High CPU usage with utorrent 2.2

[keith-x]

I installed utorrent 2.2 from 2.0 (old ver.) and i noticed i had almost 100% CPU usage ...Way above the usual numbers i was seeing before!The CPU usage of utorrent is very hight over 50%.

I never had any issue with utorrent before .

My Outpost firewall and utorrent client were performing as expected ...smoothly without any conflict.I have allowed all tcp and udp traffic for utorrent years ago in my firewall.

The CPU usage in utorrent skyrockets when i'm downloading and im in the pick of Kb/s.

.I also see my acs.exe (outpost firewall) to increase in CPU usage as well when im downloading but i suppose thats normal due to the traffic of the p2p client...When i pause all torrents CPU usage it drops low to 5-15%.overall to 30%.As i started to download any torrennt CPU usage went up again.

I tryied to change some advance preferences in the client like gui legend to see if this solves the problem and also to put defaults in my advanced settings just to make sure...

I even went back to 2.0 version of utorrent ..that did not help to.So a went back again to the latest .When a

The only thing that is changed is that i installed sp3 in my xp pro 3 days ago ...If something has to do with that....i dont know

Anyway the CPU usage of utorrent is slowing my pc down.I ve tryied everytthing i know up to my knowledge...

I dont know... maybe i am overreacting but i never experienced this with utorrent before .And i never had doubts that it is a light application.But now i have seeing my pc slowing down when i download with uttorent !

I have the requested reports also here for you to check....

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 6:56:41 μμ, on 23/12/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\HDDSvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\carpserv.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\FDF\FAST2.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\WINDOWS\SYSTEM32\taskmgr.exe

C:\files and folders from the net\Support Files & Folders\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.gr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll

O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup

O4 - HKLM\..\Run: [sBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe

O4 - HKLM\..\Run: [OutpostMonitor] "C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" /tray /noservice

O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min /ns

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [FAST Defrag] C:\PROGRA~1\FDF\FAST2.EXE -tray

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

O8 - Extra context menu item: Search with Torrent Buster - res://F:\Programs\torrent buster\IEext.dll/ieExt.HTM

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Λήψη όλων με το Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html

O8 - Extra context menu item: Λήψη με το Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html

O9 - Extra button: Αποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Α&ποστολή στο OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1213810430903

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.hellascams.gr/activex2120_243/AxisCamControl.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} (Perparer Class) - http://operation7.fiaa.eu/OPLauncher.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F4ED0031-1408-434E-9428-7C45502F9447} (XViewerWEB Control) - http://dvrlink.net/webdvr/XViewerWEB.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0631D133-B44F-46DC-AFBF-4D708420E35D}: NameServer = 8.8.8.8,8.8.4.4

O17 - HKLM\System\CCS\Services\Tcpip\..\{D20BDB86-6AA6-4E09-946F-99BFC10C9314}: NameServer = 194.30.220.114,194.30.220.117

O17 - HKLM\System\CS1\Services\Tcpip\..\{0631D133-B44F-46DC-AFBF-4D708420E35D}: NameServer = 8.8.8.8,8.8.4.4

O17 - HKLM\System\CS2\Services\Tcpip\..\{0631D133-B44F-46DC-AFBF-4D708420E35D}: NameServer = 8.8.8.8,8.8.4.4

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll

O22 - SharedTaskScheduler: Προφορτωτής Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Δαίμονας cache κατηγοριών στοιχείων - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Υπηρεσία Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Sunbelt VIPRE Antivirus Service (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe

--

End of file - 12871 bytes

Process PID CPU Private Bytes Working Set Description Company Name

System Idle Process 0 50.47 0 K 16 K

Interrupts n/a 1.87 0 K 0 K Hardware Interrupts

DPCs n/a 12.15 0 K 0 K Deferred Procedure Calls

System 4 0 K 236 K

smss.exe 796 168 K 400 K Διαχείριση περιόδων Windows NT Microsoft Corporation

csrss.exe 908 0.93 1.696 K 4.156 K Client Server Runtime Process Microsoft Corporation

winlogon.exe 956 7.500 K 3.176 K Εφαρμογή σύνδεσης των Windows NT Microsoft Corporation

services.exe 1024 3.74 1.968 K 4.336 K Εφαρμογή υπηρεσιών και ελεγκτή Microsoft Corporation

svchost.exe 1240 3.276 K 5.688 K Generic Host Process for Win32 Services Microsoft Corporation

wmiprvse.exe 1112 2.544 K 5.632 K WMI Microsoft Corporation

svchost.exe 1328 1.924 K 4.872 K Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1436 13.856 K 24.008 K Generic Host Process for Win32 Services Microsoft Corporation

wscntfy.exe 2924 1.668 K 4.384 K Windows Security Center Notification App Microsoft Corporation

svchost.exe 1568 1.748 K 4.188 K Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1664 1.488 K 4.016 K Generic Host Process for Win32 Services Microsoft Corporation

spoolsv.exe 1752 3.500 K 6.072 K Spooler SubSystem App Microsoft Corporation

sched.exe 1796 3.936 K 772 K Antivirus Scheduler Avira GmbH

svchost.exe 1872 1.328 K 3.944 K Generic Host Process for Win32 Services Microsoft Corporation

acs.exe 1968 5.61 36.892 K 40.584 K Agnitum Outpost Service Agnitum Ltd.

avguard.exe 2004 84.936 K 12.740 K Antivirus On-Access Service Avira GmbH

avshadow.exe 184 1.064 K 4.004 K AntiVir shadow copy service Avira GmbH

HDDSvc.exe 296 1.988 K 1.720 K HDDSvc Module AltrixSoft (http://www.altrixsoft.com/)

MDM.EXE 564 1.092 K 3.576 K Machine Debug Manager Microsoft Corporation

nvsvc32.exe 604 2.280 K 3.880 K NVIDIA Driver Helper Service, Version 93.71 NVIDIA Corporation

