watchme Posted May 23, 2009 Report Share Posted May 23, 2009 uTorrent version: 1.8.3 Beta (1.8.2 had the same problem, older releases not used on the current configuration)OS version: Windows XP SP2System: Fujitsu/Siemens Lifebook E8410Virus checker: McAfee, WinPatrolProblem description: After hours of working nicely uTorrent stops working. When the GUI was displayed and another window was on top of it, the part that was covered up is blanked. Restarting the applic is not possible because killing the current service is not possible. I have this problem for half a year now every day and it interferes unattended downloading.Workaround: Restart the system. Remark: If you need any assistance with debugging, I would be glad to help. This problem is quit a nuisance...Attachments:uTorrent dump file: http://www.zshare.net/download/604025317d164342/HijackThis logfile: http://www.zshare.net/download/60403195b94014a1/Process PID CPU Description Company NameSystem Idle Process 0 88.24 Interrupts n/a 0.74 Hardware Interrupts DPCs n/a 1.47 Deferred Procedure Calls System 4 0.74 smss.exe 744 Windows NT Session Manager Microsoft Corporation csrss.exe 792 Client Server Runtime Process Microsoft Corporation winlogon.exe 824 Windows NT Logon Application Microsoft Corporation services.exe 868 1.47 Services and Controller app Microsoft Corporation svchost.exe 1048 Generic Host Process for Win32 Services Microsoft Corporation naPrdMgr.exe 1440 NAI Product Manager McAfee, Inc. iexplore.exe 3052 Internet Explorer Microsoft Corporation svchost.exe 1108 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1500 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1612 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1964 Generic Host Process for Win32 Services Microsoft Corporation spoolsv.exe 508 Spooler SubSystem App Microsoft Corporation scardsvr.exe 560 Smart Card Resource Management Server Microsoft Corporation FireSvc.exe 1384 Main HIP Service McAfee, Inc. Tuner.exe 1424 BMC CM Tuner BMC Software, Inc. minituner.exe 3576 BMC CM Minituner BMC Software, Inc. FrameworkService.exe 1560 Framework Service McAfee, Inc. mcshield.exe 1840 On-Access Scanner service McAfee, Inc. vstskmgr.exe 1928 Task Manager : scheduling and OAS alerting service Network Associates, Inc. MDM.EXE 1940 Machine Debug Manager Microsoft Corporation svchost.exe 212 Generic Host Process for Win32 Services Microsoft Corporation nvPDsvc.exe 232 NVIDIA Performance Driver Service nvsvc32.exe 280 NVIDIA Driver Helper Service, Version 156.87 NVIDIA Corporation svchost.exe 412 Generic Host Process for Win32 Services Microsoft Corporation vmount2.exe 640 virtual disk mount service VMware, Inc. vmnat.exe 1412 VMware NAT Service VMware, Inc. vmnetdhcp.exe 1524 VMware VMnet DHCP service VMware, Inc. vmware-authd.exe 628 0.74 VMware Authorization Service VMware, Inc. lsass.exe 888 LSA Shell (Export Version) Microsoft Corporationexplorer.exe 2936 Windows Explorer Microsoft Corporation SynTPEnh.exe 3064 Synaptics TouchPad Enhancements Synaptics, Inc. RTHDCPL.EXE 3656 Realtek HD Audio Control Panel Realtek Semiconductor Corp. FUJ02E3.exe 3680 FUJ02E3 Utility FUJITSU LIMITED QuickTouch.exe 3692 LifeBook Application Panel / Core FUJITSU LIMITED BtnHnd.exe 3700 Button handler FUJITSU LIMITED BtnHndHkb.exe 3824 Button handler KB assistant . TrayControl.exe 3708 Tray Control NovaStor Corporation vmware-tray.exe 3816 VMware Tray Process VMware, Inc. hqtray.exe 3832 VMware Host Network Access Status Tray Application VMware, Inc. shstat.exe 3844 On-access scanner statistics McAfee, Inc. UdaterUI.exe 3912 Common User Interface McAfee, Inc. Mctray.exe 704 McAfee Security Agent Taskbar Extension McAfee, Inc. UnlockerAssistant.exe 3952 WinPatrol.exe 4028 WinPatrol System Monitor BillP Studios rundll32.exe 2088 Run a DLL as an App Microsoft Corporation ctfmon.exe 2372 CTF Loader Microsoft Corporation SpeedswitchXP.exe 760 A CPU frequency applet for Windows XP Christian Diefer Babylon.exe 2648 Babylon Information Tool Babylon Ltd. utorrent.exe 2656 0.74 µTorrent