meegii13 Posted September 3, 2010 Report Share Posted September 3, 2010 when utorrent gets unresponsive all my internet activity stalls (firefox, IM etc.)hi, I'm running Windows 7, ZoneAlarm Pro version:9.1.507.000 (TrueVector version:9.1.507.000 Driver version:9.1.503.000) and Avira AntiVir version 10.0.0.567I'm pretty sure this is caused by some malware but anitvirus scans show up clean. So here is Hijackthis log and Processor Explorer log. I could also provide dump file created when utorrent is not responding.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 9:48:06 PM, on 9/3/2010Platform: Windows 7 (WinNT 6.00.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskhost.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Vidalia Bundle\Vidalia\vidalia.exeC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\Vidalia Bundle\Tor\tor.exeC:\Windows\system32\conhost.exeC:\Program Files\Vidalia Bundle\Polipo\polipo.exeC:\Windows\system32\conhost.exeC:\Users\mishel\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\mishel\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\mishel\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\mishel\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\mishel\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\mishel\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\mishel\Desktop\procexp.exeC:\Users\mishel\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\mishel\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\mishel\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\mishel\AppData\Local\Google\Chrome\Application\chrome.exeC:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXEC:\Users\mishel\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\mishel\Desktop\HijackThis.exeC:\Windows\system32\SearchFilterHost.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /minO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"O4 - HKCU\..\Run: [Google Update] "C:\Users\mishel\AppData\Local\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quietO4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -update pluginO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exeO23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exeO23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe--End of file - 6159 bytesProcess Explorer LogProcess PID CPU Private Bytes Working Set Description Company NameSystem Idle Process 0 89.70 0 K 24 K Interrupts n/a 0.76 0 K 0 K Hardware Interrupts DPCs n/a 0.76 0 K 0 K Deferred Procedure Calls System 4 0.76 52 K 3,368 K smss.exe 268 256 K 532 K csrss.exe 388 1,276 K 2,680 K conhost.exe 2068 500 K 1,760 K wininit.exe 444 888 K 2,676 K services.exe 500 4,532 K 5,692 K svchost.exe 632 2,812 K 5,740 K Host Process for Windows Services Microsoft Corporation igfxsrvc.exe 416 1,832 K 4,136 K igfxsrvc Module Intel Corporation svchost.exe 764 3,160 K 5,172 K Host Process for Windows Services Microsoft Corporation svchost.exe 864 15,228 K 11,636 K Host Process for Windows Services Microsoft Corporation svchost.exe 912 0.76 59,092 K 57,324 K Host Process for Windows Services Microsoft Corporation dwm.exe 1488 40,736 K 18,372 K Desktop Window Manager Microsoft Corporation svchost.exe 940 20,112 K 22,004 K Host Process for Windows Services Microsoft Corporation svchost.exe 1092 4,592 K 6,948 K Host Process for Windows Services Microsoft Corporation svchost.exe 1208 12,212 K 9,988 K Host Process for Windows Services Microsoft Corporation vsmon.exe 1264 2.28 26,880 K 24,912 K TrueVector Service Check Point Software Technologies LTD spoolsv.exe 1732 4,856 K 7,168 K Spooler SubSystem App Microsoft Corporation CNAB4RPK.EXE 288 688 K 2,184 K sched.exe 1776 4,740 K 1,560 K Antivirus Scheduler Avira GmbH taskhost.exe 1820 7,192 K 6,520 K Host Process for Windows Tasks Microsoft Corporation svchost.exe 1848 8,624 K 7,536 K Host Process for Windows Services Microsoft Corporation avguard.exe 568 95,044 K 14,136 K Antivirus On-Access Service Avira GmbH avshadow.exe 2060 2,556 K 4,336 K AppleMobileDeviceService.exe 1016 1,164 K 3,152 K Apple Mobile Device Service Apple Inc. svchost.exe 1408 