PnkBstrA.exe 712 1.916 K 3.212 K

SBAMSvc.exe 760 29.504 K 35.548 K Sunbelt Software Anti Malware Service Sunbelt Software

svchost.exe 1376 2.564 K 4.632 K Generic Host Process for Win32 Services Microsoft Corporation

alg.exe 2076 1.192 K 3.772 K Application Layer Gateway Service Microsoft Corporation

lsass.exe 1036 3.788 K 1.444 K LSA Shell (Export Version) Microsoft Corporation

taskmgr.exe 2200 0.93 2.368 K 1.900 K Διαχείριση Εργασιών των Windows Microsoft Corporation

explorer.exe 3064 4.67 25.360 K 22.168 K Εξερεύνηση των Windows Microsoft Corporation

carpserv.exe 3376 196 K 680 K carpserv Conexant Systems

rundll32.exe 3596 3.264 K 5.128 K Εκτέλεση αρχείου DLL ως εφαρμογής Microsoft Corporation

SBAMTray.exe 3648 3.264 K 7.620 K SBAMTray Application Sunbelt Software

op_mon.exe 3668 18.444 K 6.536 K Outpost User Interface Agnitum Ltd.

avgnt.exe 3748 5.976 K 1.780 K Antivirus System Tray Tool Avira GmbH

realsched.exe 3772 1.980 K 188 K RealNetworks Scheduler RealNetworks, Inc.

ctfmon.exe 3812 1.036 K 3.940 K CTF Loader Microsoft Corporation

FAST2.EXE 3832 0.93 2.200 K 2.212 K FAST Defrag 2 Professional AMS

firefox.exe 2428 1.87 126.400 K 144.128 K Firefox Mozilla Corporation

uTorrent.exe 2616 9.35 42.624 K 27.224 K µTorrent BitTorrent, Inc.

procexp.exe 2864 6.54 17.080 K 23.708 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com

rundll32.exe 3712 0.93 3.708 K 6.608 K Εκτέλεση αρχείου DLL ως εφαρμογής Microsoft Corporation

notepad.exe 240 2.104 K 916 K Σημειωματάριο Microsoft Corporation

Sorry i forgot this big_smile

Process: uTorrent.exe Pid: 2616

Name Description Company Name Version

activeds.dll DLL Επίπεδου δρομολόγησης ADs Microsoft Corporation 5.1.2600.5512

adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.1.2600.5512

advapi32.dll Εξελιγμένο βασικό ΑΡΙ των Windows 32 Microsoft Corporation 5.1.2600.5755

atl.dll ATL Module for Windows XP (Unicode) Microsoft Corporation 3.5.2284.2

c_1252.nls

comctl32.dll User Experience Controls Library Microsoft Corporation 6.0.2900.6028

comdlg32.dll Αρχείο DLL κοινών παραθύρων διαλόγου Microsoft Corporation 6.0.2900.5512

ctype.nls

dnsapi.dll DNS Client API DLL Microsoft Corporation 5.1.2600.5625

gdi32.dll GDI Client DLL Microsoft Corporation 5.1.2600.5698

hnetcfg.dll Διαχείριση παραμέτρων οικιακού δικτύου Microsoft Corporation 5.1.2600.5512

iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 8.0.6001.18992

imm32.dll Windows XP IMM32 API Client DLL Microsoft Corporation 5.1.2600.5512

iphlpapi.dll IP βοηθητικής εφαρμογής API Microsoft Corporation 5.1.2600.5512

kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.1.2600.5781

locale.nls

mprapi.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.1.2600.5512

msctf.dll DLL διακομιστή MSCTF Microsoft Corporation 5.1.2600.5512

msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.1.2600.5768

msi.dll Windows Installer Microsoft Corporation 3.1.4001.5512

msimg32.dll GDIEXT Client DLL Microsoft Corporation 5.1.2600.5512

msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.2600.5512

mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.1.2600.5625

netapi32.dll Net Win32 API DLL Microsoft Corporation 5.1.2600.5694

ntdll.dll DLL επιπέδου NT Microsoft Corporation 5.1.2600.5755

ntmarta.dll Υπηρεσία παροχής MARTA για Windows NT Microsoft Corporation 5.1.2600.5512

nview.dll NVIDIA nView Desktop and Window Manager 110.60 NVIDIA Corporation 6.14.10.11060

ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.1.2600.6010

oleaut32.dll Microsoft Corporation 5.1.2600.5512

psapi.dll Process Status Helper Microsoft Corporation 5.1.2600.5512

rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.1.2600.5512

rpcrt4.dll Remote Procedure Call Runtime Microsoft Corporation 5.1.2600.6022

rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.1.2600.5507

rtutils.dll Routing Utilities Microsoft Corporation 5.1.2600.5512

samlib.dll SAM Library DLL Microsoft Corporation 5.1.2600.5512

secur32.dll Security Support Provider Interface Microsoft Corporation 5.1.2600.5834

serwvdrv.dll Πρόγραμμα οδήγησης Unimodem Serial Wave Microsoft Corporation 5.1.2600.0

setupapi.dll Windows Setup API Microsoft Corporation 5.1.2600.5512

shell32.dll Κοινόχρηστο Dll για το κέλυφος των Windows Microsoft Corporation 6.0.2900.6018

shfolder.dll Shell Folder Service Microsoft Corporation 6.0.2900.5512

shlwapi.dll Βιβλιοθήκη βοηθημάτων Shell Light-weight Microsoft Corporation 6.0.2900.5912

