Jump to content

uTorrent Crashing Approximately Every Day

kop48

By kop48
in Troubleshooting

Recommended Posts

kop48 Member

kop48

Posted
Posted

I've had this issue with uTorrent. I'm running 1.8.2 as uT2.0 isn't allowed on a tracker I use...

It didn't use to happen, but has been happening pretty regularly lately.

Help would be greatly appreciated!

Thanks,

HJT:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 2:33:19 PM, on 2/03/2010

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\AirPort\APAgent.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\NetMeter\NetMeter.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\iiUsage\iiNet Usage.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\SOUNDGRAPH\iMON\iMON.exe

C:\Program Files\RealVNC\VNC4\vncclipboard.exe

C:\Program Files\uTorrent\utorrent.exe

C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [iMON] C:\Program Files\SOUNDGRAPH\iMON\iMON.exe /startup

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"

O4 - HKCU\..\Run: [iiNet Usage] "C:\Program Files\iiUsage\iiNet Usage.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll

O13 - Gopher Prefix:

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

O23 - Service: Yet Another Media Meta Manager (YammmSvc) - Mikinho - C:\Program Files\Yammm\YammmSvc.exe

--

End of file - 5177 bytes

ProcExp:

Process PID CPU Description Company Name

System Idle Process 0 84.06

Interrupts n/a Hardware Interrupts

DPCs n/a 8.33 Deferred Procedure Calls

System 4

smss.exe 264 Windows Session Manager Microsoft Corporation

csrss.exe 392 Client Server Runtime Process Microsoft Corporation

conhost.exe 5576 Console Window Host Microsoft Corporation

wininit.exe 464 Windows Start-Up Application Microsoft Corporation

services.exe 512 Services and Controller app Microsoft Corporation

svchost.exe 712 Host Process for Windows Services Microsoft Corporation

ehmsas.exe 9244 Media Center Media Status Aggregator Service Microsoft Corporation

explorer.exe 26244 Windows Explorer Microsoft Corporation

dllhost.exe 19616 COM Surrogate Microsoft Corporation

svchost.exe 788 Host Process for Windows Services Microsoft Corporation

MsMpEng.exe 840 AntiMalware Service Executable Microsoft Corporation

atiesrxx.exe 952 AMD External Events Service Module AMD

atieclxx.exe 1432 AMD External Events Client Module AMD

svchost.exe 1004 Host Process for Windows Services Microsoft Corporation

audiodg.exe 3012 Windows Audio Device Graph Isolation Microsoft Corporation

svchost.exe 1064 Host Process for Windows Services Microsoft Corporation

dwm.exe 456 Desktop Window Manager Microsoft Corporation

svchost.exe 1128 Host Process for Windows Services Microsoft Corporation

svchost.exe 1244 Host Process for Windows Services Microsoft Corporation

svchost.exe 1352 1.51 Host Process for Windows Services Microsoft Corporation

spoolsv.exe 1524 Spooler SubSystem App Microsoft Corporation

svchost.exe 1584 Host Process for Windows Services Microsoft Corporation

AppleMobileDeviceService.exe 1696 Apple Mobile Device Service Apple Inc.

mDNSResponder.exe 1728 Bonjour Service Apple Inc.

svchost.exe 1776 2.27 Host Process for Windows Services Microsoft Corporation

ramaint.exe 1812 LogMeIn Maintenance Service LogMeIn, Inc.

LogMeIn.exe 1848 LogMeIn LogMeIn, Inc.

LMIGuardian.exe 1648 LMIGuardian LogMeIn, Inc.

taskhost.exe 668 Host Process for Windows Tasks Microsoft Corporation

TCPSVCS.EXE 1568 TCP/IP Services Application Microsoft Corporation

winvnc4.exe 2056 VNC Server Enterprise Edition for Win32 RealVNC Ltd.

winvnc4.exe 2084 0.76 VNC Server Enterprise Edition for Win32 RealVNC Ltd.

vncclipboard.exe 20516 VNC Server Enterprise Edition Clipboard Helper for Win32 RealVNC Ltd.

svchost.exe 3356 Host Process for Windows Services Microsoft Corporation

SearchIndexer.exe 3588 Microsoft Windows Search Indexer Microsoft Corporation

iPodService.exe 4028 iPodService Module (32-bit) Apple Inc.

