporation 5.1.2600.5512

SHELL32.dll DLL commune du shell Windows Microsoft Corporation 6.0.2900.5622

shfolder.dll Shell Folder Service Microsoft Corporation 6.0.2900.5512

SHLWAPI.dll Bibliothèque d'utilitaires légers du Shell Microsoft Corporation 6.0.2900.5512

sortkey.nls

sorttbls.nls

TAPI32.dll DLL Client de l'API Microsoft® Windows Téléphonie Microsoft Corporation 5.1.2600.5512

unicode.nls

urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 7.0.6000.16825

USER32.dll DLL client de l'API Utilisateur de Windows XP Microsoft Corporation 5.1.2600.5512

USERENV.dll Userenv Microsoft Corporation 5.1.2600.5512

USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.420.2600.5512

uTorrent.exe µTorrent BitTorrent, Inc. 1.8.2.15227

uxtheme.dll Bibliothèque de thèmes Ux Microsoft Microsoft Corporation 6.0.2900.5512

VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.1.2600.5512

wininet.dll Internet Extensions for Win32 Microsoft Corporation 7.0.6000.16827

WINMM.dll DLL API MCI Microsoft Corporation 5.1.2600.5512

WINSTA.dll Winstation Library Microsoft Corporation 5.1.2600.5512

WLDAP32.dll DLL API LDAP Win32 Microsoft Corporation 5.1.2600.5512

WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.1.2600.5512

WS2HELP.dll Application d'assistance de Windows Socket 2.0 pour Windows NT Microsoft Corporation 5.1.2600.5512

wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.1.2600.5512

WTSAPI32.dll Windows Terminal Server SDK APIs Microsoft Corporation 5.1.2600.5512

xpsp2res.dll Messages Service Pack 2 Microsoft Corporation 5.1.2600.5512

thanks

[jewelisheaven]

That high (~20%) CPU bothers me... could you try turning off NVIDIA nView for a while and check procexp again. Are there times when your computer seems slow? If you've got Kaspersky, why did you install XPPolice AV?

I'd be interested to see your utorrent.exe process in procexp, double click and switch to THREADS tab. Highlight the one with the CPU usage, screenshot the frame with Alt-PrntScr and post it to some imagesite like http://imageshack.us

[mison]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:39:55, on 29/04/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\WINDOWS\system32\TDispVol.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Synaptics\SynTP\Toshiba.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Protector Suite QL\psqltray.exe

C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\cssrss.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [TDispVol] TDispVol.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable

O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [soundMan] C:\WINDOWS\system32\SOUNDMAN.EXE

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe

O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

--

End of file - 9793 bytes

[4d0lf]

error 73: -1/1460/0/1 =(

today it started to happening

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:10:22, on 2009-05-03

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Xfire\Xfire.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{40F65C86-FAB1-4F6C-8E79-8171DF96180A}: NameServer = 10.0.0.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{99E301FC-8FE6-410E-8028-58ACFCB52CC1}: NameServer = 10.0.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{40F65C86-FAB1-4F6C-8E79-8171DF96180A}: NameServer = 10.0.0.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{40F65C86-FAB1-4F6C-8E79-8171DF96180A}: NameServer = 10.0.0.1

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--

End of file - 4848 bytes

Process PID CPU Description Company Name

System Idle Process 0 62.69

Interrupts n/a Hardware Interrupts

DPCs n/a Deferred Procedure Calls

System 4

SMSS.EXE 492 Menedżer sesji Windows NT Microsoft Corporation

CSRSS.EXE 552 Client Server Runtime Process Microsoft Corporation

WINLOGON.EXE 580 Aplikacja logowania systemu Windows NT Microsoft Corporation

SERVICES.EXE 624 Usługi i aplikacja Kontroler Microsoft Corporation

ATI2EVXX.EXE 796 ATI External Event Utility EXE Module ATI Technologies Inc.