sortkey.nls

sorttbls.nls

umdmxfrm.dll Unimodem Tranform Module Microsoft Corporation 5.1.2600.0

unicode.nls

urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 8.0.6001.18992

user32.dll Windows XP USER API Client DLL Microsoft Corporation 5.1.2600.5512

userenv.dll Userenv Microsoft Corporation 5.1.2600.5512

uTorrent.exe µTorrent BitTorrent, Inc. 2.2.0.23703

uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.0.2900.5512

version.dll Version Checking and File Installation Libraries Microsoft Corporation 5.1.2600.5512

winmm.dll MCI API DLL Microsoft Corporation 5.1.2600.5512

wl_hook.dll Outpost Hooking Module Agnitum Ltd. 6.70.2954.10317

wldap32.dll Win32 LDAP API DLL Microsoft Corporation 5.1.2600.5512

ws2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.1.2600.5512

ws2help.dll Βοηθητική εφαρμογή των Windows Socket 2.0 για Windows NT Microsoft Corporation 5.1.2600.5512

wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.1.2600.5512

[keith-x]

BTW sorry i forgot to tell that the ver of WinXp is in greek :/ i hope that you can read the diagnostics reports ...

[GTHK]

wl_hook.dll Outpost Hooking Module Agnitum Ltd. 6.70.2954.10317

nview.dll NVIDIA nView Desktop and Window Manager 110.60 NVIDIA Corporation 6.14.10.11060

Did you remove all rules from Outpost, make new ones?

[keith-x]

i See that in network activity in Outpost the rule are allow all activity. but Ok i will try that .

[keith-x]

I now have with full download speed an 25-40% Cpu usage overall is above 50% with 30mb Ram consumption and acs.exe is running low

Are they normal number for my system?

I see i deference obviously .Still in my opinion utorrent has the highest cpu usage from any other application running in my system.

even if my system is a intel p4 1.80ghz with a 1gb ram

[GTHK]

I remember something about a bug causing higher CPU, I don't know if that applies to your situation but you could try taking care of the two apps I listed above which are injecting code into uT.

[keith-x]

I think i solved it !! I disabled Nvidia desktop manager ..which was enabled...

I have to check it for 1-2 days as i download just to make sure ..

THX

[GTHK]

Interesting. Does re-enabling it bug things up?

[jonnycakes]

I am having the same problem. I have a Intel quad core and for some reason just core 1 is maxed out 100% and memory usage is high when my torrents are active. I have Nvidia software on my PC also. If Nvidia desktop manager is the problem how in the heck do I disable it, I cannot locate a disable option? I have tried to kill all my Nvidia processes but it did nothing to free up the CPU or memory. Also is there a way to reset my preferences to defaults in uTorrent? Thanks

[moogly]

@jonnycakes: post HJT and PE logs when uT is running.

[keith-x]

I am having the same problem. I have a Intel quad core and for some reason just core 1 is maxed out 100% and memory usage is high when my torrents are active. I have Nvidia software on my PC also. If Nvidia desktop manager is the problem how in the heck do I disable it, I cannot locate a disable option? I have tried to kill all my Nvidia processes but it did nothing to free up the CPU or memory. Also is there a way to reset my preferences to defaults in uTorrent? Thanks

Go to Nvidia icon on the down right on the screen right click and click Nvidia control panel....click on your screen (..f.e ASUS19dvt..) and after you are on the Nvidia control panel window click on the Nvidia Desctop manager one the left of the window if you use classic view....And disable Nview desctop manager Apply and click Ok.

[jonnycakes]

I was unable to locate the option to disable the Nvidia Desktop Manager. I have the option to open the Nvidia Control Panel but there is no Desktop Manager. I have provided my HJT and PE logs when my uT is running.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 7:46:27 PM, on 12/28/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16700)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Citrix\GoToAssist Express Expert\258\g2ax_start.exe

D:\Roboform\robotaskbaricon.exe

D:\Sophos\AutoUpdate\ALMon.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

D:\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files (x86)\Citrix\GoToAssist Express Expert\258\g2ax_comm_expert.exe

D:\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

D:\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Program Files (x86)\Citrix\GoToAssist Express Expert\258\g2ax_user_expert.exe

C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

D:\uTorrent\uTorrent.exe

D:\Highjackthis\HijackThis.exe

D:\ProcessExplr\procexp.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wunderground.com/cgi-bin/findweather/getForecast?query=57106

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O1 - Hosts: ::1 localhost

O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - D:\Sophos\Sophos Anti-Virus\SophosBHO.dll

O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Roboform\roboform.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\MSOffice\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Roboform\roboform.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [sophos AutoUpdate Monitor] D:\Sophos\AutoUpdate\almon.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [LWS] D:\Logitech\LWS\Webcam Software\LWS.exe -hide

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [uTorrent] "D:\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [GoToAssist Express Expert] "C:\Program Files (x86)\Citrix\GoToAssist Express Expert\258\g2ax_start.exe" "/Trigger RunAtLogon"

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "D:\YahooMsg\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [RoboForm] "D:\Roboform\RoboTaskBarIcon.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: Logitech . Product Registration.lnk = D:\Logitech\Ereg\eReg.exe

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Customize Menu - file://D:\Roboform\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MSOffice\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Fill Forms - file://D:\Roboform\RoboFormComFillForms.html

O8 - Extra context menu item: RoboForm Toolbar - file://D:\Roboform\RoboFormComShowToolbar.html

O8 - Extra context menu item: Save Forms - file://D:\Roboform\RoboFormComSavePass.html

O8 - Extra context menu item: Se&nd to OneNote - res://D:\MSOffice\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MSOffice\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MSOffice\Office14\ONBttnIE.dll

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Roboform\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Roboform\RoboFormComFillForms.html

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Roboform\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Roboform\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Roboform\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Roboform\RoboFormComShowToolbar.html

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\MSOffice\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\MSOffice\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\programdata\sophos web intelligence\swi_lsp.dll