1,196 K 3,560 K Host Process for Windows Services Microsoft Corporation YahooAUService.exe 280 3,216 K 6,308 K AutoUpater Service Module Yahoo! Inc. SearchIndexer.exe 3400 31,172 K 14,996 K Microsoft Windows Search Indexer Microsoft Corporation svchost.exe 3724 1,464 K 3,752 K Host Process for Windows Services Microsoft Corporation svchost.exe 3764 1,360 K 3,784 K Host Process for Windows Services Microsoft Corporation svchost.exe 1044 1,472 K 4,344 K Host Process for Windows Services Microsoft Corporation lsass.exe 516 3,160 K 6,264 K Local Security Authority Process Microsoft Corporation lsm.exe 524 1,300 K 2,576 K csrss.exe 452 2,324 K 13,108 K conhost.exe 3004 696 K 2,208 K Console Window Host Microsoft Corporation conhost.exe 3056 696 K 2,192 K Console Window Host Microsoft Corporationwinlogon.exe 744 1,676 K 3,344 K explorer.exe 1512 29,404 K 36,364 K Windows Explorer Microsoft Corporation avgnt.exe 2008 5,176 K 3,364 K Antivirus System Tray Tool Avira GmbH GrooveMonitor.exe 2028 2,824 K 6,704 K GrooveMonitor Utility Microsoft Corporation zlclient.exe 2040 18,684 K 4,104 K ZoneAlarm Client Check Point Software Technologies LTD igfxtray.exe 1332 1,212 K 3,592 K igfxTray Module Intel Corporation hkcmd.exe 876 1,368 K 3,656 K hkcmd Module Intel Corporation igfxpers.exe 2052 1,220 K 4,004 K persistence Module Intel Corporation sidebar.exe 2268 16,652 K 29,180 K Windows Desktop Gadgets Microsoft Corporation vidalia.exe 2400 23,396 K 23,832 K Vidalia vidalia-project.net tor.exe 2988 15,424 K 20,000 K polipo.exe 3048 1,180 K 2,828 K uTorrent.exe 2460 3.04 14,472 K 18,036 K µTorrent BitTorrent, Inc. chrome.exe 5952 34,552 K 50,896 K Google Chrome Google Inc. chrome.exe 3124 41,764 K 50,964 K Google Chrome Google Inc. chrome.exe 6044 0.76 10,176 K 15,900 K Google Chrome Google Inc. chrome.exe 5168 15,764 K 21,272 K Google Chrome Google Inc. chrome.exe 3032 10,304 K 15,976 K Google Chrome Google Inc. chrome.exe 3096 10,096 K 16,004 K Google Chrome Google Inc. procexp.exe 1032 1.52 14,788 K 27,668 K Sysinternals Process Explorer Sysinternals - www.sysinternals.comYmsgr_tray.exe 5908 19,020 K 6,976 K Yahoo! Messenger Tray Yahoo! Inc.Process: uTorrent.exe Pid: 2460Name Description Company Name VersionADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 6.1.7600.16385CLBCatQ.DLL COM+ Configuration Catalog Microsoft Corporation 2001.12.8530.16385COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.10.7600.16385comctl32.dll.mui User Experience Controls Library Microsoft Corporation 6.10.7600.16385comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.1.7600.16385CRYPTBASE.dll Base cryptographic API DLL Microsoft Corporation 6.1.7600.16385CRYPTSP.dll Cryptographic Service Provider API Microsoft Corporation 6.1.7600.16385dhcpcsvc.DLL DHCP Client Service Microsoft Corporation 6.1.7600.16385dhcpcsvc6.DLL DHCPv6 Client Microsoft Corporation 6.1.7600.16385DnsApi.dll DNS Client API DLL Microsoft Corporation 6.1.7600.16385DUser.dll Windows DirectUser Engine Microsoft Corporation 6.1.7600.16385duser.dll.mui Windows DirectUser Engine Microsoft Corporation 6.1.7600.16385dwmapi.dll Microsoft Desktop Window Manager API Microsoft Corporation 6.1.7600.16385FirewallAPI.dll Windows Firewall API Microsoft Corporation 6.1.7600.16385fwpuclnt.dll FWP/IPsec User-Mode API Microsoft Corporation 6.1.7600.16385GDI32.dll GDI Client DLL Microsoft Corporation 6.1.7600.16385imageres.dll Windows Image Resource Microsoft Corporation 6.1.7600.16385IMM32.DLL Multi-User Windows IMM32 API Client DLL Microsoft Corporation 6.1.7600.16385Iphlpapi.dll IP Helper API Microsoft Corporation 6.1.7600.16385kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 6.1.7600.16481KERNELBASE.dll Windows NT BASE API Client DLL Microsoft Corporation 6.1.7600.16385KernelBase.dll.mui Windows NT BASE API Client DLL Microsoft Corporation 6.1.7600.16385locale.nls LPK.dll Language Pack Microsoft Corporation 6.1.7600.16385mdnsNSP.dll Bonjour Namespace Provider Apple Inc. 2.0.2.0MSCTF.dll MSCTF Server DLL Microsoft Corporation 6.1.7600.16385msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.7600.16385mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 