wmpnetwk.exe 4944 Windows Media Player Network Sharing Service Microsoft Corporation

PresentationFontCache.exe 15972 PresentationFontCache.exe Microsoft Corporation

YammmSvc.exe 3196 YammmSvc Mikinho

MpCmdRun.exe 12216 Microsoft Malware Protection Command Line Utility Microsoft Corporation

taskhost.exe 27904 Host Process for Windows Tasks Microsoft Corporation

lsass.exe 552 Local Security Authority Process Microsoft Corporation

lsm.exe 568 Local Session Manager Service Microsoft Corporation

csrss.exe 472 Client Server Runtime Process Microsoft Corporation

winlogon.exe 560 Windows Logon Application Microsoft Corporation

explorer.exe 556 Windows Explorer Microsoft Corporation

RtHDVCpl.exe 2400 Realtek HD Audio Manager Realtek Semiconductor

msseces.exe 2408 Microsoft Security Essentials User Interface Microsoft Corporation

ipoint.exe 2416 IPoint.exe Microsoft Corporation

dpupdchk.exe 2692 dpupdchk.exe Microsoft Corporation

LogMeInSystray.exe 2424 LogMeIn Desktop Application LogMeIn, Inc.

LMIGuardian.exe 2676 LMIGuardian LogMeIn, Inc.

APAgent.exe 2436 AirPort Base Station Agent Apple Inc.

itype.exe 2460 IType.exe Microsoft Corporation

iTunesHelper.exe 2636 iTunesHelper Apple Inc.

NetMeter.exe 2644

iiNet Usage.exe 2804 iiNet Usage Analyser http://martybugs.net

firefox.exe 17980 Firefox Mozilla Corporation

utorrent.exe 18648 0.76 µTorrent BitTorrent, Inc.

MOM.exe 2756 Catalyst Control Center: Monitoring program Advanced Micro Devices Inc.

CCC.exe 2544 Catalyst Control Centre: Host application ATI Technologies Inc.

iMON.exe 27724 iMON Manager SoundGraph, Inc.

procexp.exe 12572 2.27 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

Process: utorrent.exe Pid: 18648

Name Description Company Name Version

ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 6.1.7600.16385

apphelp.dll Application Compatibility Client Library Microsoft Corporation 6.1.7600.16481

CFGMGR32.dll Configuration Manager DLL Microsoft Corporation 6.1.7600.16385

CLBCatQ.DLL COM+ Configuration Catalog Microsoft Corporation 2001.12.8530.16385

COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.10.7600.16385

comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.1.7600.16385

CRYPTBASE.dll Base cryptographic API DLL Microsoft Corporation 6.1.7600.16385

CRYPTSP.dll Cryptographic Service Provider API Microsoft Corporation 6.1.7600.16385

CSCAPI.dll Offline Files Win32 API Microsoft Corporation 6.1.7600.16385

CSCDLL.dll Offline Files Temporary Shim Microsoft Corporation 6.1.7600.16385

cscui.dll Client Side Caching UI Microsoft Corporation 6.1.7600.16385

DEVOBJ.dll Device Information Set DLL Microsoft Corporation 6.1.7600.16385

dhcpcsvc.DLL DHCP Client Service Microsoft Corporation 6.1.7600.16385

dhcpcsvc6.DLL DHCPv6 Client Microsoft Corporation 6.1.7600.16385

DnsApi.dll DNS Client API DLL Microsoft Corporation 6.1.7600.16385

dwmapi.dll Microsoft Desktop Window Manager API Microsoft Corporation 6.1.7600.16385

EhStorShell.dll Windows Enhanced Storage Shell Extension DLL Microsoft Corporation 6.1.7600.16385

FirewallAPI.dll Windows Firewall API Microsoft Corporation 6.1.7600.16385

fwpuclnt.dll FWP/IPsec User-Mode API Microsoft Corporation 6.1.7600.16385

GDI32.dll GDI Client DLL Microsoft Corporation 6.1.7600.16385

IMM32.DLL Multi-User Windows IMM32 API Client DLL Microsoft Corporation 6.1.7600.16385