O10 - Unknown file in Winsock LSP: c:\programdata\sophos web intelligence\swi_lsp.dll

O10 - Unknown file in Winsock LSP: c:\programdata\sophos web intelligence\swi_lsp.dll

O10 - Unknown file in Winsock LSP: c:\programdata\sophos web intelligence\swi_lsp.dll

O10 - Unknown file in Winsock LSP: c:\programdata\sophos web intelligence\swi_lsp.dll

O10 - Unknown file in Winsock LSP: c:\programdata\sophos web intelligence\swi_lsp.dll

O10 - Unknown file in Winsock LSP: c:\programdata\sophos web intelligence\swi_lsp.dll

O10 - Unknown file in Winsock LSP: c:\programdata\sophos web intelligence\swi_lsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\programdata\sophos web intelligence\swi_lsp.dll

O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} (XTSAC Control) - https://corp.sturdevants.com/XTSAC.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: D:\Sophos\SOPHOS~1\SOPHOS~1.DLL

O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - D:\Sophos\Sophos Anti-Virus\SAVAdminService.exe

O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - D:\Sophos\Sophos Anti-Virus\SavService.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: Sophos AutoUpdate Service - Sophos Plc - D:\Sophos\AutoUpdate\ALsvc.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: StumbleUponUpdateService - stumbleupon.com - C:\Program Files (x86)\StumbleUpon\StumbleUponUpdateService.exe

O23 - Service: Sophos Web Intelligence Service (swi_service) - Sophos Plc - D:\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 14392 bytes

Process PID CPU Private Bytes Working Set Description Company Name Path

System Idle Process 0 78.85 0 K 24 K

uTorrent.exe 4348 15.38 206,232 K 215,124 K µTorrent BitTorrent, Inc. D:\uTorrent\uTorrent.exe

procexp64.exe 5704 2.69 25,460 K 42,880 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com D:\ProcessExplr\procexp64.exe

sidebar.exe 2508 1.92 143,632 K 61,928 K Windows Desktop Gadgets Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe

WmiPrvSE.exe 5064 0.38 6,096 K 4,816 K WMI Provider Host Microsoft Corporation C:\Windows\System32\wbem\WmiPrvSE.exe

nSvcAppFlt.exe 1920 0.38 4,004,260 K 695,156 K app_filter Module C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

DPCs n/a 0.38 0 K 0 K Deferred Procedure Calls

WUDFHost.exe 3460 2,616 K 1,332 K Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation C:\Windows\System32\WUDFHost.exe

wmpnetwk.exe 4644 13,976 K 16,360 K Windows Media Player Network Sharing Service Microsoft Corporation C:\Program Files\Windows Media Player\wmpnetwk.exe

WmiPrvSE.exe 2364 69,568 K 21,268 K WMI Provider Host Microsoft Corporation C:\Windows\System32\wbem\WmiPrvSE.exe

WmiPrvSE.exe 4068 7,620 K 6,552 K WMI Provider Host Microsoft Corporation C:\Windows\System32\wbem\WmiPrvSE.exe

winlogon.exe 860 3,800 K 1,632 K Windows Logon Application Microsoft Corporation C:\Windows\System32\winlogon.exe

wininit.exe 500 2,232 K 328 K Windows Start-Up Application Microsoft Corporation C:\Windows\System32\wininit.exe

taskhost.exe 2008 8,644 K 4,768 K Host Process for Windows Tasks Microsoft Corporation C:\Windows\System32\taskhost.exe

System 4 120 K 2,436 K

swi_service.exe 2568 5,728 K 3,512 K Sophos Web Intelligence Sophos Plc D:\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe

svchost.exe 1008 46,264 K 46,212 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe

svchost.exe 692 5,216 K 4,840 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe

svchost.exe 796 7,900 K 6,888 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe

svchost.exe 940 23,568 K 14,532 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe

svchost.exe 972 8,404 K 10,004 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe

svchost.exe 652 11,836 K 13,172 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe

svchost.exe 1724 23,560 K 20,756 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe

svchost.exe 1952 17,072 K 13,044 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe

svchost.exe 1716 9,584 K 8,760 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe

svchost.exe 3884 3,980 K 3,232 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe

svchost.exe 4996 13,668 K 12,212 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe

svchost.exe 5944 65,156 K 33,612 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe

spoolsv.exe 1880 9,736 K 5,108 K Spooler SubSystem App Microsoft Corporation C:\Windows\System32\spoolsv.exe

smss.exe 276 520 K 180 K Windows Session Manager Microsoft Corporation C:\Windows\System32\smss.exe

services.exe 564 50,008 K 28,804 K Services and Controller app Microsoft Corporation C:\Windows\System32\services.exe

SearchIndexer.exe 4364 40,340 K 18,732 K Microsoft Windows Search Indexer Microsoft Corporation C:\Windows\System32\SearchIndexer.exe

SavService.exe 288 113,220 K 86,916 K Performs virus scanning and disinfection functions Sophos Plc D:\Sophos\Sophos Anti-Virus\SavService.exe

SAVAdminService.exe 2160 2,548 K 3,828 K Sophos Administrator Service Sophos Plc D:\Sophos\Sophos Anti-Virus\SAVAdminService.exe

robotaskbaricon.exe 2368 3,648 K 3,052 K RoboForm TaskBar Icon Siber Systems D:\Roboform\robotaskbaricon.exe

RAVCpl64.exe 2428 9,848 K 2,060 K Realtek HD Audio Manager Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

procexp.exe 5304 1,884 K 8,976 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com D:\ProcessExplr\procexp.exe

