jgreen7801 Posted February 2, 2010 Report Share Posted February 2, 2010 The app just disappears from sys tray after a few hours. I restart, which makes the checking start of all the partially downloaded files. This takes hours and the it starts again. I have read the guides and checked the settings. I updated Java from their website. I'm running Win XP sp2, Java 6 update 18, done the speed tests and properly set to the guide's specs. I did the port forwarding check. I'm using BitTorrent 6.3(build 16973). I tried using UTorrent but couldn't stay connected to the internet. I have read the forums looking for answers. Please help. Link to comment Share on other sites More sharing options...
moogly Posted February 2, 2010 Report Share Posted February 2, 2010 BitTorrent or µTorrent, it's the same client. Switching will not fix the issue.Can you post Hijackthis log when BT is running.Guide: http://forum.utorrent.com/viewtopic.php?id=29748 Link to comment Share on other sites More sharing options...
jgreen7801 Posted February 2, 2010 Author Report Share Posted February 2, 2010 Thanks for reply, Below is Hijackthis log, and Process Explorer in that order.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:20:36 PM, on 2/2/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeF:\PROGRA~1\BLOCKB~1\MovielinkCore.exeC:\WINDOWS\system32\nvsvc32.exeF:\Program files on USB Drive\ReflectService.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exeC:\Program Files\Windows Media Player\WMPNSCFG.exeC:\Program Files\MyBullionTracker\MyBullionTracker.exeC:\WINDOWS\explorer.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\system32\msiexec.exeC:\Documents and Settings\John Green\Desktop\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: (no name) - AutorunsDisabled - (no file)O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [RemoteControl] "E:\desktop moved items\PowerDVD\PDVDServ.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - S-1-5-18 Startup: MyBullionTracker.lnk = C:\Program Files\MyBullionTracker\MyBullionTracker.exe (User 'SYSTEM')O4 - .DEFAULT Startup: MyBullionTracker.lnk = C:\Program Files\MyBullionTracker\MyBullionTracker.exe (User 'Default user')O4 - Startup: MyBullionTracker.lnk = C:\Program Files\MyBullionTracker\MyBullionTracker.exeO9 - Extra button: (no name) - AutorunsDisabled - (no file)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CABO16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO20 - AppInit_DLLs: NVDESK32.DLL wolayuga.dll c:\windows\system32\tisopayi.dllO20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dllO23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exeO23 - Service: Movielink Core Service - Blockbuster - F:\PROGRA~1\BLOCKB~1\MovielinkCore.exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - F:\Program files on USB Drive\ReflectService.exe--End of file - 5388 bytesProcess PID CPU Description Company NameSystem Idle Process 0 77.45 Interrupts n/a 4.90 Hardware Interrupts DPCs n/a 6.86 Deferred Procedure Calls System 4 smss.exe 436 Windows NT Session Manager Microsoft Corporation csrss.exe 532 Client Server Runtime Process Microsoft Corporation winlogon.exe 560 Windows NT Logon Application Microsoft Corporation services.exe 604 1.96 Services and Controller app Microsoft Corporation svchost.exe 776 Generic Host Process for Win32 Services Microsoft Corporation unsecapp.exe 2088 WMI Microsoft Corporation wmiprvse.exe 2452 WMI Microsoft Corporation svchost.exe 824 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 864 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 920 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1020 Generic Host Process for Win32 Services Microsoft Corporation aswUpdSv.exe 1108 avast! Antivirus updating service ALWIL Software ashServ.exe 1180 avast! antivirus service ALWIL Software spoolsv.exe 1480 Spooler SubSystem App Microsoft Corporation svchost.exe 1600 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1752 Generic Host Process for Win32 Services Microsoft Corporation MovielinkCore.exe 1920 BLOCKBUSTER Movielink Core Application Blockbuster nvsvc32.exe 1960 NVIDIA Driver Helper Service, Version 44.82 NVIDIA Corporation ReflectService.exe 2004 Reflect Service - Enables mounting of images wmpnetwk.exe 356 Windows Media Player Network Sharing Service Microsoft Corporation ashMaiSv.exe 888 avast! e-Mail Scanner Service ALWIL Software ashWebSv.exe 952 avast! Web Scanner ALWIL Software alg.exe 2268 Application Layer Gateway Service Microsoft Corporation jqs.exe 8664 Java Quick Starter Service Sun Microsystems, Inc. msiexec.exe 10308 Windows® installer Microsoft Corporation lsass.exe 624 LSA Shell (Export Version) Microsoft Corporation explorer.exe 3620 0.98 Windows Explorer Microsoft Corporation uTorrent.exe 11772 6.86 µTorrent BitTorrent, Inc. iexplore.exe 10788 Internet Explorer Microsoft Corporation iexplore.exe 12200 Internet Explorer Microsoft Corporation HijackThis.exe 11736 HijackThis Trend Micro Inc.ashDisp.exe 3160 avast! service GUI component ALWIL Softwarectfmon.exe 3268 CTF Loader Microsoft CorporationDesktopWeather.exe 3372 The Weather Channel Interactive, Inc.wmpnscfg.exe 3384 Windows Media Player Network Sharing Service Configuration Application Microsoft CorporationMyBullionTracker.exe 3468 procexp.exe 11264 0.98 Sysinternals Process Explorer Sysinternals - www.sysinternals.com Link to comment Share on other sites More sharing options...
DreadWingKnight Posted February 2, 2010 Report Share Posted February 2, 2010 http://www.prevx.com/filenames/1409459780061133444-X1/WOLAYUGA.DLL.htmlClean the malware off your system before you do anything. Link to comment Share on other sites More sharing options...
jgreen7801 Posted February 2, 2010 Author Report Share Posted February 2, 2010 I have already done that. If you could be more specific about the malware, That would be helpful. I have run virus scans and adware scans and spyware scans, and followed the recommended solutions and was successful on all three fronts. There were no viruses, some adware(which was removed), and some spyware(which was also removed. I have read the FAQs and guides thouroughly. Being dismissive is not helpful. Link to comment Share on other sites More sharing options...
DreadWingKnight Posted February 2, 2010 Report Share Posted February 2, 2010 http://blog.spywarecease.com/spyware-list/Spyware_Trojan.Win32.Agent.bpco.html also.What scanners did you use? Link to comment Share on other sites More sharing options...
jgreen7801 Posted February 3, 2010 Author Report Share Posted February 3, 2010 I had to go to work, so, sorry for the slow reply. After i accused you of being dismissive, I looked again and saw the link for Prevx scan. I did the scan and it said I was clean, even with that apparent WOLAYUGA.DLL infection. I was dismissive, and I apologize. I used Malaware(I think that's the name), Super spybot, and Avast. I have gone back to UTorrent, even though you say they're the same, because internet connectivity issues aren't as frustrating as having to recheck all the partial D/Ls. I'm going to go do some research on the WOLAYUGA.DLL issue. I saw it in the Hijackthis logfile. Utorrent has been running all day without disappearing. Thanks for your reply.P.S. My UTorrent crashed during the night and is checking again. This will take quite a few hours before it starts D/L & U/L. U torrent didn't disappear, just got a torrent error and a delayed write error message. The file I am trying to D/L is 54.1 GBs. So you see how this can get very frustrating with more downloaded. I am seeding 5 other files, so the ratio should be ok. The malware scanner I used was Malwarebytes(I finally got the joke(bites)). I ran it again last night before bed, and was clean. I couldn't find any more info about WOLAYUGA.DLL except it says malware trojan. If you still think this file is bad, can I just go to the directory where it is and just delete it? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.