SVCHOST.EXE 808 Generic Host Process for Win32 Services Microsoft Corporation

Generic.exe 1964 Generic Device Management Executable. Teleca AB

WMIPRVSE.EXE 2128 WMI Microsoft Corporation

epmworker.exe 2140 CAPI_Worker Module Sony Ericsson Mobile Communications AB

CapabilityManager.exe 2656 26.87 Capability Manager Popwire AB

SVCHOST.EXE 872 Generic Host Process for Win32 Services Microsoft Corporation

SVCHOST.EXE 936 Generic Host Process for Win32 Services Microsoft Corporation

wuauclt.exe 3780 Aktualizacje automatyczne Microsoft Corporation

SVCHOST.EXE 988 Generic Host Process for Win32 Services Microsoft Corporation

SVCHOST.EXE 1072 Generic Host Process for Win32 Services Microsoft Corporation

SPOOLSV.EXE 1260 Spooler SubSystem App Microsoft Corporation

JQS.EXE 1716 Java Quick Starter Service Sun Microsystems, Inc.

PnkBstrA.exe 1768

ALG.EXE 2176 Application Layer Gateway Service Microsoft Corporation

LSASS.EXE 636 LSA Shell (Export Version) Microsoft Corporation

ATI2EVXX.EXE 1456 ATI External Event Utility EXE Module ATI Technologies Inc.

EXPLORER.EXE 1528 Eksplorator Windows Microsoft Corporation

CLI.EXE 236 CLI Application (Command Line Interface) ATI Technologies Inc.

CLI.EXE 2760 CLI Application (Command Line Interface) ATI Technologies Inc.

CLI.EXE 2776 CLI Application (Command Line Interface) ATI Technologies Inc.

CTHELPER.EXE 244 CtHelper Application Creative Technology Ltd

JUSCHED.EXE 420 Java Platform SE binary Sun Microsystems, Inc.

Application Launcher.exe 472 Application Launcher

CTFMON.EXE 540 CTF Loader Microsoft Corporation

DAEMON.EXE 544 Virtual DAEMON Manager DT Soft Ltd.

reader_sl.exe 912 Adobe Acrobat SpeedLauncher Adobe Systems Incorporated

Xfire.exe 932 Xfire Xfire Inc.

firefox.exe 2924 Firefox Mozilla Corporation

uTorrent.exe 468 1.49 µTorrent BitTorrent, Inc.

procexp.exe 2628 8.96 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

SOFFICE.EXE 1184 OpenOffice.org 3.0 OpenOffice.org

SOFFICE.BIN 1404 OpenOffice.org 3.0 OpenOffice.org

Process: uTorrent.exe Pid: 468

Name Description Company Name Version

ACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation 5.1.2600.2180

adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.1.2600.2180

ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.1.2600.2180

ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.5.2284.0

c_1252.nls

c_950.nls

Cabinet.dll Microsoft® Cabinet File API Microsoft Corporation 5.1.2600.2180

CLBCATQ.DLL Microsoft Corporation 2001.12.4414.258

COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.0.2900.2180

comdlg32.dll Plik DLL wspólnych okien dialogowych Microsoft Corporation 6.0.2900.2180

COMRes.dll Microsoft Corporation 2001.12.4414.258

credui.dll Interfejs użytkownika menedżera poświadczeń Microsoft Corporation 5.1.2600.2180

CRYPT32.dll Crypto API32 Microsoft Corporation 5.131.2600.2180

cryptnet.dll Crypto Network Related API Microsoft Corporation 5.131.2600.2180

ctagent.dll ctagent Creative Technology Ltd 1.0.0.5

ctype.nls

DnsApi.dll DNS Client API DLL Microsoft Corporation 5.1.2600.2180

DSOUND.dll DirectSound Microsoft Corporation 5.3.2600.2180

dssenh.dll Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider Microsoft Corporation 5.1.2600.2133

GDI32.dll GDI Client DLL Microsoft Corporation 5.1.2600.2180

hnetcfg.dll Menedżer konfiguracji sieci domowej Microsoft Corporation 5.1.2600.2180