NvXDSync.exe 1136 8,032 K 9,032 K NVIDIA User Experience Driver Component NVIDIA Corporation C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

nvvsvc.exe 756 2,976 K 2,708 K NVIDIA Driver Helper Service, Version 260.99 NVIDIA Corporation C:\Windows\System32\nvvsvc.exe

nvvsvc.exe 1148 5,764 K 2,664 K NVIDIA Driver Helper Service, Version 260.99 NVIDIA Corporation C:\Windows\System32\nvvsvc.exe

nvSCPAPISvr.exe 2444 2,480 K 1,940 K Stereo Vision Control Panel API Server NVIDIA Corporation C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

nvcplui.exe 900 21,072 K 35,024 K NVIDIA Control Panel Application, 3.4.772.04 NVIDIA Corporation C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe

nSvcIp.exe 2684 3,600 K 3,868 K NVIDIA Corporation C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

LWS.exe 3212 7,220 K 3,476 K Logitech Webcam Software Logitech Inc. D:\Logitech\LWS\Webcam Software\LWS.exe

LVPrS64H.exe 2108 1,360 K 1,112 K LVPrS64H Module. Logitech Inc. C:\Program Files (x86)\Common Files\logishrd\LVMVFM\LVPrS64H.exe

LVPrcSrv.exe 1940 3,528 K 1,908 K LVPrcSrv Module. Logitech Inc. C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe

lsm.exe 588 2,820 K 1,916 K Local Session Manager Service Microsoft Corporation C:\Windows\System32\lsm.exe

lsass.exe 580 5,676 K 6,644 K Local Security Authority Process Microsoft Corporation C:\Windows\System32\lsass.exe

jusched.exe 3124 1,304 K 500 K Java Update Scheduler Sun Microsystems, Inc. C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

Interrupts n/a 0 K 0 K Hardware Interrupts

iexplore.exe 6052 350,968 K 249,300 K Internet Explorer Microsoft Corporation C:\Program Files (x86)\Internet Explorer\iexplore.exe

iexplore.exe 2340 16,092 K 18,768 K Internet Explorer Microsoft Corporation C:\Program Files (x86)\Internet Explorer\iexplore.exe

iexplore.exe 2968 105,644 K 23,896 K Internet Explorer Microsoft Corporation C:\Program Files (x86)\Internet Explorer\iexplore.exe

HijackThis.exe 4280 5,024 K 13,748 K HijackThis Trend Micro Inc. D:\Highjackthis\HijackThis.exe

g2ax_user_expert.exe 3680 6,776 K 4,348 K GoToAssist Express Citrix Online, a division of Citrix Systems, Inc. C:\Program Files (x86)\Citrix\GoToAssist Express Expert\258\g2ax_user_expert.exe

g2ax_start.exe 2824 3,868 K 908 K GoToAssist Express Citrix Online, a division of Citrix Systems, Inc. C:\Program Files (x86)\Citrix\GoToAssist Express Expert\258\g2ax_start.exe

g2ax_comm_expert.exe 3444 20,864 K 11,444 K GoToAssist Express Citrix Online, a division of Citrix Systems, Inc. C:\Program Files (x86)\Citrix\GoToAssist Express Expert\258\g2ax_comm_expert.exe

explorer.exe 1452 35,092 K 42,396 K Windows Explorer Microsoft Corporation C:\Windows\explorer.exe

dwm.exe 1428 30,208 K 34,752 K Desktop Window Manager Microsoft Corporation C:\Windows\System32\dwm.exe

csrss.exe 520 11,828 K 34,836 K Client Server Runtime Process Microsoft Corporation C:\Windows\System32\csrss.exe

csrss.exe 416 3,376 K 2,000 K Client Server Runtime Process Microsoft Corporation C:\Windows\System32\csrss.exe

COCIManager.exe 4016 2,908 K 3,248 K Camera Control Interface Logitech Inc. C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe

CameraHelperShell.exe 3672 15,072 K 4,164 K Webcam Controller Logitech Inc. D:\Logitech\LWS\Webcam Software\CameraHelperShell.exe

ALsvc.exe 2256 3,308 K 2,416 K Sophos AutoUpdate Service. Sophos Plc D:\Sophos\AutoUpdate\ALsvc.exe

ALMon.exe 1112 4,116 K 1,676 K Sophos Endpoint Security and Control Sophos Plc D:\Sophos\AutoUpdate\ALMon.exe

acrotray.exe 3596 1,380 K 1,168 K AcroTray Adobe Systems Inc. D:\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[DreadWingKnight]

nVidia's forceware network access manager.

uninstall it

[jonnycakes]

Well I uninstalled the forceware network access manager. I will let you know if it fixed the problem. I am curious how you pinpointed where the code was injecting into uT?

[DreadWingKnight]

Because of it being in the LSP, it injects itself into EVERYTHING.

[drSHLEFF]

The same problem with version 2.2.1 Beta. HIGH CPU usage - 50-100%, and always 1 core of CPU. Comp stucking... And I didn't have NVIDIA Network Managment.

Windows 7 x64 SP1 RC

Gigabyte GA-890FX-UD5

6Gb memory

Video ATi HD4890

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:26:11, on 29.12.2010

Platform: Windows 7 SP1, v.721 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17105)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe

C:\Windows\SysWOW64\Ctxfihlp.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Windows\SysWOW64\CTXFISPI.EXE

C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\Opera\opera.exe

C:\Program Files (x86)\QIP 2010\qip.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\The Bat!\thebat.exe

D:\Software\Windows\Utilites\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IE 4.x-6.x BHO for Download Master - {9961627E-4059-41B4-8E0E-A7D6B3854ADF} - C:\PROGRA~2\DOWNLO~1\dmiehlp.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [Corel File Shell Monitor] c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe

O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup

O4 - HKLM\..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [infium] "C:\Program Files (x86)\QIP 2010\qip.exe" /autorun

O4 - HKCU\..\Run: [svchоst] "C:\win32\svchоst.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Закачать ВСЕ при помощи Download Master - C:\Program Files (x86)\Download Master\dmieall.htm

