spotted zebra Posted July 22, 2009 Report Share Posted July 22, 2009 this started with the release of 1.8.3 . i would start utorrent and usually with in minutes it would freeze my computer solid and i would have to manually reboot, but sometimes it would take up to 24 hours for it to freeze. i would leave and come and realize the time was the same as when i left. i have scanned and scanned and scanned for malware and spyware but nothing comes up. i can't figure out what is going on for the life of me so here are my logs i am hoping someone can find something wrong so i can fix this and move on:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:26:59 PM, on 7/12/2009Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v7.00 (7.00.6002.18005)Boot mode: NormalRunning processes:C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files (x86)\EDIMAX\Common\RaUI.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrobat.exeC:\Program Files (x86)\Folding@home\Folding@home-x86\Folding@home.exeC:\Users\Michael\AppData\Roaming\Folding@home-x86\FahCore_a0.exeC:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)F2 - REG:system.ini: UserInit=userinit.exeO1 - Hosts: ::1 localhostO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (file missing)O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dllO4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - Startup: PowerReg Scheduler.exeO4 - Global Startup: Wireless Utility.lnk = C:\Program Files (x86)\EDIMAX\Common\RaUI.exeO8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLLO13 - Gopher Prefix: O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dllO23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: AODService - Unknown owner - C:\Program Files (x86)\AMD\OverDrive\AODAssist.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: ASKUpgrade - Unknown owner - C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exeO23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exeO23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskNetSrv.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exeO23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeO23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files (x86)\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exeO23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exeO23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exeO23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exeO23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)--End of file - 9858 bytesProcess PID CPU Description Company NameSystem Idle Process 0 91.54 Interrupts n/a Hardware Interrupts DPCs n/a 0.77 Deferred Procedure Calls System 4 0.77 smss.exe 568 csrss.exe 636 wininit.exe 688 services.exe 744 svchost.exe 912 svchost.exe 1008 svchost.exe 304 Ati2evxx.exe 584 Ati2evxx.exe 1556 svchost.exe 608 audiodg.exe 1132 svchost.exe 628 svchost.exe 896 taskeng.exe 1584 taskeng.exe 2552 Task Scheduler Engine Microsoft Corporation SLsvc.exe 1180 svchost.exe 1240 svchost.exe 1368 spoolsv.exe 1652 svchost.exe 1684 AppleMobileDeviceService.exe 1472 AdskScSrv.exe 1308 mDNSResponder.exe 2016 raysat_3dsMax2009_32server.exe 2092 NBService.exe 2132 IoctlSvc.exe 2292 PnkBstrA.exe 2304 svchost.exe 2320 svchost.exe 2344 svchost.exe 2436 SearchIndexer.exe 2468 TrustedInstaller.exe 2664 lsass.exe 756 lsm.exe 764 csrss.exe 708 winlogon.exe 944 explorer.exe 1096 Windows Explorer Microsoft Corporation MSASCui.exe 1712 Windows Defender User Interface Microsoft Corporation RAVCpl64.exe 1276 HD Audio Control Panel Realtek Semiconductor sidebar.exe 2932 Windows Sidebar Microsoft Corporation RaUI.exe 3104 Edimax Wireless Utility Edimax Technology Co., Ltd. firefox.exe 3220 Firefox Mozilla Corporation procexp.exe 3364 Sysinternals Process Explorer Sysinternals - www.sysinternals.com procexp64.exe 2872 Sysinternals Process Explorer Sysinternals - www.sysinternals.comMOM.exe 3240 Catalyst Control Center: Monitoring program Advanced Micro Devices Inc. CCC.exe 3608 Catalyst Control Centre: Host application ATI Technologies Inc.uTorrent.exe 3756 6.92 µTorrent BitTorrent, Inc.Process: uTorrent.exe Pid: 3756Name Description Company Name VersionADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 6.0.6002.18005ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.5.2284.0CLBCatQ.DLL COM+ Configuration Catalog Microsoft Corporation 2001.12.6931.18000COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.10.6002.18005comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.0.6002.18005dhcpcsvc.DLL DHCP Client Service Microsoft Corporation 6.0.6002.18005dhcpcsvc6.DLL DHCPv6 Client Microsoft Corporation 6.0.6002.18005DnsApi.dll DNS Client API DLL Microsoft Corporation 6.0.6002.18005FirewallAPI.dll Windows Firewall