6.1.7600.16385npmproxy.dll Network List Manager Proxy Microsoft Corporation 6.1.7600.16385NSI.dll NSI User-mode interface DLL Microsoft Corporation 6.1.7600.16385ntdll.dll NT Layer DLL Microsoft Corporation 6.1.7600.16385ole32.dll Microsoft OLE for Windows Microsoft Corporation 6.1.7600.16385oleaut32.dll Microsoft Corporation 6.1.7600.16385profapi.dll User Profile Basic API Microsoft Corporation 6.1.7600.16385psapi.dll Process Status Helper Microsoft Corporation 6.1.7600.16385rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 6.1.7600.16385RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 6.1.7600.16385RpcRtRemote.dll Remote RPC Extension Microsoft Corporation 6.1.7600.16385rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 6.1.7600.16385sechost.dll Host for SCM/SDDL/LSA Lookup APIs Microsoft Corporation 6.1.7600.16385SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.1.7600.16644shfolder.dll Shell Folder Service Microsoft Corporation 6.1.7600.16385SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.1.7600.16385SortDefault.nls SspiCli.dll Security Support Provider Interface Microsoft Corporation 6.1.7600.16385StaticCache.dat USER32.dll Multi-User Windows USER API Client DLL Microsoft Corporation 6.1.7600.16385USERENV.dll Userenv Microsoft Corporation 6.1.7600.16385USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.626.7600.16385uTorrent.exe µTorrent BitTorrent, Inc. 2.0.4.21586uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.1.7600.16385VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 6.1.7600.16385WINNSI.DLL Network Store Information RPC interface Microsoft Corporation 6.1.7600.16385WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 6.1.7600.16385wship6.dll Winsock2 Helper DLL (TL/IPv6) Microsoft Corporation 6.1.7600.16385wshtcpip.dll Winsock2 Helper DLL (TL/IPv4) Microsoft Corporation 6.1.7600.16385 Link to comment Share on other sites More sharing options...
Switeck Posted September 3, 2010 Report Share Posted September 3, 2010 I don't trust ZoneAlarm Pro...been TOO many people burned by problems with that software, some of which was intentionally hostile by the company that makes it. Link to comment Share on other sites More sharing options...
meegii13 Posted September 4, 2010 Author Report Share Posted September 4, 2010 So what should I do now? Link to comment Share on other sites More sharing options...
paintball9 Posted September 4, 2010 Report Share Posted September 4, 2010 Tor probably doesn't help the situation. You can't block any one specific port when using tor. Not to mention that we don't support the use of tor here. If you want help with that go to their site.Try not using Tor. If it's setup right it should start working. Link to comment Share on other sites More sharing options...
moogly Posted September 4, 2010 Report Share Posted September 4, 2010 And use conservative settings.http://forum.utorrent.com/viewtopic.php?id=58404Anyway ZA is very known to cause bad issues with µT (and p2p traffic in general), especially under Vista/7. So you can remove it this overrated FW and install a better one like Comodo. Link to comment Share on other sites More sharing options...
Switeck Posted September 4, 2010 Report Share Posted September 4, 2010 Even Windows firewall is FAR more reliable than Zone Alarm, though it may not support all the features you want. Link to comment Share on other sites More sharing options...
meegii13 Posted September 4, 2010 Author Report Share Posted September 4, 2010 Ok I just uninstalled ZoneAlarm and installed Comodo Firewall (according to the software firewall configuration guide).Could anyone analyze my log please? Link to comment Share on other sites More sharing options...
moogly Posted September 4, 2010 Report Share Posted September 4, 2010 Which log? Link to comment Share on other sites More sharing options...
paintball9 Posted September 5, 2010 Report Share Posted September 5, 2010 Tor is the only suspicious item on that log beside ZA which you've now removed. Has it not improved? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.