Iphlpapi.dll IP Helper API Microsoft Corporation 6.1.7600.16385

kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 6.1.7600.16481

KERNELBASE.dll Windows NT BASE API Client DLL Microsoft Corporation 6.1.7600.16385

KernelBase.dll.mui Windows NT BASE API Client DLL Microsoft Corporation 6.1.7600.16385

locale.nls

LPK.dll Language Pack Microsoft Corporation 6.1.7600.16385

mdnsNSP.dll Bonjour Namespace Provider Apple Inc. 1.0.6.2

MSCTF.dll MSCTF Server DLL Microsoft Corporation 6.1.7600.16385

msctf.dll.mui MSCTF Server DLL Microsoft Corporation 6.1.7600.16385

msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.7600.16385

mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 6.1.7600.16385

NSI.dll NSI User-mode interface DLL Microsoft Corporation 6.1.7600.16385

ntdll.dll NT Layer DLL Microsoft Corporation 6.1.7600.16385

ntshrui.dll Shell extensions for sharing Microsoft Corporation 6.1.7600.16385

ole32.dll Microsoft OLE for Windows Microsoft Corporation 6.1.7600.16385

oleaut32.dll Microsoft Corporation 6.1.7600.16385

profapi.dll User Profile Basic API Microsoft Corporation 6.1.7600.16385

PROPSYS.dll Microsoft Property System Microsoft Corporation 7.0.7600.16385

rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 6.1.7600.16385

RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 6.1.7600.16385

rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 6.1.7600.16385

sechost.dll Host for SCM/SDDL/LSA Lookup APIs Microsoft Corporation 6.1.7600.16385

SETUPAPI.dll Windows Setup API Microsoft Corporation 6.1.7600.16385

setupapi.dll.mui Windows Setup API Microsoft Corporation 6.1.7600.16385

SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.1.7600.16385

shell32.dll.mui Windows Shell Common Dll Microsoft Corporation 6.1.7600.16385

shfolder.dll Shell Folder Service Microsoft Corporation 6.1.7600.16385

SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.1.7600.16385

slc.dll Software Licensing Client Dll Microsoft Corporation 6.1.7600.16385

SortDefault.nls

srvcli.dll Server Service Client DLL Microsoft Corporation 6.1.7600.16385

SspiCli.dll Security Support Provider Interface Microsoft Corporation 6.1.7600.16385

StaticCache.dat

USER32.dll Multi-User Windows USER API Client DLL Microsoft Corporation 6.1.7600.16385

user32.dll.mui Multi-User Windows USER API Client DLL Microsoft Corporation 6.1.7600.16385

USERENV.dll Userenv Microsoft Corporation 6.1.7600.16385

USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.626.7600.16385

utorrent.exe µTorrent BitTorrent, Inc. 1.8.5.17414

uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.1.7600.16385

VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 6.1.7600.16385

WindowsCodecs.dll Microsoft Windows Codecs Library Microsoft Corporation 6.1.7600.16385

WINNSI.DLL Network Store Information RPC interface Microsoft Corporation 6.1.7600.16385

WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 6.1.7600.16385

wship6.dll Winsock2 Helper DLL (TL/IPv6) Microsoft Corporation 6.1.7600.16385

wshtcpip.dll Winsock2 Helper DLL (TL/IPv4) Microsoft Corporation 6.1.7600.16385

Link to comment
Share on other sites
kop48 Member

kop48

Posted
  • Author
Posted

Fair enough.

It's banned at the moment as it appears to unfairly favour UTP and high-bandwidth connections over TCP, creating an unfair share ratio for seedboxes and other uT2.0 clients. I don't know the exact details, I'm not an admin there :)

Link to comment
Share on other sites
  • 2 months later...
kop48 Member

kop48

Posted
  • Author
Posted

I have no crash logs (uTorrent usually says it crashed without generating a crash log). I also realised that I have a webui.zip in the %appdata%\utorrent directory - does the latest version of uT require this? I also see a bunch of .torrent files there, and some .bad files (not sure where they're coming from - uTorrent doesn't lose any settings when it crashes!).

I've attached the hijackthis and PE logs below. These are when uT is functioning correctly. I'll try to get some when it's playing up.