API Microsoft Corporation 6.0.6001.18000GDI32.dll GDI Client DLL Microsoft Corporation 6.0.6002.18005GPAPI.dll Group Policy Client API Microsoft Corporation 6.0.6002.18005hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 6.0.6001.18000hnetcfg.dll.mui Home Networking Configuration Manager Microsoft Corporation 6.0.6000.16386iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 7.0.6002.18005IMM32.DLL Multi-User Windows IMM32 API Client DLL Microsoft Corporation 6.0.6002.18005Iphlpapi.dll IP Helper API Microsoft Corporation 6.0.6002.18005kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 6.0.6002.18005kernel32.dll.mui Windows NT BASE API Client DLL Microsoft Corporation 6.0.6001.18000locale.nls locale.nls LPK.DLL Language Pack Microsoft Corporation 6.0.6002.18005mdnsNSP.dll Bonjour Namespace Provider Apple Computer, Inc. 1.0.3.1MSCTF.dll MSCTF Server DLL Microsoft Corporation 6.0.6002.18005msctf.dll.mui MSCTF Server DLL Microsoft Corporation 6.0.6000.16386msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.6002.18005mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 6.0.6002.18005msxml3.dll MSXML 3.0 SP10 Microsoft Corporation 8.100.5000.0msxml3r.dll XML Resources Microsoft Corporation 8.20.8730.1napinsp.dll E-mail Naming Shim Provider Microsoft Corporation 6.0.6001.18000NETAPI32.dll Net Win32 API DLL Microsoft Corporation 6.0.6002.18005netshell.dll Network Connections Shell Microsoft Corporation 6.0.6002.18005NLAapi.dll Network Location Awareness 2 Microsoft Corporation 6.0.6001.18000npmproxy.dll Network List Manager Proxy Microsoft Corporation 6.0.6000.16386NSI.dll NSI User-mode interface DLL Microsoft Corporation 6.0.6001.18000ntdll.dll NT Layer DLL Microsoft Corporation 6.0.6002.18005ntdll.dll NT Layer DLL Microsoft Corporation 6.0.6002.18005ole32.dll Microsoft OLE for Windows Microsoft Corporation 6.0.6002.18005oleaut32.dll Microsoft Corporation 6.0.6002.18005pnrpnsp.dll PNRP Name Space Provider Microsoft Corporation 6.0.6001.18000PSAPI.DLL Process Status Helper Microsoft Corporation 6.0.6000.16386rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 6.0.6000.16386RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 6.0.6002.18024rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 6.0.6002.18005Secur32.dll Security Support Provider Interface Microsoft Corporation 6.0.6002.18005SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.0.6002.18005shfolder.dll Shell Folder Service Microsoft Corporation 6.0.6000.16386SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.0.6002.18005slc.dll Software Licensing Client Dll Microsoft Corporation 6.0.6002.18005SSDPAPI.dll SSDP Client API DLL Microsoft Corporation 6.0.6000.16386SXS.DLL Fusion 2.5 Microsoft Corporation 6.0.6001.18000upnp.dll UPnP Control Point API Microsoft Corporation 6.0.6001.18000urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 7.0.6002.18024USER32.dll Multi-User Windows USER API Client DLL Microsoft Corporation 6.0.6002.18005USERENV.dll Userenv Microsoft Corporation 6.0.6002.18005USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.626.6002.18005uTorrent.exe µTorrent BitTorrent, Inc. 1.8.3.15772uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.0.6001.18000VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 6.0.6002.18005WINHTTP.dll Windows HTTP Services Microsoft Corporation 6.0.6002.18005WINNSI.DLL Network Store Information RPC interface Microsoft Corporation 6.0.6001.18000winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 6.0.6002.18005WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 6.0.6002.18005wow64.dll Win32 Emulation on NT64 Microsoft Corporation 6.0.6002.18005wow64cpu.dll AMD64 Wow64 CPU Microsoft Corporation 6.0.6002.18005wow64win.dll Wow64 Console and Win32 API Logging Microsoft Corporation 6.0.6002.18005WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 6.0.6001.18000wship6.dll Winsock2 Helper DLL (TL/IPv6) Microsoft Corporation 6.0.6001.18000wshtcpip.dll Winsock2 Helper DLL (TL/IPv4) Microsoft Corporation 6.0.6001.18000 Link to comment Share on other sites More sharing options...
DreadWingKnight Posted July 22, 2009 Report Share Posted July 22, 2009 Try without superantispyware installed. Link to comment Share on other sites More sharing options...
spotted zebra Posted July 23, 2009 Author Report Share Posted July 23, 2009 i uninstalled it already. i was before i ran this scan too so i dont know why that showed up but i will double check. do you want me to re-run the scan after i make sure its uninstalled.EDIT: i looked everywhere i could think to uninstall and delete super anit spyware but i found nothing and it's still showing up in the HijackThis log file. i can post it if you need it. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.