IMAGEHLP.dll Windows NT Image Helper Microsoft Corporation 5.1.2600.2180

IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.1.2600.2180

index.dat

index.dat

index.dat

Iphlpapi.dll Interfejs API Pomocnika IP Microsoft Corporation 5.1.2600.2180

kernel32.dll Biblioteka DLL klienta Windows NT BASE API Microsoft Corporation 5.1.2600.2180

locale.nls

LPK.DLL Language Pack Microsoft Corporation 5.1.2600.2180

MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.1.2600.2180

MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 5.1.2600.2180

MSCTF.dll Biblioteka DLL serwera MSCTF Microsoft Corporation 5.1.2600.2180

msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.1.2600.2180

MSIMG32.dll GDIEXT Client DLL Microsoft Corporation 5.1.2600.2180

MSVCR71.DLL Microsoft® C Runtime Library Microsoft Corporation 7.10.3052.4

msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.2600.2180

mswsock.dll Microsoft Windows Sockets 2.0 Dostawca usługi Microsoft Corporation 5.1.2600.2180

netapi32.dll Net Win32 API DLL Microsoft Corporation 5.1.2600.2180

NETSHELL.dll Powłoka połączeń sieciowych Microsoft Corporation 5.1.2600.2180

ntdll.dll Biblioteka NT Layer DLL Microsoft Corporation 5.1.2600.2180

ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.1.2600.2180

oleaut32.dll Microsoft Corporation 5.1.2600.2180

R00000000000b.clb

rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.1.2600.2180

RASAPI32.DLL Interfejs API usługi Dostęp zdalny Microsoft Corporation 5.1.2600.2180

rasman.dll Remote Access Connection Manager Microsoft Corporation 5.1.2600.2180

RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.1.2600.2180

rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.1.2600.2161

rtutils.dll Routing Utilities Microsoft Corporation 5.1.2600.2180

SAMLIB.dll SAM Library DLL Microsoft Corporation 5.1.2600.2180

schannel.dll TLS / SSL Security Provider Microsoft Corporation 5.1.2600.2180

Secur32.dll Security Support Provider Interface Microsoft Corporation 5.1.2600.2180

sensapi.dll SENS Connectivity API DLL Microsoft Corporation 5.1.2600.2180

SETUPAPI.dll Interfejs API Instalatora systemu Windows Microsoft Corporation 5.1.2600.2180

SHELL32.dll Wspólna biblioteka DLL Powłoki systemu Windows Microsoft Corporation 6.0.2900.2180

shfolder.dll Shell Folder Service Microsoft Corporation 6.0.2900.2180

SHLWAPI.dll Biblioteka dodatkowych narzędzi powłoki Microsoft Corporation 6.0.2900.2180

sortkey.nls

sorttbls.nls

TAPI32.dll Biblioteka DLL klienta interfejsu API usługi Telefonii dla systemu Microsoft® Windows Microsoft Corporation 5.1.2600.2180

unicode.nls

urlmon.dll Rozszerzenia OLE32 dla Win32 Microsoft Corporation 6.0.2900.2180

USER32.dll Biblioteka DLL klienta Windows XP USER API Microsoft Corporation 5.1.2600.2180

USERENV.dll Userenv Microsoft Corporation 5.1.2600.2180

USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.420.2600.2180

uTorrent.exe µTorrent BitTorrent, Inc. 1.8.2.14458

UxTheme.dll Biblioteka Microsoft UxTheme Microsoft Corporation 6.0.2900.2180

VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.1.2600.2180

WINHTTP.dll Windows HTTP Services Microsoft Corporation 5.1.2600.2180

wininet.dll Rozszerzenia internetowe Win32 Microsoft Corporation 6.0.2900.2180

WINMM.dll MCI API DLL Microsoft Corporation 5.1.2600.2180

wintrust.dll Interfejsy API potwierdzania zaufania firmy Microsoft Microsoft Corporation 5.131.2600.2180

WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.1.2600.2180

WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.1.2600.2180

WS2HELP.dll Windows Socket 2.0 Helper dla Windows NT Microsoft Corporation 5.1.2600.2180

wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.1.2600.2180

WSOCK32.dll 32-bitowa biblioteka Windows Socket Microsoft Corporation 5.1.2600.2180

xfire_toucan_36594.dll Xfire Toucan DLL Xfire Inc. 1.0.0.36594

xpsp2res.dll Komunikaty pakietu Service Pack 2 Microsoft Corporation 5.1.2600.2180

[mison]

StartupList report, 03/05/2009, 20:12:09

StartupList version: 1.52.2

Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE

Detected: Windows XP SP3 (WinNT 5.01.2600)

Detected: Internet Explorer v7.00 (7.00.6000.16827)

* Using default options

==================================================

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\WINDOWS\system32\TDispVol.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Synaptics\SynTP\Toshiba.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Protector Suite QL\psqltray.exe

C:\WINDOWS\system32\cssrss.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\Program Files\Sophos\Sophos Anti-Virus\SavProgress.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

Bluetooth Manager.lnk = ?

HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

AGRSMMSG = AGRSMMSG.exe

RTHDCPL = RTHDCPL.EXE

Alcmtr = ALCMTR.EXE

NDSTray.exe = NDSTray.exe

DLA = C:\WINDOWS\System32\DLA\DLACTRLW.EXE

SmoothView = C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

Tvs = C:\Program Files\Toshiba\Tvs\TvsTray.exe

THotkey = C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

TDispVol = TDispVol.exe

SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

IntelZeroConfig = "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

IntelWireless = "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

nwiz = nwiz.exe /installquiet /keeploaded /nodetect

NVRotateSysTray = rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable

PSQLLauncher = "C:\Program Files\Protector Suite QL\launcher.exe" /startup

TPSMain = TPSMain.exe

IntelliPoint = "C:\Program Files\Microsoft IntelliPoint\point32.exe"

WD Drive Manager = C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

ISUSPM = "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

HP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

hpqSRMon = C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

SoundMan = C:\WINDOWS\system32\SOUNDMAN.EXE

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*

run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe

SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr

drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Browser Helper Objects:

HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll - {0347C33E-8762-4905-BF09-768834316C61}

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

(no name) - (no file) - {5C255C8A-E604-49b4-9D64-90988571CECB}

(no name) - C:\WINDOWS\System32\DLA\DLASHX_W.DLL - {5CA3D70E-1895-11CF-8E15-001234567890}

(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}

HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job

OGADaily.job

OGALogon.job

--------------------------------------------------

Enumerating Download Program Files:

[shockwave ActiveX Control]

InProcServer32 = C:\WINDOWS\system32\Adobe\Director\SwDir.dll

CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[unoCtrl Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll

CODEBASE = http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab

[MessengerStatsClient Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll

CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #4: C:\Program Files\Bonjour\mdnsNSP.dll

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:

*No scripts set to run*

Windows NT checkdisk command:

BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':

PendingFileRenameOperations: C:\WINDOWS\system32\sqlsodbc.chmxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx||C:\DOCUME~1\POPULIN\LOCALS~1\Temp\GLB1A2B.EXE

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\system32\webcheck.dll

SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------

End of report, 10,245 bytes

Report generated in 0.172 seconds

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

[4d0lf]

hm

now it was ok for a wile but after I lunched MSN it crashed

and when I'm logging off/shutting down Net Broadcast Event Window won't end normally and I have to wait few sec.

it crashes without msn so it was irrelevant

i went to %appdata%/utorrent and deleted everything

now uT seems to be fine but when I try to open .torrent directly from firefox, firefox is crashing

when I'm saving .torrent to desktop and than opening it explorer is crashing =( but drag&drop is working

damn it

I can't connect to any tracker now

srsly wtf!