sa3atsky Posted August 23, 2009 Report Share Posted August 23, 2009 Im running Winxp sp3, using Utorrent ver. 1.8.4 and Nod32 Ver.4. I have already unchecked Utorrent from Nod32 IMON.. When I'm running uTorrent and downloading files, nod32's "ekrn.exe" process suddenly goes up, Utorrent becomes unresponsive as well as everything else and I have to hard reset my PC.Heres my Hijack log:-------------------------------------------------------------------------------------------------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:55:51, on 23/08/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16850)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exeC:\WINDOWS\system32\kxmixer.exeC:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exeC:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exeC:\Program Files\Ad Muncher\AdMunch.exeC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\Program Files\DAEMON Tools Lite\daemon.exeC:\Program Files\Logitech\MouseWare\system\em_exec.exeC:\Program Files\RocketDock\RocketDock.exeC:\Program Files\Samurize\Client.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\Yztoolbar\YzToolBar.exeC:\Program Files\SpeedFan\speedfan.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\Program Files\Hotspot Shield\bin\openvpnas.exeC:\Program Files\Hotspot Shield\HssWPR\hsssrv.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\PnkBstrB.exeC:\Program Files\SiI4726\SiI 4726 Manager\SiI4726.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Opera\opera.exeC:\Documents and Settings\Sa3atsky\Desktop\Drivers\Essentials\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dllO4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exeO4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.ExeO4 - HKLM\..\Run: [kX Mixer] C:\WINDOWS\system32\kxmixer.exe --startupO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exeO4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /btO4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitserviceO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorunO4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')O4 - Startup: RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exeO4 - Startup: Samurize.lnk = C:\Program Files\Samurize\Client.exeO4 - Startup: Shortcut to YzToolBar.lnk = C:\Program Files\Yztoolbar\YzToolBar.exeO4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{26E4D759-04F2-44E6-99C5-0468CC63AEF9}: NameServer = 217.17.233.49,193.188.97.193O17 - HKLM\System\CS1\Services\Tcpip\..\{26E4D759-04F2-44E6-99C5-0468CC63AEF9}: NameServer = 217.17.233.49,193.188.97.193O17 - HKLM\System\CS2\Services\Tcpip\..\{26E4D759-04F2-44E6-99C5-0468CC63AEF9}: NameServer = 217.17.233.49,193.188.97.193O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exeO23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeO23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exeO23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exeO23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXEO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exeO23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exeO23 - Service: SiI 4726 Manager - Unknown owner - C:\Program Files\SiI4726\SiI 4726 Manager\SiI4726.exeO23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)O24 - Desktop Component 0: (no name) - C:\Custom\Desktop\2nd\crestock-924844-1680x1050.jpgO24 - Desktop Component 1: (no name) - C:\Custom\Desktop\2nd\Vuela_con_ella__by_EseLoKo.jpgO24 - Desktop Component 2: (no name) - C:\Custom\Desktop\2nd\smokey_colors_by_cozmicboy.jpgO24 - Desktop Component 3: (no name) - C:\Custom\Desktop\2nd\A_Blackbelt_In_Breakups_by_j3concepts.pngO24 - Desktop Component 4: (no name) - C:\Custom\Desktop\2nd\Lunar_Strain_by_Lunar_strain.jpgO24 - Desktop Component 5: (no name) - C:\Custom\Desktop\00235_thebluemarble_1920x1200.jpgO24 - Desktop Component 6: (no name) - C:\Custom\Desktop\2nd\Darkside_of_the_Moon_by_davidambler.png--End of file - 8023 bytes-------------------------------------------------------------------------------------------------------------------------------------------Process explorer:-------------------------------------------------------------------------------------------------------------------------------------------Process