Thanks heaps for the help!

Process    PID    CPU    Description    Company Name
System Idle Process    0    46.34        
 Interrupts    n/a        Hardware Interrupts    
 DPCs    n/a        Deferred Procedure Calls    
 System    4    0.77        
  smss.exe    268            
csrss.exe    396            
wininit.exe    468            
 services.exe    516            
  svchost.exe    712            
   explorer.exe    6768        Windows Explorer    Microsoft Corporation
   dllhost.exe    2120        COM Surrogate    Microsoft Corporation
  svchost.exe    792            
  MsMpEng.exe    840            
  atiesrxx.exe    944            
   atieclxx.exe    1512            
  svchost.exe    992            
   audiodg.exe    1188            
  svchost.exe    1044            
   dwm.exe    1220        Desktop Window Manager    Microsoft Corporation
  svchost.exe    1104            
  svchost.exe    1252            
  svchost.exe    1396    0.77        
  spoolsv.exe    1536            
  svchost.exe    1660            
  AppleMobileDeviceService.exe    1748            
  mDNSResponder.exe    1776            
  svchost.exe    1816            
  ramaint.exe    1860            
  LogMeIn.exe    1880            
   LMIGuardian.exe    1904            
  TCPSVCS.EXE    1996            
  taskhost.exe    1416        Host Process for Windows Tasks    Microsoft Corporation
  winvnc4.exe    1384            
   winvnc4.exe    2076    1.54        
    vncclipboard.exe    7860        VNC Server Enterprise Edition Clipboard Helper for Win32    RealVNC Ltd.
  YammmSvc.exe    2068            
  SearchIndexer.exe    3508            
  svchost.exe    3792            
  iPodService.exe    2352            
  wmpnetwk.exe    4948            
  svchost.exe    2564            
 lsass.exe    548            
 lsm.exe    564            
csrss.exe    476            
winlogon.exe    572            
explorer.exe    1424        Windows Explorer    Microsoft Corporation
 LogMeInSystray.exe    2332        LogMeIn Desktop Application    LogMeIn, Inc.
  LMIGuardian.exe    2356        LMIGuardian    LogMeIn, Inc.
 iMON.exe    2384        iMON Manager    SoundGraph, Inc.
 RtHDVCpl.exe    2680        Realtek HD Audio Manager    Realtek Semiconductor
 msseces.exe    2732        Microsoft Security Essentials User Interface    Microsoft Corporation
 ipoint.exe    2740        IPoint.exe    Microsoft Corporation
 itype.exe    2756        IType.exe    Microsoft Corporation
  dpupdchk.exe    3192        dpupdchk.exe    Microsoft Corporation
 APAgent.exe    2772        AirPort Base Station Agent    Apple Inc.
 iTunesHelper.exe    2804        iTunesHelper    Apple Inc.
 NetMeter.exe    2812            
 utorrent.exe    2832    49.43    µTorrent    BitTorrent, Inc.
 iiNet Usage.exe    2844        iiNet Usage Analyser    http://martybugs.net
 HiJackThis.exe    1612            
 procexp.exe    4420    1.54    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com
MOM.exe    2860        Catalyst Control Center: Monitoring program    Advanced Micro Devices Inc.
 CCC.exe    2064        Catalyst Control Centre: Host application    ATI Technologies Inc.

