Jump to content

Memory usage grows in minutes, and freezes at 2GB


k1lljoy

Recommended Posts

I have a problem thats been plaguing me for a while.... Im trying to download about 200 torrents... I have it set to download 20 at a time... and it still cant remain stable for more than a few minutes.

When the download rate climbs over 2MB/s (im on a 100mbit connection), ram usage starts growing rapidly until it reaches 1.9-2GB and then utorrent freezes.

Its downloading to a RAID5 array, and I have 12GB of RAM. Running WIndows 7 64bit. I tried to cut it down to 10 torrents at a time... no effect.

Any ideas whats causing this?

Link to comment
Share on other sites

Hostile software is deeply embedded that is trying to monitor the traffic going to/from uTorrent. (A man-in-the-middle form of attack.)

Best to remove such software.

1st link in my signature, VERY bottom -- the Process Explorer procedure. We need uTorrent's DLL list to see what 3rd party DLLs are deep linking into uTorrent.

Link to comment
Share on other sites

Process PID CPU Description Company Name

System Idle Process 0 85.25

Interrupts n/a 0.19 Hardware Interrupts

DPCs n/a 0.19 Deferred Procedure Calls

System 4 0.57

smss.exe 356

csrss.exe 488

wininit.exe 592

services.exe 652

svchost.exe 788 0.19

wlcomm.exe 4844 Windows Live Communications Platform Microsoft Corporation

wmplayer.exe 8928 1.52 Windows Media Player Microsoft Corporation

dllhost.exe 5292 COM Surrogate Microsoft Corporation

nvvsvc.exe 844

nvvsvc.exe 1560

svchost.exe 892

svchost.exe 952

audiodg.exe 10784

svchost.exe 984

dwm.exe 2328 Desktop Window Manager Microsoft Corporation

WUDFHost.exe 2636

svchost.exe 1012

wuauclt.exe 8804 Windows Update Microsoft Corporation

svchost.exe 1028

svchost.exe 1144

spoolsv.exe 1292

svchost.exe 1320

avgwdsvc.exe 1420

avgrsa.exe 1692

avgnsa.exe 1700 0.19

svchost.exe 1472

MSCamS64.exe 1500

NBService.exe 1580

IoctlSvc.exe 1836

nvSCPAPISvr.exe 1904

svchost.exe 1960

avgemc.exe 1992

avgcsrvx.exe 2112

taskhost.exe 2360 Host Process for Windows Tasks Microsoft Corporation

svchost.exe 3100

NMIndexingService.exe 3716

SearchIndexer.exe 3768

SearchProtocolHost.exe 7420

SearchFilterHost.exe 7720

wmpnetwk.exe 4584

svchost.exe 4708

svchost.exe 4384 0.19

FNPLicensingService.exe 1968

svchost.exe 2704

taskhost.exe 6876

svchost.exe 4360

lsass.exe 676

lsm.exe 684

csrss.exe 608

winlogon.exe 448

taskmgr.exe 1440 0.38 Windows Task Manager Microsoft Corporation

explorer.exe 2468 1.90 Windows Explorer Microsoft Corporation

RAVCpl64.exe 2812 HD Audio Control Panel Realtek Semiconductor

DisplayFusion.exe 3168 0.57

DisplayFusionHookx86.exe 3152

Skype.exe 3176 Skype Skype Technologies S.A.

sidebar.exe 3228 Windows Desktop Gadgets Microsoft Corporation

Dropbox.exe 3564 0.19 Dropbox

OUTLOOK.EXE 3592 Microsoft Office Outlook Microsoft Corporation

Acrobat.exe 1196 Adobe Acrobat 9.1 Adobe Systems Incorporated

postbox.exe 3696 Postbox Postbox, Inc.

wsftpgui.exe 3820 WS_FTP Pro Application Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421

Dreamweaver.exe 8124 0.95 Adobe Dreamweaver CS4 Adobe Systems, Inc.

msnmsgr.exe 2320 Windows Live Messenger Microsoft Corporation

WINWORD.EXE 3624 Microsoft Office Word Microsoft Corporation

splwow64.exe 3456 Print driver host for 32bit applications Microsoft Corporation

calc.exe 3004 Windows Calculator Microsoft Corporation

BitLord.exe 12768 3.23 BitLord www.BitLord.com

uTorrent.exe 6076 0.95 µTorrent BitTorrent, Inc.

avgtray.exe 3656 AVG Tray Monitor AVG Technologies CZ, s.r.o.