PID CPU Description Company NameSystem Idle Process 0 80.38 Interrupts n/a Hardware Interrupts DPCs n/a Deferred Procedure Calls System 4 3.46 smss.exe 1260 Windows NT Session Manager Microsoft Corporation csrss.exe 1324 Client Server Runtime Process Microsoft Corporation winlogon.exe 1356 Windows NT Logon Application Microsoft Corporation services.exe 1400 Services and Controller app Microsoft Corporation ati2evxx.exe 1608 ATI External Event Utility EXE Module ATI Technologies Inc. svchost.exe 1628 Generic Host Process for Win32 Services Microsoft Corporation wmiprvse.exe 3256 WMI Microsoft Corporation wlcomm.exe 716 Windows Live Communications Platform Microsoft Corporation svchost.exe 1696 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1824 Generic Host Process for Win32 Services Microsoft Corporation wuauclt.exe 4008 Windows Update Automatic Updates Microsoft Corporation svchost.exe 2036 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 240 Generic Host Process for Win32 Services Microsoft Corporation spoolsv.exe 532 Spooler SubSystem App Microsoft Corporation svchost.exe 764 Generic Host Process for Win32 Services Microsoft Corporation schedul2.exe 860 Acronis Scheduler 2 Acronis ekrn.exe 928 ESET Service ESET openvpnas.exe 1084 hsssrv.exe 1140 Hotspot Shield Helper Service AnchorFree Inc. PnkBstrA.exe 1172 PnkBstrB.exe 1232 SiI4726.exe 2232 rundll32.exe 2564 Run a DLL as an App Microsoft Corporation alg.exe 3368 Application Layer Gateway Service Microsoft Corporation lsass.exe 1412 LSA Shell (Export Version) Microsoft Corporation ati2evxx.exe 356 ATI External Event Utility EXE Module ATI Technologies Inc.explorer.exe 952 Windows Explorer Microsoft Corporation ctfmon.exe 1048 CTF Loader Microsoft Corporation TrueImageMonitor.exe 1148 Acronis True Image Monitor Acronis kxmixer.exe 1184 kX mixer Eugene Gavrilov TimounterMonitor.exe 1192 Monitor for Acronis True Image Backup Archive Explorer Acronis schedhlp.exe 1212 Acronis Scheduler Helper Acronis AdMunch.exe 1284 Ad Muncher Murray Hurps Corp Pty Ltd egui.exe 1304 ESET GUI ESET daemon.exe 1480 DAEMON Tools Lite DT Soft Ltd RocketDock.exe 1644 opera.exe 2120 Opera Internet Browser Opera Software HiJackThis.exe 3916 HijackThis Trend Micro Inc. msnmsgr.exe 2256 Windows Live Messenger Microsoft Corporation uTorrent.exe 3120 13.08 µTorrent BitTorrent, Inc. Client.exe 1744 3.08 Samurize.com YzToolBar.exe 1788 ToolBar icon can be changed. Y'z@Home speedfan.exe 744 Almico Software (www.almico.com) notepad.exe 3764 Notepad Microsoft Corporation foobar2000.exe 3572 foobar2000 Application procexp.exe 1484 Sysinternals Process Explorer Sysinternals - www.sysinternals.comEM_EXEC.EXE 212 Logitech Events Handler Application Logitech Inc.MOM.exe 1748 Catalyst Control Center: Monitoring program Advanced Micro Devices Inc. CCC.exe 1024 Catalyst Control Centre: Host application ATI Technologies Inc.Process: uTorrent.exe Pid: 3120Name Description Company Name VersionACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation 5.1.2600.5512adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.1.2600.5512ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.1.2600.5755AM30400.dll Ad Muncher Hook DLL Murray Hurps Corp Pty Ltd 4.72.0.30400ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.5.2284.1CLBCATQ.DLL Microsoft Corporation 2001.12.4414.700COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.0.2900.5512comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.0.2900.5512COMRes.dll Microsoft Corporation 2001.12.4414.700credui.dll Credential Manager User Interface Microsoft Corporation 5.1.2600.5512CRYPT32.dll Crypto API32 Microsoft Corporation 5.131.2600.5512ctype.nls DnsApi.dll DNS Client API DLL Microsoft Corporation 5.1.2600.5625dot3api.dll 802.3 Autoconfiguration API Microsoft Corporation 5.1.2600.5512dot3dlg.dll 802.3 UI Helper Microsoft Corporation 5.1.2600.5512eappcfg.dll Eap Peer Config Microsoft Corporation 5.1.2600.5512eappprxy.dll Microsoft EAPHost Peer Client DLL Microsoft Corporation 5.1.2600.5512GDI32.dll GDI Client DLL Microsoft Corporation 5.1.2600.5698hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.1.2600.5512IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.1.2600.5512Iphlpapi.dll