O8 - Extra context menu item: Закачать при помощи Download Master - C:\Program Files (x86)\Download Master\dmie.htm

O8 - Extra context menu item: Передать на удаленную закачку DM - C:\Program Files (x86)\Download Master\remdown.htm

O9 - Extra button: Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Program Files (x86)\Download Master\dmaster.exe

O9 - Extra 'Tools' menuitem: &Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Program Files (x86)\Download Master\dmaster.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AMD RAIDXpert (AMD_RAIDXpert) - AMD - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Служба Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe

O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Сервис iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Активатор Acronis OS Selector (OS Selector) - Unknown owner - C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 11396 bytes

Process Explorer:

Process PID CPU Private Bytes Working Set Description Company Name

System Idle Process 0 66.66 0 K 24 K

Interrupts n/a 0.38 0 K 0 K Hardware Interrupts

DPCs n/a 20.30 0 K 0 K Deferred Procedure Calls

System 4 236 K 3 852 K

smss.exe 580 552 K 152 K Диспетчер сеанса Windows Microsoft Corporation

csrss.exe 824 4 200 K 3 204 K Процесс исполнения клиент-сервер Microsoft Corporation

conhost.exe 2376 1 488 K 592 K Окно консоли узла Microsoft Corporation

wininit.exe 888 1 708 K 300 K Автозагрузка приложений Windows Microsoft Corporation

services.exe 944 6 724 K 6 564 K Приложение служб и контроллеров Microsoft Corporation

svchost.exe 760 5 372 K 5 168 K Хост-процесс для служб Windows Microsoft Corporation

CTxfispi.exe 3716 10 556 K 2 984 K SPI (Creative X-Fi Module) Creative Technology Ltd

dllhost.exe 3724 2 424 K 6 120 K COM Surrogate Microsoft Corporation

WmiPrvSE.exe 3308 2 856 K 6 320 K WMI Provider Host Microsoft Corporation

svchost.exe 696 6 292 K 6 352 K Хост-процесс для служб Windows Microsoft Corporation

atiesrxx.exe 1072 1 732 K 392 K AMD External Events Service Module AMD

atieclxx.exe 1704 2 728 K 2 032 K AMD External Events Client Module AMD

svchost.exe 1108 21 620 K 17 052 K Хост-процесс для служб Windows Microsoft Corporation

audiodg.exe 2408 16 452 K 17 032 K Изоляция графов аудиоустройств Windows Microsoft Corporation

svchost.exe 1140 9 156 K 11 776 K Хост-процесс для служб Windows Microsoft Corporation

dwm.exe 3800 50 212 K 41 440 K Диспетчер окон рабочего стола Microsoft Corporation

svchost.exe 1172 0.38 39 932 K 42 064 K Хост-процесс для служб Windows Microsoft Corporation

CTAudSvc.exe 1288 1 384 K 1 124 K Creative Audio Service Creative Technology Ltd

svchost.exe 1372 14 580 K 17 248 K Хост-процесс для служб Windows Microsoft Corporation

svchost.exe 1488 30 248 K 29 644 K Хост-процесс для служб Windows Microsoft Corporation

AvastSvc.exe 1552 48 068 K 8 244 K avast! Service AVAST Software

taskhost.exe 1856 8 892 K 5 304 K Хост-процесс для задач Windows Microsoft Corporation

svchost.exe 2096 13 220 K 10 188 K Хост-процесс для служб Windows Microsoft Corporation

schedul2.exe 2212 2 324 K 1 868 K

schedhlp.exe 2272 1 460 K 792 K

afcdpsrv.exe 2248 2 060 K 1 416 K File Level CDP Manager Service Acronis

RAIDXpertService.exe 2308 956 K 296 K AMD RAIDXpert Service AMD

RAIDXpert.exe 2360 34 308 K 25 448 K AMD RAIDXpert

WinMsgBalloonServer.exe 3136 1 012 K 716 K RAIDXpert Event Notifier Server

WinMsgBalloonClient.exe 3192 1 340 K 588 K RAIDXpert Event Notifier

AppleMobileDeviceService.exe 2368 2 440 K 2 040 K MobileDeviceService Apple Inc.

mDNSResponder.exe 2424 2 416 K 2 732 K Bonjour Service Apple Inc.

sqlservr.exe 2488 150 936 K 11 664 K SQL Server Windows NT - 64 Bit Microsoft Corporation

PsiService_2.exe 2620 1 808 K 3 764 K PsiService PsiService Protexis Inc.

sqlwriter.exe 2664 2 216 K 1 924 K SQL Server VSS Writer - 64 Bit Microsoft Corporation

svchost.exe 2688 10 548 K 7 280 K Хост-процесс для служб Windows Microsoft Corporation

reinstall_svc.exe 2768 1 744 K 292 K

svchost.exe 3468 2 128 K 2 172 K Хост-процесс для служб Windows Microsoft Corporation

iPodService.exe 4872 3 604 K 2 232 K iPodService Module (64-bit) Apple Inc.

svchost.exe 3940 11 812 K 14 972 K Хост-процесс для служб Windows Microsoft Corporation

svchost.exe 1872 12 696 K 11 256 K Хост-процесс для служб Windows Microsoft Corporation

wmpnetwk.exe 5852 18 592 K 18 376 K Служба общих сетевых ресурсов проигрывателя Windows Media Microsoft Corporation

UI0Detect.exe 6740 2 800 K 1 908 K Обнаружение интерактивных служб Microsoft Corporation