BitTorrent, Inc. FireTray.exe 3644 McAfee HIP Tray Application McAfee, Inc. procexp.exe 720 5.88 Sysinternals Process Explorer Sysinternals - www.sysinternals.comrundll32.exe 2664 Run a DLL as an App Microsoft CorporationProcess: utorrent.exe Pid: 2656Name Description Company Name VersionACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation 5.1.2600.2180adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.1.2600.2180ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.1.2600.2180apphelp.dll Application Compatibility Client Library Microsoft Corporation 5.1.2600.2180ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.5.2284.0CAPTLIB.DLL Babylon Information Tool Babylon Ltd. 4.0.5.9CLBCATQ.DLL Microsoft Corporation 2001.12.4414.308COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.0.2900.2982comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.0.2900.2180COMRes.dll Microsoft Corporation 2001.12.4414.258credui.dll Credential Manager User Interface Microsoft Corporation 5.1.2600.2180ctype.nls DnsApi.dll DNS Client API DLL Microsoft Corporation 5.1.2600.3394GDI32.dll GDI Client DLL Microsoft Corporation 5.1.2600.3466hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.1.2600.2180IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.1.2600.2180Iphlpapi.dll IP Helper API Microsoft Corporation 5.1.2600.2912kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.1.2600.3119locale.nls mdnsNSP.dll Bonjour Namespace Provider Apple Inc. 1.0.6.2MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.1.2600.2180MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.1.2600.2180msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.1.2600.2180msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.2600.2180mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.1.2600.3394netapi32.dll Net Win32 API DLL Microsoft Corporation 5.1.2600.3462NETSHELL.dll Network Connections Shell Microsoft Corporation 5.1.2600.2658ntdll.dll NT Layer DLL Microsoft Corporation 5.1.2600.2180NTMARTA.DLL Windows NT MARTA provider Microsoft Corporation 5.1.2600.2180nview.dll NVIDIA nView Desktop and Window Manager 111.35 NVIDIA Corporation 6.14.10.11135nvwddi.dll NVIDIA nView Display Driver Interface Lib, Version 156.87 NVIDIA Corporation 6.14.11.5687NVWRSNL.DLL NVIDIA nView Desktop and Window Manager NVIDIA Corporation 6.14.10.11135ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.1.2600.2726oleaut32.dll Microsoft Corporation 5.1.2600.3266PATROLPRO.DLL WinPatrol Helper DLL BillP Studios 1.4.0.0PSAPI.DLL Process Status Helper Microsoft Corporation 5.1.2600.2180rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.1.2600.2938RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.1.2600.3173rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.1.2600.2161rtutils.dll Routing Utilities Microsoft Corporation 5.1.2600.2180SAMLIB.dll SAM Library DLL Microsoft Corporation 5.1.2600.2180Secur32.dll Security Support Provider Interface Microsoft Corporation 5.1.2600.2180SETUPAPI.dll Windows Setup API Microsoft Corporation 5.1.2600.2180SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.0.2900.3241shfolder.dll Shell Folder Service Microsoft Corporation 6.0.2900.2180SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.0.2900.3268sortkey.nls sorttbls.nls unicode.nls UnlockerHook.dll USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.1.2600.3099USERENV.dll Userenv Microsoft Corporation 5.1.2600.2180utorrent.exe µTorrent BitTorrent, Inc. 1.8.3.15358uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.0.2900.2180VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.1.2600.2180WINMM.dll MCI API DLL Microsoft Corporation 5.1.2600.2180WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.1.2600.2180WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.1.2600.2180WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.1.2600.2180wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.1.2600.2180xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.1.2600.2180 Link to comment Share on other sites More sharing options...
