Hyosung Posted July 26, 2009 Report Share Posted July 26, 2009 Dear Readers,I woke up this morning and noticed that my torrents weren't seeding.Every now and then, the speeds might spike up a bit, last a few seconds and then slowly plummet back to 1kB.I tested to see if it might be my net, resetted modem, ran a speed test, and upload is normal 80kB-ishSo I wasn't too sure what might have caused this, and I was hoping that my ISP (Champion Broadband) didn't decide to throttle, checked the BAD ISP's from Azureus's wiki, and my ISp isnt listed there.Ran a viruscan with Avira AntiVir Premium, and came up clean.So I thought I'd post a HiJackThis Log to see if anything there might be the culprit.(Overnight, my seeding was normal), so I'm not too sure what might have caused the problem overnight, as I didn't install/change anything within that timeframe.---Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:57:25 AM, on 7/26/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\brss01a.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\WINDOWS\system32\Brmfrmps.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\NetLimiter 2 Pro\nlsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\NetLimiter 2 Pro\NLClient.exeC:\Program Files\WallMaster\wallmast.exeC:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXEC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\Program Files\Digsby\lib\digsby-app.exec:\program files\winamp\winamp.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Chris La\Application Data\uTorrent\uTorrent.exeC:\Program Files\megui\MeGUI.exeC:\Program Files\Digsby\lib\aspell\bin\aspell.exeC:\Documents and Settings\Chris La\Desktop\asdf\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/O1 - Hosts: 148.244.43.5 www.bancomer.comO1 - Hosts: 148.244.43.5 bancomer.comO1 - Hosts: 148.244.43.5 www.bancomer.com.mxO1 - Hosts: 148.244.43.5 bancomer.com.mxO1 - Hosts: 148.244.43.5 bbvanet.com.mxO1 - Hosts: 148.244.43.5 www.bbvanet.com.mxO1 - Hosts: 192.193.230.100 www.banamex.com.mxO1 - Hosts: 192.193.230.100 banamex.com.mxO1 - Hosts: 192.193.230.100 www.banamex.comO1 - Hosts: 192.193.230.100 banamex.comO1 - Hosts: 200.57.47.69 see.sbi.com.mxO1 - Hosts: 200.57.47.69 scotiabank.com.mxO1 - Hosts: 200.57.47.69 scotiabankinverlat.comO1 - Hosts: 200.57.47.69 scotiabankinverlat.com.mxO1 - Hosts: 200.57.47.69 www.see.sbi.com.mxO1 - Hosts: 200.57.47.69 www.scotiabank.com.mxO1 - Hosts: 200.57.47.69 www.scotiabankinverlat.comO1 - Hosts: 200.57.47.69 www.scotiabankinverlat.com.mxO1 - Hosts: 200.57.47.69 inverweb3.scotiabankinverlat.comO1 - Hosts: 200.57.47.69 www.inverweb3.scotiabankinverlat.comO1 - Hosts: 200.76.36.117 bb.com.mxO1 - Hosts: 200.76.36.117 secure4.bb.com.mxO1 - Hosts: 200.76.36.117 secure10.bb.com.mxO1 - Hosts: 200.76.36.117 www.bb.com.mxO1 - Hosts: 200.76.36.117 www.secure10.bb.com.mxO1 - Hosts: 200.76.36.117 www.secure4.bb.com.mxO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /minO4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXEO4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Startup: WallMaster Pro.lnk = C:\Program Files\WallMaster\wallmast.exeO4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233795727968O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exeO23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exeO23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exeO23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe--End of file - 5635 bytes--- Link to comment Share on other sites More sharing options...
Switeck Posted July 27, 2009 Report Share Posted July 27, 2009 If you did not put the rerouted web addresses in:O1 - Hosts: 148.244.43.5 www.bancomer.com...O1 - Hosts: 200.76.36.117 www.secure4.bb.com.mx...It is quite likely hostile software has!...And did you download that copy of HijackThis recently? There may be a newer version capable of showing more. Link to comment Share on other sites More sharing options...