SearchIndexer.exe 5868 41 204 K 32 352 K Индексатор службы Microsoft Windows Search Microsoft Corporation

spoolsv.exe 5824 10 396 K 17 544 K Диспетчер очереди печати Microsoft Corporation

afwServ.exe 3608 9 344 K 9 228 K avast! firewall service AVAST Software

lsass.exe 972 6 368 K 7 240 K Local Security Authority Process Microsoft Corporation

lsm.exe 980 2 940 K 2 040 K Служба диспетчера локальных сеансов Microsoft Corporation

csrss.exe 908 0.38 4 080 K 23 888 K Процесс исполнения клиент-сервер Microsoft Corporation

winlogon.exe 128 3 292 K 2 016 K Программа входа в систему Windows Microsoft Corporation

explorer.exe 3824 1.15 100 672 K 95 284 K Проводник Microsoft Corporation

LWEMon.exe 3916 0.38 4 744 K 3 516 K Logitech WingMan Event Monitor Logitech Inc.

sidebar.exe 3932 44 736 K 30 608 K Гаджеты рабочего стола Windows Microsoft Corporation

DTLite.exe 3704 14 744 K 20 276 K DAEMON Tools Lite DT Soft Ltd

opera.exe 6968 274 164 K 269 216 K Opera Internet Browser Opera Software

qip.exe 5788 29 972 K 10 768 K QIP 2010 QIP

notepad.exe 6680 1 960 K 7 396 K Блокнот Microsoft Corporation

uTorrent.exe 6944 8.04 68 684 K 76 640 K µTorrent BitTorrent, Inc.

thebat.exe 5236 26 328 K 21 660 K The Bat! E-Mail Client by Ritlabs Ritlabs S.R.L.

procexp64.exe 6636 2.68 27 640 K 46 412 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com

VolPanlu.exe 2028 11 852 K 3 544 K VolPanlu.exe Creative Technology Ltd

Ctxfihlp.exe 3264 3 100 K 2 488 K CTXfiHlp MFC Application Creative Technology Ltd

nusb3mon.exe 1720 2 128 K 1 212 K USB 3.0 Monitor Renesas Electronics Corporation

TrueImageMonitor.exe 3972 9 628 K 5 248 K

NokiaMServer.exe 4124 11 420 K 4 476 K Nokia M Platform Nokia

iTunesHelper.exe 4236 5 920 K 3 524 K iTunesHelper Apple Inc.

AvastUI.exe 4268 10 692 K 9 460 K avast! Antivirus AVAST Software

MOM.exe 4284 40 648 K 4 960 K Catalyst Control Center: Monitoring program Advanced Micro Devices Inc.

CCC.exe 4544 68 268 K 5 572 K Catalyst Control Center: Host application ATI Technologies Inc.

notepad.exe 5808 12 216 K 26 180 K Блокнот Microsoft Corporation

Process: uTorrent.exe Pid: 2344

Name Description Company Name Version

{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000b.db

{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000042.db

{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db

actxprxy.dll ActiveX Interface Marshaling Library Microsoft Corporation 6.1.7601.17105

advapi32.dll Расширенная библиотека API Windows 32 Microsoft Corporation 6.1.7601.17105

apisetschema.dll ApiSet Schema DLL Microsoft Corporation 6.1.7600.16385

atl.dll ATL Module for Windows XP (Unicode) Microsoft Corporation 3.5.2284.0

C_1252.NLS

cfgmgr32.dll Configuration Manager DLL Microsoft Corporation 6.1.7601.17105

clbcatq.dll COM+ Configuration Catalog Microsoft Corporation 2001.12.8530.16385

comctl32.dll Библиотека элементов управления взаимодействия с пользователем Microsoft Corporation 6.10.7601.17105

comctl32.dll.mui Библиотека элементов управления взаимодействия с пользователем Microsoft Corporation 6.10.7600.16385

comdlg32.dll Библиотека общих диалоговых окон Microsoft Corporation 6.1.7601.17105

credssp.dll Credential Delegation Security Package Microsoft Corporation 6.1.7601.17105

crypt32.dll API32 криптографии Microsoft Corporation 6.1.7601.17105

cryptbase.dll Base cryptographic API DLL Microsoft Corporation 6.1.7600.16385

cryptsp.dll Cryptographic Service Provider API Microsoft Corporation 6.1.7600.16385

cversions.2.db

cversions.2.db

devobj.dll Device Information Set DLL Microsoft Corporation 6.1.7600.16385

dhcpcsvc.dll Служба DHCP-клиента Microsoft Corporation 6.1.7600.16385

dhcpcsvc6.dll Клиент DHCPv6 Microsoft Corporation 6.1.7600.16385

dnsapi.dll Динамическая библиотека API DNS-клиента Microsoft Corporation 6.1.7601.17105

dnssd.dll Bonjour Client Library Apple Inc. 2.0.3.0

duser.dll Windows DirectUser Engine Microsoft Corporation 6.1.7600.16385

duser.dll.mui Windows DirectUser Engine Microsoft Corporation 6.1.7600.16385

dwmapi.dll Интерфейс API диспетчера окон рабочего стола (Майкрософт) Microsoft Corporation 6.1.7600.16385

FirewallAPI.dll API брандмауэра Windows Microsoft Corporation 6.1.7600.16385

FWPUCLNT.DLL API пользовательского режима FWP/IPsec Microsoft Corporation 6.1.7601.17105

gdi32.dll GDI Client DLL Microsoft Corporation 6.1.7601.17105

gpapi.dll Клиентские функции API групповой политики Microsoft Corporation 6.1.7600.16385

hnetcfg.dll Диспетчер конфигурации домашней сети Microsoft Corporation 6.1.7600.16385

iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 8.0.7601.17105

imm32.dll Multi-User Windows IMM32 API Client DLL Microsoft Corporation 6.1.7601.17105

IPHLPAPI.DLL IP Helper API Microsoft Corporation 6.1.7601.17105

kernel32.dll Библиотека клиента Windows NT BASE API Microsoft Corporation 6.1.7601.17105