DreadWingKnight Posted May 23, 2009 Report Share Posted May 23, 2009 hijackthis logs and process explorer process lists can and should be pasted directly into your post. Link to comment Share on other sites More sharing options...
moogly Posted May 23, 2009 Report Share Posted May 23, 2009 I did it for you. Process Explorer is nuked, you have to select utorrent.exe as process, not vmware-authd.exe.So repost Process Explorer log please.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:43:58, on 23-5-2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exeC:\program files\MarimbaProdClient\Castanet Tuner\Tuner.exec:\Program Files\McAfee\Common Framework\FrameworkService.exec:\Program Files\McAfee\VirusScan\mcshield.exec:\Program Files\McAfee\VirusScan\vstskmgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exeC:\WINDOWS\system32\vmnat.exeC:\WINDOWS\system32\vmnetdhcp.exeC:\Program Files\VMware\VMware Workstation\vmware-authd.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exeC:\Program Files\Fujitsu\Application Panel\QuickTouch.exeC:\Program Files\Fujitsu\BtnHnd\BtnHnd.exeC:\Program Files\NovaNet-WEB Backup\TrayControl.exeC:\Program Files\VMware\VMware Workstation\vmware-tray.exeC:\Program Files\VMware\VMware Workstation\hqtray.exeC:\Program Files\McAfee\VirusScan\SHSTAT.EXEC:\Program Files\Fujitsu\BtnHnd\BtnHndHkb.exeC:\Program Files\McAfee\Common Framework\UdaterUI.exeC:\Program Files\Unlocker\UnlockerAssistant.exeC:\Program Files\WinPatrol\winpatrol.exec:\Program Files\McAfee\Common Framework\McTray.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SpeedswitchXP\SpeedswitchXP.exeC:\Program Files\Babylon\Babylon.exeC:\Program Files\uTorrent\utorrent.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exeC:\Program Files\Internet Explorer\iexplore.exeC:\program files\MarimbaProdClient\Castanet Tuner\lib\minituner.exeE:\Applications\Security\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://compass.oce.net/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://compass.oce.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://compass.oce.net/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Océ-Nederland B,V,R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://infoce.ocenl.nl/ie401set/proxy.pacO1 - Hosts: 134.188.64.94 nloce004O1 - Hosts: 134.188.101.2 nloce006O1 - Hosts: 134.188.101.3 nloce007O1 - Hosts: 134.188.254.100 service oceserviceO1 - Hosts: 134.188.254.101 laptopO2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Resept Certificate Loader - {B40D0B13-9A70-4394-8F21-E2E4AE3A9BC4} - C:\Program Files\Resept\ReseptLoader.dllO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logonO4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exeO4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exeO4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exeO4 - HKLM\..\Run: [NovaNet-WEB Tray Control] C:\Program Files\NovaNet-WEB Backup\TrayControl.exeO4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exeO4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"O4 - HKLM\..\Run: [shStatEXE] "c:\Program Files\McAfee\VirusScan\SHSTAT.EXE" /STANDALONEO4 - HKLM\..\Run: [McAfeeUpdaterUI] "c:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKeyO4 - HKLM\..\Run: [setOceUserForRemoteAccess] C:\Program Files\resept\tools\setoceuser.exeO4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\WinPatrol\winpatrol.exe -expressbootO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [speedswitchXP] C:\Program Files\SpeedswitchXP\SpeedswitchXP.exeO4 - HKCU\..\Run: [babylon Translator] C:\Program Files\Babylon\Babylon.exeO4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"O4 - HKCU\..