RIMAutoUpdate.exe 3704 RIM Auto Update Research In Motion Limited

Scan2Pc.exe 3832 ScanToPc MFC Application

jusched.exe 4032 Java Platform SE binary Sun Microsystems, Inc.

firefox.exe 5356 1.52 Firefox Mozilla Corporation

pidgin.exe 4028

ielowutil.exe 6608 Internet Low-Mic Utility Tool Microsoft Corporation

OrbLauncher.exe 3652

Orb.exe 6300

procexp.exe 4292 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

procexp64.exe 4548 2.28 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

Process: uTorrent.exe Pid: 6076

Name Description Company Name Version

{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000004.db

{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db

{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db

{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db

{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db

{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db

{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db

{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db

{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db

{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db

{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db

{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db

{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db

{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db

{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db

{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db

{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db

{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db

{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db

{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db

{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db

{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db

{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db

{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db

{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db

{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db

{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db

{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db

{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db

{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db

actxprxy.dll ActiveX Interface Marshaling Library Microsoft Corporation 6.1.7100.0

ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 6.1.7100.0

ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.5.2284.0

AUTHZ.dll Authorization Framework Microsoft Corporation 6.1.7100.0

CFGMGR32.dll Configuration Manager DLL Microsoft Corporation 6.1.7100.0

CLBCatQ.DLL COM+ Configuration Catalog Microsoft Corporation 2001.12.8030.0

COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.10.7100.19

comctl32.dll.mui User Experience Controls Library Microsoft Corporation 6.10.7100.0

comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.1.7100.0

credssp.dll Credential Delegation Security Package Microsoft Corporation 6.1.7100.0

CRYPT32.dll Crypto API32 Microsoft Corporation 6.1.7100.0

CRYPTBASE.dll Base cryptographic API DLL Microsoft Corporation 6.1.7100.0

CRYPTSP.dll Cryptographic Service Provider API Microsoft Corporation 6.1.7100.0

cversions.2.db

cversions.2.db

DEVOBJ.dll Device Information Set DLL Microsoft Corporation 6.1.7100.0

dhcpcsvc.DLL DHCP Client Service Microsoft Corporation 6.1.7100.0

dhcpcsvc6.DLL DHCPv6 Client Microsoft Corporation 6.1.7100.0

DisplayFusionHookx86.dll DisplayFusion Hook Binary Fortress Software 1.9.0.0

DnsApi.dll DNS Client API DLL Microsoft Corporation 6.1.7100.0

DUser.dll Windows DirectUser Engine Microsoft Corporation 6.1.7100.0

duser.dll.mui Windows DirectUser Engine Microsoft Corporation 6.1.7100.0

dwmapi.dll Microsoft Desktop Window Manager API Microsoft Corporation 6.1.7100.0

FirewallAPI.dll Windows Firewall API Microsoft Corporation 6.1.7100.0

fwpuclnt.dll FWP/IPsec User-Mode API Microsoft Corporation 6.1.7100.0

GDI32.dll GDI Client DLL Microsoft Corporation 6.1.7100.19

GPAPI.dll Group Policy Client API Microsoft Corporation 6.1.7100.0

hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 6.1.7100.0

hnetcfg.dll.mui Home Networking Configuration Manager Microsoft Corporation 6.1.7100.0

iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 8.0.7100.13

IMM32.DLL Multi-User Windows IMM32 API Client DLL Microsoft Corporation 6.1.7100.0

Iphlpapi.dll IP Helper API Microsoft Corporation 6.1.7100.0

kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 6.1.7100.0

KERNELBASE.dll Windows NT BASE API Client DLL Microsoft Corporation 6.1.7100.0

KernelBase.dll.mui Windows NT BASE API Client DLL Microsoft Corporation 6.1.7100.0