IP Helper API Microsoft Corporation 5.1.2600.5512iprepair.dll IconPackager Repair Module Stardock.net, Inc 3.1.0.0kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.1.2600.5781LgMsgHk.dll Logitech Message Hook Library Logitech Inc. 1.1.0.0LgWndHk.dll Logitech Call Window Hook Library Logitech Inc. 9.79.25.1locale.nls MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.1.2600.5512MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 5.1.2600.5512MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.1.2600.5512msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.1.2600.5768MSVCP60.dll Microsoft ® C++ Runtime Library Microsoft Corporation 6.2.3104.0msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.2600.5512mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.1.2600.5625netapi32.dll Net Win32 API DLL Microsoft Corporation 5.1.2600.5694NETSHELL.dll Network Connections Shell Microsoft Corporation 5.1.2600.5512ntdll.dll NT Layer DLL Microsoft Corporation 5.1.2600.5755ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.1.2600.5512oleaut32.dll Microsoft Corporation 5.1.2600.5512OneX.DLL IEEE 802.1X supplicant library Microsoft Corporation 5.1.2600.5512PSAPI.DLL Process Status Helper Microsoft Corporation 5.1.2600.5512rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.1.2600.5512RocketDock.dll RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.1.2600.5795rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.1.2600.5507rtutils.dll Routing Utilities Microsoft Corporation 5.1.2600.5512SAMLIB.dll SAM Library DLL Microsoft Corporation 5.1.2600.5512Secur32.dll Security Support Provider Interface Microsoft Corporation 5.1.2600.5753SETUPAPI.dll Windows Setup API Microsoft Corporation 5.1.2600.5512SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.0.2900.5622shfolder.dll Shell Folder Service Microsoft Corporation 6.0.2900.5512SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.0.2900.5512sortkey.nls sorttbls.nls unicode.nls USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.1.2600.5512USERENV.dll Userenv Microsoft Corporation 5.1.2600.5512uTorrent.exe µTorrent BitTorrent, Inc. 1.8.4.16150uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.0.2900.5512VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.1.2600.5512WINSTA.dll Winstation Library Microsoft Corporation 5.1.2600.5512WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.1.2600.5512WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.1.2600.5512WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.1.2600.5512wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.1.2600.5512WTSAPI32.dll Windows Terminal Server SDK APIs Microsoft Corporation 5.1.2600.5512xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.1.2600.5512YzToolBar.dll Y'z ToolBar DLL 1.3.0.0-------------------------------------------------------------------------------------------------------------------------------------------Utorrent Dump File:http://www.easy-share.com/1907457778/15772-utorrent.fc5d.dmpthanks - edited Link to comment Share on other sites More sharing options...
moogly Posted August 23, 2009 Report Share Posted August 23, 2009 When uT is running, you have to select utorrent.exe and enable DLL mode (ctrl+d) in Process Explorer.Edit your log please. Link to comment Share on other sites More sharing options...
Switeck Posted August 23, 2009 Report Share Posted August 23, 2009 These are the non-Microsoft DLLs I see from Process Explorer:AM30400.dll Ad Muncher Hook DLL Murray Hurps Corp Pty Ltd 4.72.0.30400iprepair.dll IconPackager Repair Module Stardock.net, Inc 3.1.0.0LgMsgHk.dll Logitech Message Hook Library Logitech Inc. 1.1.0.0LgWndHk.dll Logitech Call Window Hook Library Logitech Inc. 9.79.25.1YzToolBar.dll Y'z ToolBar DLL 1.3.0.0Logitech is unlikely to be a problem...but the other 3 might be. Link to comment Share on other sites More sharing options...
GTHK Posted August 23, 2009 Report Share Posted August 23, 2009 Whole computer becomes unresponsive just before NOD32's process acts up? Update NOD32. If that doesn't help, try uninstalling NOD32 temporarily. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.