\Run: [iCQ] "C:\Program Files\ICQ6.5\ICQ.exe" silentO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')O4 - Startup: NovaNet-WEB Backup Tray Control.lnk = ?O4 - Global Startup: McAfee Host Intrusion Prevention Tray.lnk = ?O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2007\spy.htmO9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2007\spy.htmO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dllO14 - IERESET.INF: START_PAGE_URL=http://compass.oce.net/O15 - Trusted Zone: http://oce.intellinex-asp.comO15 - Trusted Zone: http://ocelearner.intellinex-asp.comO15 - Trusted Zone: http://datadist1.denbosch.nl.oce.netO15 - Trusted Zone: http://softdist.oce.netO15 - Trusted Zone: http://softdist-r2.denbosch.nl.oce.netO15 - Trusted Zone: http://softdist.denbosch.nl.oce.netO15 - Trusted Zone: *.oce.netO15 - Trusted Zone: http://infoce.ocenl.nlO15 - Trusted Zone: http://*.oceserviceO15 - Trusted Zone: http://oce.intellinex-asp.com (HKLM)O15 - Trusted Zone: http://ocelearner.intellinex-asp.com (HKLM)O15 - Trusted Zone: http://datadist1.denbosch.nl.oce.net (HKLM)O15 - Trusted Zone: http://softdist.oce.net (HKLM)O15 - Trusted Zone: http://softdist-r2.denbosch.nl.oce.net (HKLM)O15 - Trusted Zone: http://softdist.denbosch.nl.oce.net (HKLM)O15 - Trusted Zone: *.oce.net (HKLM)O15 - Trusted Zone: http://infoce.ocenl.nl (HKLM)O15 - Trusted Zone: http://*.oceservice (HKLM)O16 - DPF: {00627E89-A19D-4A2B-938B-059CB7B1B493} (F5 Networks Certificate Checker) - file://c:/Program Files/F5 VPN/F5_TMP/f5certchk.cabO16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cabO16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://vpn01.oce.com/vdesk/terminal/urxvpn.cab#version=6020,2008,0514,2345O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://vpn01.oce.com/vdesk/terminal/InstallerControl.cab#version=6020,2008,0514,2345O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cabO16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - file://c:/Program Files/F5 VPN/F5_TMP/f5InspectionHost.cab O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://vpn01.oce.com/vdesk/terminal/urTermProxy.cab#version=6020,2008,0514,2337O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232376181582O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cabO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.2) - http://javadl-esd.sun.com/update/1.2.1/jinstall-12-win32.cabO16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://vpn01.oce.com/vdesk/terminal/urxshost.cab#version=6020,2008,0514,2341O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cabO16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://vpn01.oce.com/vdesk/terminal/urxhost.cab#version=6020,2008,0514,2340O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - file://c:/Program Files/F5 VPN/F5_TMP/f5syschk.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ocenl.oce.netO17 - HKLM\Software\..\Telephony: DomainName = ocenl.oce.netO17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ocenl.oce.netO17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ocenl.oce.netO23 - Service: McAfee Host Intrusion Prevention Service (enterceptAgent) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: MarimbaProductionClient - BMC Software, Inc. - C:\program files\MarimbaProdClient\Castanet Tuner\Tuner.exeO23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - c:\Program Files\McAfee\Common Framework\FrameworkService.exeO23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - c:\Program Files\McAfee\VirusScan\mcshield.exeO23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - c:\Program Files\McAfee\VirusScan\vstskmgr.exeO23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)O23 - Service: Servers Alive (salive) - Woodstone bvba - C:\PROGRA~1\SERVER~1\serversalive.exeO23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exeO23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exeO23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exeO23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exeO23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe--End of file - 13817 bytes Link to comment Share on other sites More sharing options...