locale.nls

LPK.dll Language Pack Microsoft Corporation 6.1.7100.0

MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 6.1.7100.0

MSCTF.dll MSCTF Server DLL Microsoft Corporation 6.1.7100.0

msctf.dll.mui MSCTF Server DLL Microsoft Corporation 6.1.7100.0

msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.7100.0

mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 6.1.7100.0

msxml3.dll MSXML 3.0 SP11 Microsoft Corporation 8.110.7100.0

msxml3r.dll XML Resources Microsoft Corporation 8.110.7100.0

netshell.dll Network Connections Shell Microsoft Corporation 6.1.7100.0

netutils.dll Net Win32 API Helpers DLL Microsoft Corporation 6.1.7100.0

nlaapi.dll Network Location Awareness 2 Microsoft Corporation 6.1.7100.0

normnfd.nls

npmproxy.dll Network List Manager Proxy Microsoft Corporation 6.1.7100.0

NSI.dll NSI User-mode interface DLL Microsoft Corporation 6.1.7100.0

ntdll.dll NT Layer DLL Microsoft Corporation 6.1.7100.0

ntdll.dll NT Layer DLL Microsoft Corporation 6.1.7100.0

ntmarta.dll Windows NT MARTA provider Microsoft Corporation 6.1.7100.0

ole32.dll Microsoft OLE for Windows Microsoft Corporation 6.1.7100.0

oleaut32.dll Microsoft Corporation 6.1.7100.0

peerdist.dll BranchCache Client Library Microsoft Corporation 6.1.7100.0

profapi.dll User Profile Basic API Microsoft Corporation 6.1.7100.0

propsys.dll Microsoft Property System Microsoft Corporation 7.0.7100.0

psapi.dll Process Status Helper Microsoft Corporation 6.1.7100.0

rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 6.1.7100.0

RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 6.1.7100.0

RpcRtRemote.dll Remote RPC Extension Microsoft Corporation 6.1.7100.0

rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 6.1.7100.0

sechost.dll Host for SCM/SDDL/LSA Lookup APIs Microsoft Corporation 6.1.7100.0

SETUPAPI.dll Windows Setup API Microsoft Corporation 6.1.7100.0

SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.1.7100.0

shfolder.dll Shell Folder Service Microsoft Corporation 6.1.7100.0

SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.1.7100.0

slc.dll Software Licensing Client Dll Microsoft Corporation 6.1.7100.0

SortDefault.nls

SSDPAPI.dll SSDP Client API DLL Microsoft Corporation 6.1.7100.0

SspiCli.dll Security Support Provider Interface Microsoft Corporation 6.1.7100.0

StaticCache.dat

SXS.DLL Fusion 2.5 Microsoft Corporation 6.1.7100.19

upnp.dll UPnP Control Point API Microsoft Corporation 6.1.7100.0

urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 8.0.7100.18

urlmon.dll.mui OLE32 Extensions for Win32 Microsoft Corporation 8.0.7100.0

USER32.dll Multi-User Windows USER API Client DLL Microsoft Corporation 6.1.7100.19

USERENV.dll Userenv Microsoft Corporation 6.1.7100.0

USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.626.7100.0

uTorrent.exe µTorrent BitTorrent, Inc. 1.8.3.15772

uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.1.7100.0

VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 6.1.7100.0

webio.dll Web Transfer Protocols API Microsoft Corporation 6.1.7100.0

WINHTTP.dll Windows HTTP Services Microsoft Corporation 6.1.7100.0

WINNSI.DLL Network Store Information RPC interface Microsoft Corporation 6.1.7100.0

wkscli.dll Workstation Service Client DLL Microsoft Corporation 6.1.7100.0

WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 6.1.7100.0

wow64.dll Win32 Emulation on NT64 Microsoft Corporation 6.1.7100.0

wow64cpu.dll AMD64 Wow64 CPU Microsoft Corporation 6.1.7100.0

wow64win.dll Wow64 Console and Win32 API Logging Microsoft Corporation 6.1.7100.0

WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 6.1.7100.0

wship6.dll Winsock2 Helper DLL (TL/IPv6) Microsoft Corporation 6.1.7100.0

wshtcpip.dll Winsock2 Helper DLL (TL/IPv4) Microsoft Corporation 6.1.7100.0

------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:56:22 PM, on 10/1/2009

Platform: Unknown Windows (WinNT 6.01.3004)

MSIE: Internet Explorer v8.00 (8.00.7100.0000)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Users\Yegor\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files (x86)\AVG\AVG8\avgtray.exe

C:\Program Files (x86)\Postbox\postbox.exe

C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\Program Files (x86)\Ipswitch\WS_FTP Pro\wsftpgui.exe

C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Pidgin\pidgin.exe

C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe

C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files (x86)\Orb Networks\Orb\bin\OrbLauncher.exe

C:\Program Files (x86)\Orb Networks\Orb\bin\Orb.exe

C:\Program Files (x86)\BitLord\BitLord.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 75.151.214.249:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files (x86)\Ipswitch\WS_FTP Pro\wsbho2k0.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [3170 Scan2PC] "C:\Windows\Twain_32\Samsung\CLX3170\Scan2Pc.exe"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Orb] "C:\Program Files (x86)\Orb Networks\Orb\bin\OrbLauncher.exe" /background

O4 - HKCU\..\Run: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: Dropbox.lnk = Yegor\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: Microsoft Office Outlook 2007.lnk = ?

O4 - Startup: Mozilla Firefox.lnk = C:\Program Files (x86)\Mozilla Firefox\firefox.exe

O4 - Startup: Postbox.lnk = C:\Program Files (x86)\Postbox\postbox.exe

O4 - Startup: WS_FTP Pro.lnk = C:\Program Files (x86)\Ipswitch\WS_FTP Pro\wsftpgui.exe

O4 - Global Startup: Pidgin.lnk = C:\Program Files (x86)\Pidgin\pidgin.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\WebCapture.dll2.htm

O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\WebCapture.dll1.htm

O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\WebCapture.dll.htm

O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\WebCapture.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\SysWOW64\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 13497 bytes

Link to comment
Share on other sites

I couldn't find anything about these in GOOGLE searches, but all the repeats can't be good!

{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000004.db

{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db

...

{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db

{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...