Process: utorrent.exe Pid: 2832

Name    Description    Company Name    Version
ADVAPI32.dll    Advanced Windows 32 Base API    Microsoft Corporation    6.1.7600.16385
ATL.DLL    ATL Module for Windows XP (Unicode)    Microsoft Corporation    3.5.2284.0
CLBCatQ.DLL    COM+ Configuration Catalog    Microsoft Corporation    2001.12.8530.16385
COMCTL32.dll    User Experience Controls Library    Microsoft Corporation    6.10.7600.16385
comdlg32.dll    Common Dialogs DLL    Microsoft Corporation    6.1.7600.16385
credssp.dll    Credential Delegation Security Package    Microsoft Corporation    6.1.7600.16385
CRYPT32.dll    Crypto API32    Microsoft Corporation    6.1.7600.16385
CRYPTBASE.dll    Base cryptographic API DLL    Microsoft Corporation    6.1.7600.16385
CRYPTSP.dll    Cryptographic Service Provider API    Microsoft Corporation    6.1.7600.16385
dhcpcsvc.DLL    DHCP Client Service    Microsoft Corporation    6.1.7600.16385
dhcpcsvc6.DLL    DHCPv6 Client    Microsoft Corporation    6.1.7600.16385
DnsApi.dll    DNS Client API DLL    Microsoft Corporation    6.1.7600.16385
dwmapi.dll    Microsoft Desktop Window Manager API    Microsoft Corporation    6.1.7600.16385
FirewallAPI.dll    Windows Firewall API    Microsoft Corporation    6.1.7600.16385
fwpuclnt.dll    FWP/IPsec User-Mode API    Microsoft Corporation    6.1.7600.16385
GDI32.dll    GDI Client DLL    Microsoft Corporation    6.1.7600.16385
GPAPI.dll    Group Policy Client API    Microsoft Corporation    6.1.7600.16385
hnetcfg.dll    Home Networking Configuration Manager    Microsoft Corporation    6.1.7600.16385
hnetcfg.dll.mui    Home Networking Configuration Manager    Microsoft Corporation    6.1.7600.16385
iertutil.dll    Run time utility for Internet Explorer    Microsoft Corporation    8.0.7600.16385
IMM32.DLL    Multi-User Windows IMM32 API Client DLL    Microsoft Corporation    6.1.7600.16385
index.dat            
index.dat            
index.dat            
Iphlpapi.dll    IP Helper API    Microsoft Corporation    6.1.7600.16385
kernel32.dll    Windows NT BASE API Client DLL    Microsoft Corporation    6.1.7600.16481
KERNELBASE.dll    Windows NT BASE API Client DLL    Microsoft Corporation    6.1.7600.16385
KernelBase.dll.mui    Windows NT BASE API Client DLL    Microsoft Corporation    6.1.7600.16385
locale.nls            
LPK.dll    Language Pack    Microsoft Corporation    6.1.7600.16385
mdnsNSP.dll    Bonjour Namespace Provider    Apple Inc.    2.0.1.2
MSASN1.dll    ASN.1 Runtime APIs    Microsoft Corporation    6.1.7600.16415
MSCTF.dll    MSCTF Server DLL    Microsoft Corporation    6.1.7600.16385
msvcrt.dll    Windows NT CRT DLL    Microsoft Corporation    7.0.7600.16385
mswsock.dll    Microsoft Windows Sockets 2.0 Service Provider    Microsoft Corporation    6.1.7600.16385
msxml3.dll    MSXML 3.0 SP11    Microsoft Corporation    8.110.7600.16385
msxml3r.dll    XML Resources    Microsoft Corporation    8.110.7600.16385
napinsp.dll    E-mail Naming Shim Provider    Microsoft Corporation    6.1.7600.16385
netshell.dll    Network Connections Shell    Microsoft Corporation    6.1.7600.16385
netutils.dll    Net Win32 API Helpers DLL    Microsoft Corporation    6.1.7600.16385
nlaapi.dll    Network Location Awareness 2    Microsoft Corporation    6.1.7600.16385
Normaliz.dll    Unicode Normalization DLL    Microsoft Corporation    6.1.7600.16385
npmproxy.dll    Network List Manager Proxy    Microsoft Corporation    6.1.7600.16385
NSI.dll    NSI User-mode interface DLL    Microsoft Corporation    6.1.7600.16385
ntdll.dll    NT Layer DLL    Microsoft Corporation    6.1.7600.16385
ntmarta.dll    Windows NT MARTA provider    Microsoft Corporation    6.1.7600.16385
ole32.dll    Microsoft OLE for Windows    Microsoft Corporation    6.1.7600.16385
oleaut32.dll        Microsoft Corporation    6.1.7600.16385
pnrpnsp.dll    PNRP Name Space Provider    Microsoft Corporation    6.1.7600.16385
profapi.dll    User Profile Basic API    Microsoft Corporation    6.1.7600.16385