watchme Posted May 23, 2009 Author Report Share Posted May 23, 2009 Thanks for the help moogly! I corrected the Process log and inserted it in my original post. Sorry about the original format DreadWingKnight. I assumed the attachments were more clarifying. Apparently you do not agree... Link to comment Share on other sites More sharing options...
jewelisheaven Posted May 23, 2009 Report Share Posted May 23, 2009 In order, try stopping/removing:BabylonWinPatrolNViewThey're all injected :/ Link to comment Share on other sites More sharing options...
watchme Posted May 24, 2009 Author Report Share Posted May 24, 2009 Thanks jewelisheaven, I will try that. What do you mean with 'injected'?Last night uTorrent stopped again, but without producing a new log file... Link to comment Share on other sites More sharing options...
jewelisheaven Posted May 24, 2009 Report Share Posted May 24, 2009 OK, so when people paste their logfiles, (I'm assuming for others, I will relay what I do) the helpers who look at them evaluate several things. THey're looking for known bad programs, looking for probabilities of malware, and possibly old versions (of drivers/programs) if known.For instance in your logfiles I see you have at least a partial install of the Roxio Suite (c/o HJT), which is to be honest not known for working well with uT.The three programs I mentioned I looked at the PE logfile searched for "Microsoft" in the DLL list, highlighted all (since I use Firefox) and noted non-highlighted lines. Then I use googlefu if I don't know the program or note the program it pertains to and report back possible problems.I'd actually be able to detect the "direct" cause according to the dump if I read the DMP file but I'm learning something different right now so I leave that to others.Other questions/problems/concerns? Link to comment Share on other sites More sharing options...
watchme Posted May 27, 2009 Author Report Share Posted May 27, 2009 You are VERY thorough jewelisheaven! Thank you for your comprehensive answer. However, I still am not sure what is ment with the term 'injected'. Do you mean applications other then from Microsoft?It took a while before I responded, because I would take the time to execute your proposel. I did and without the three mentioned apps active uTorrent still crashes every day once or more...Other suggestions? Link to comment Share on other sites More sharing options...
moogly Posted May 27, 2009 Report Share Posted May 27, 2009 Injected is injected. That means DLLs called and loaded when uT is running. And sometimes third-party DLLs (it's often non-MS DLLs) injected into uT hang utorrent.exe occuring freezing/crashing. Link to comment Share on other sites More sharing options...
watchme Posted May 27, 2009 Author Report Share Posted May 27, 2009 OK moogly. So, if I understand you right it does not matter if the mentioned applics are running or not? The related DLL's will still be available on the system. If that's the case I will at least rename the related DLL's. What I do not understand is why uTorrent uses DLL's from completely other kind of applics??? Link to comment Share on other sites More sharing options...
jewelisheaven Posted May 31, 2009 Report Share Posted May 31, 2009 uTorrent does not use those DLLs. The list shows what DLLs are in uTorrent's memory (think of it as a closet, with other people storing their jackets/coats). If there's no way in the application to set an exception for uTorrent, you need to stop the process, or uninstall its program if the DLL is still in uT to verify the problem with your system. Only when DLLs are unloaded from uTorrent is anything else possible, that is without an analysis of the dumpfile. Link to comment Share on other sites More sharing options...
watchme Posted June 7, 2009 Author Report Share Posted June 7, 2009 I HAVE FOUND THE PROBLEM: HelpSvc.exe!!! I kind of 'caught it in the act' when I was watching a movie while I had the Task Processor open and the Performance Tab actif. Suddenly the CPU-usage was sky rocketing. I killed HelpSvc.exe and uTorrent is actif for two days know without interruption! This has never happened on my current laptop before! In the proces of debugging before this event, I have also tried to increase the Priority of uTorrent to High, but that did not help. I hope uTorrent can be secured for this event in the future, because it looks sensitive for too less remaining CPU time.Thank you all for the assistance and teaching guys! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.