Hyosung Posted July 27, 2009 Author Report Share Posted July 27, 2009 I've tried deleting everythign in my HOSTS file, and that did nothing.As for the HijackThis, it should be the most recent version. Link to comment Share on other sites More sharing options...
Switeck Posted July 28, 2009 Report Share Posted July 28, 2009 What about a Process Explorer log showing uTorrent's loaded DLLs?(1st link in my signature, very last of last post.)...I'm hoping to see the thing/s slowing down uTorrent that way. Link to comment Share on other sites More sharing options...
Hyosung Posted July 28, 2009 Author Report Share Posted July 28, 2009 First, here is an updated HijackThis Log:---Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:34:13 PM, on 7/27/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\brss01a.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\WINDOWS\system32\Brmfrmps.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\NetLimiter 2 Pro\nlsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\WallMaster\wallmast.exeC:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXEC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\Documents and Settings\Chris La\Application Data\uTorrent\uTorrent.exeC:\WINDOWS\system32\wuauclt.exeC:\Documents and Settings\Chris La\Desktop\asdf\ProcessExplorer\procexp.exeC:\Documents and Settings\Chris La\Desktop\asdf\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /minO4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXEO4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Startup: WallMaster Pro.lnk = C:\Program Files\WallMaster\wallmast.exeO4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1233795727968O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exeO23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exeO23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exeO23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe--End of file - 4274 bytes-----From Process Explorer:---Process PID CPU Description Company NameSystem Idle Process 0 98.46 Interrupts n/a Hardware Interrupts DPCs n/a Deferred Procedure Calls System 4 smss.exe 812 Windows NT Session Manager Microsoft Corporation csrss.exe 860 Client Server Runtime Process Microsoft Corporation winlogon.exe 900 Windows NT Logon Application Microsoft Corporation services.exe 952 Services and Controller app Microsoft Corporation ati2evxx.exe 1176 ATI External Event Utility EXE Module ATI Technologies Inc. svchost.exe 1196 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1272 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1424 Generic Host Process for Win32 Services Microsoft Corporation wuauclt.exe 3184 Windows Update Automatic Updates Microsoft Corporation svchost.exe 1452 Generic Host Process for Win32 Services Microsoft Corporation brsvc01a.exe 1744 brsvc01a brother Industries Ltd brss01a.exe 1760 brss01a.exe brother Industries Ltd spoolsv.exe 1768 Spooler SubSystem App Microsoft Corporation sched.exe 1876 Antivirus Scheduler Avira GmbH avguard.exe 500 0.77 Antivirus On-Access Service Avira GmbH Brmfrmps.exe 548 Brother Popup Suspend service ( for R/M ) Brother Industries, Ltd. jqs.exe 604 Java Quick Starter Service Sun Microsystems, Inc. nlsvc.exe 676 NetLimiter 2 service Locktime Software svchost.exe 748 Generic Host Process for Win32 Services Microsoft Corporation lsass.exe 964 LSA Shell (Export Version) Microsoft Corporation ati2evxx.exe 1460 ATI External Event Utility EXE Module ATI Technologies Inc.explorer.exe 404 Windows Explorer Microsoft Corporation avgnt.exe 1628 Antivirus System Tray Tool Avira GmbH RTHDCPL.EXE 1808 Realtek HD Audio Control Panel Realtek Semiconductor Corp. ctfmon.exe 1856 CTF Loader Microsoft Corporation SetPoint.exe 1916 Logitech SetPoint Event Manager (UNICODE) Logitech, Inc. KHALMNPR.exe 840 Logitech KHAL Main Process Logitech, Inc. firefox.exe 3816 Firefox Mozilla Corporation wallmast.exe 132 WallMaster Pro version 4.0a Tropical Wares uTorrent.exe 3164 µTorrent BitTorrent, Inc. procexp.exe 3448 0.77 Sysinternals Process Explorer Sysinternals - www.sysinternals.comMOM.exe 1944 Catalyst Control Center: Monitoring program Advanced Micro Devices Inc. CCC.exe 2196 Catalyst Control Centre: Host application ATI Technologies Inc.Process: uTorrent.exe Pid: 3164Name Description Company Name VersionACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation 5.1.2600.5512adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.1.2600.5512ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.1.2600.5755ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.5.2284.1COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.0.2900.5512comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.0.2900.5512ctype.nls DnsApi.dll DNS Client API DLL Microsoft Corporation 5.1.2600.5625GDI32.dll GDI Client DLL Microsoft Corporation 5.1.2600.5698hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.1.2600.5512IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.1.2600.5512Iphlpapi.dll IP Helper API Microsoft Corporation 5.1.2600.5512kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.1.2600.5781lgscroll.dll Logitech Scroll Enabler (UNICODE) Logitech, Inc. 4.72.40.0locale.nls LPK.DLL Language Pack Microsoft Corporation 5.1.2600.5512MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.1.2600.5512MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.1.2600.5512msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.1.2600.5768MSVCR80.dll Microsoft® C Runtime Library Microsoft Corporation 8.0.50727.3053msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.2600.5512mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.1.2600.5625netapi32.dll Net Win32 API DLL Microsoft Corporation 5.1.2600.5694ntdll.dll NT Layer DLL Microsoft Corporation 5.1.2600.5755NTMARTA.DLL Windows NT MARTA provider Microsoft Corporation 5.1.2600.5512ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.1.2600.5512oleaut32.dll Microsoft Corporation 5.1.2600.5512rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.1.2600.5512RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.1.2600.5795rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.1.2600.5507rtutils.dll Routing Utilities Microsoft Corporation 5.1.2600.5512SAMLIB.dll SAM Library DLL Microsoft Corporation 5.1.2600.5512Secur32.dll Security Support Provider Interface Microsoft Corporation 5.1.2600.5753SETUPAPI.dll Windows Setup API Microsoft Corporation 5.1.2600.5512SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.0.2900.5622SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.0.2900.5512sortkey.nls sorttbls.nls unicode.nls USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.1.2600.5512USERENV.dll Userenv Microsoft Corporation 5.1.2600.5512USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.420.2600.5512uTorrent.exe µTorrent BitTorrent, Inc. 1.8.3.15772UxTheme.dll Microsoft UxTheme Library Microsoft Corporation 6.0.2900.5512WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.1.2600.5512WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.1.2600.5512WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.1.2600.5512wship6.dll IPv6 Helper DLL Microsoft Corporation 5.1.2600.5512wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.1.2600.5512----I want to now noote.. that now the speed fluctuate opposed to just at 1kB, it is 'stable' at 30kB and sort goes up/down from time to time from there... Called a Tech to come (Friday) but if can resolve this before then, then will cancel that appointment. Link to comment Share on other sites More sharing options...
Switeck Posted July 28, 2009 Report Share Posted July 28, 2009 It may be a longshot...but NetLimiter has caused other people problems:http://forum.utorrent.com/viewtopic.php?id=59584http://forum.utorrent.com/viewtopic.php?id=58028http://forum.utorrent.com/viewtopic.php?id=54608http://forum.utorrent.com/viewtopic.php?id=53023http://forum.utorrent.com/viewtopic.php?id=46890http://forum.utorrent.com/viewtopic.php?id=45279http://forum.utorrent.com/viewtopic.php?id=52128 Link to comment Share on other sites More sharing options...
Hyosung Posted July 28, 2009 Author Report Share Posted July 28, 2009 Hmm been using it for over half a year without problems, and even now I don't have it on boot-up just when I use it with another program, which is rarely now. Link to comment Share on other sites More sharing options...
Switeck Posted July 28, 2009 Report Share Posted July 28, 2009 The only non-Microsoft DLL that uTorrent seems to be loading is this:lgscroll.dll Logitech Scroll Enabler (UNICODE) Logitech, Inc. 4.72.40.0...And I doubt that's causing your problem.It's an even further longshot...Try google to see if anyone has bittorrent problems with the various programs listed in your HijackThis log. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.