rasadhlp.dll    Remote Access AutoDial Helper    Microsoft Corporation    6.1.7600.16385
RASAPI32.dll    Remote Access API    Microsoft Corporation    6.1.7600.16385
rasman.dll    Remote Access Connection Manager    Microsoft Corporation    6.1.7600.16385
RPCRT4.dll    Remote Procedure Call Runtime    Microsoft Corporation    6.1.7600.16385
RpcRtRemote.dll    Remote RPC Extension    Microsoft Corporation    6.1.7600.16385
rsaenh.dll    Microsoft Enhanced Cryptographic Provider    Microsoft Corporation    6.1.7600.16385
rtutils.dll    Routing Utilities    Microsoft Corporation    6.1.7600.16385
sechost.dll    Host for SCM/SDDL/LSA Lookup APIs    Microsoft Corporation    6.1.7600.16385
sensapi.dll    SENS Connectivity API DLL    Microsoft Corporation    6.1.7600.16385
SHELL32.dll    Windows Shell Common Dll    Microsoft Corporation    6.1.7600.16532
shfolder.dll    Shell Folder Service    Microsoft Corporation    6.1.7600.16385
SHLWAPI.dll    Shell Light-weight Utility Library    Microsoft Corporation    6.1.7600.16385
slc.dll    Software Licensing Client Dll    Microsoft Corporation    6.1.7600.16385
SortDefault.nls            
SSDPAPI.dll    SSDP Client API DLL    Microsoft Corporation    6.1.7600.16385
SspiCli.dll    Security Support Provider Interface    Microsoft Corporation    6.1.7600.16385
StaticCache.dat            
SXS.DLL    Fusion 2.5    Microsoft Corporation    6.1.7600.16385
upnp.dll    UPnP Control Point API    Microsoft Corporation    6.1.7600.16385
urlmon.dll    OLE32 Extensions for Win32    Microsoft Corporation    8.0.7600.16535
USER32.dll    Multi-User Windows USER API Client DLL    Microsoft Corporation    6.1.7600.16385
USERENV.dll    Userenv    Microsoft Corporation    6.1.7600.16385
USP10.dll    Uniscribe Unicode script processor    Microsoft Corporation    1.626.7600.16385
utorrent.exe    µTorrent    BitTorrent, Inc.    2.0.1.19248
uxtheme.dll    Microsoft UxTheme Library    Microsoft Corporation    6.1.7600.16385
VERSION.dll    Version Checking and File Installation Libraries    Microsoft Corporation    6.1.7600.16385
webio.dll    Web Transfer Protocols API    Microsoft Corporation    6.1.7600.16385
WINHTTP.dll    Windows HTTP Services    Microsoft Corporation    6.1.7600.16385
WININET.dll    Internet Extensions for Win32    Microsoft Corporation    8.0.7600.16535
WINNSI.DLL    Network Store Information RPC interface    Microsoft Corporation    6.1.7600.16385
winrnr.dll    LDAP RnR Provider DLL    Microsoft Corporation    6.1.7600.16385
wkscli.dll    Workstation Service Client DLL    Microsoft Corporation    6.1.7600.16385
WLDAP32.dll    Win32 LDAP API DLL    Microsoft Corporation    6.1.7600.16385
WS2_32.dll    Windows Socket 2.0 32-Bit DLL    Microsoft Corporation    6.1.7600.16385
wship6.dll    Winsock2 Helper DLL (TL/IPv6)    Microsoft Corporation    6.1.7600.16385
wshtcpip.dll    Winsock2 Helper DLL (TL/IPv4)    Microsoft Corporation    6.1.7600.16385

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 11:33:59 PM, on 11/05/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\SOUNDGRAPH\iMON\iMON.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\iiUsage\iiNet Usage.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\RealVNC\VNC4\vncclipboard.exe
C:\Windows\explorer.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\kop48\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
O4 - HKLM\..\Run: [iMON] C:\Program Files\SOUNDGRAPH\iMON\iMON.exe /startup
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [iiNet Usage] "C:\Program Files\iiUsage\iiNet Usage.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\kop48\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\kop48\AppData\Roaming\FlashGetBHO\GetUrl.htm
O13 - Gopher Prefix: 
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Yet Another Media Meta Manager (YammmSvc) - Mikinho - C:\Program Files\Yammm\YammmSvc.exe

--
End of file - 5598 bytes

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...