KernelBase.dll Библиотека клиента Windows NT BASE API Microsoft Corporation 6.1.7601.17105

KernelBase.dll.mui Библиотека клиента Windows NT BASE API Microsoft Corporation 6.1.7600.16385

locale.nls

lpk.dll Language Pack Microsoft Corporation 6.1.7600.16385

mdnsNSP.dll Bonjour Namespace Provider Apple Inc. 2.0.3.0

msasn1.dll ASN.1 Runtime APIs Microsoft Corporation 6.1.7601.17105

msctf.dll Серверная библиотека MSCTF Microsoft Corporation 6.1.7600.16385

msi.dll Windows Installer Microsoft Corporation 5.0.7601.17105

msimg32.dll GDIEXT Client DLL Microsoft Corporation 6.1.7600.16385

mssprxy.dll Microsoft Search Proxy Microsoft Corporation 7.0.7600.16385

msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.7600.16385

mswsock.dll Расширение поставщика службы API Microsoft Windows Sockets 2.0 Microsoft Corporation 6.1.7601.17105

msxml3.dll MSXML 3.0 SP11 Microsoft Corporation 8.110.7601.17105

msxml3r.dll XML Resources Microsoft Corporation 8.110.7600.16385

netshell.dll Оболочка сетевых подключений Microsoft Corporation 6.1.7601.17105

nlaapi.dll Network Location Awareness 2 Microsoft Corporation 6.1.7601.17105

npmproxy.dll Network List Manager Proxy Microsoft Corporation 6.1.7600.16385

nsi.dll NSI User-mode interface DLL Microsoft Corporation 6.1.7600.16385

ntdll.dll Системная библиотека NT Microsoft Corporation 6.1.7601.17105

ntdll.dll Системная библиотека NT Microsoft Corporation 6.1.7601.17105

ntmarta.dll Поставщик Windows NT MARTA Microsoft Corporation 6.1.7600.16385

ole32.dll Microsoft OLE для Windows Microsoft Corporation 6.1.7601.17105

oleaut32.dll Microsoft Corporation 6.1.7601.17105

profapi.dll User Profile Basic API Microsoft Corporation 6.1.7600.16385

propsys.dll Система страниц свойств (Microsoft) Microsoft Corporation 7.0.7601.17105

psapi.dll Process Status Helper Microsoft Corporation 6.1.7600.16385

rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 6.1.7600.16385

rpcrt4.dll Библиотека удаленного вызова процедур Microsoft Corporation 6.1.7601.17105

RpcRtRemote.dll Remote RPC Extension Microsoft Corporation 6.1.7601.17105

rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 6.1.7600.16385

sechost.dll Host for SCM/SDDL/LSA Lookup APIs Microsoft Corporation 6.1.7600.16385

setupapi.dll Windows Setup API Microsoft Corporation 6.1.7601.17105

shell32.dll Общая библиотека оболочки Windows Microsoft Corporation 6.1.7601.17105

shfolder.dll Shell Folder Service Microsoft Corporation 6.1.7600.16385

shlwapi.dll Библиотека небольших программ оболочки Microsoft Corporation 6.1.7601.17105

slc.dll Software Licensing Client DLL Microsoft Corporation 6.1.7600.16385

SortDefault.nls

ssdpapi.dll SSDP Client API DLL Microsoft Corporation 6.1.7600.16385

sspicli.dll Security Support Provider Interface Microsoft Corporation 6.1.7601.17105

StaticCache.dat

sxs.dll Fusion 2.5 Microsoft Corporation 6.1.7601.17105

upnp.dll API контрольной точки UPnP Microsoft Corporation 6.1.7601.17105

urlmon.dll Расширения OLE32 для Win32 Microsoft Corporation 8.0.7601.17105

user32.dll Многопользовательская библиотека клиента USER API Windows Microsoft Corporation 6.1.7601.17105

userenv.dll Userenv Microsoft Corporation 6.1.7601.17105

usp10.dll Uniscribe Unicode script processor Microsoft Corporation 1.626.7601.17105

uTorrent.exe µTorrent BitTorrent, Inc. 2.2.1.23908

uxtheme.dll Библиотека тем UxTheme (Microsoft) Microsoft Corporation 6.1.7600.16385

version.dll Version Checking and File Installation Libraries Microsoft Corporation 6.1.7600.16385

webio.dll API протоколов передачи по Веб Microsoft Corporation 6.1.7601.17105

winhttp.dll Службы HTTP Windows Microsoft Corporation 6.1.7601.17105

wininet.dll Расширения Интернета для Win32 Microsoft Corporation 8.0.7601.17105

winnsi.dll Network Store Information RPC interface Microsoft Corporation 6.1.7600.16385

Wldap32.dll Win32 LDAP API DLL Microsoft Corporation 6.1.7601.17105

wow64.dll Win32 Emulation on NT64 Microsoft Corporation 6.1.7601.17105

wow64cpu.dll AMD64 Wow64 CPU Microsoft Corporation 6.1.7601.17105

wow64win.dll Wow64 Console and Win32 API Logging Microsoft Corporation 6.1.7601.17105

ws2_32.dll 32-разрядная библиотека Windows Socket 2.0 Microsoft Corporation 6.1.7600.16385

wship6.dll Библиотека DLL помощника Winsock2 (TL/IPv6) Microsoft Corporation 6.1.7600.16385

WSHTCPIP.DLL Библиотека DLL помощника службы Winsock2 (TL/IPv4) Microsoft Corporation 6.1.7600.16385

[DreadWingKnight]

drSHLEFF: Post the same logs that others in this thread have.

[Liutecis]

I have the same problem with my uT v2.2. I disabled nVidia Desktop manager, but still uT is useing 100% cpu. What should i do?

Maby this can help....

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 7:11:23 AM, on 12/29/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINXP\System32\smss.exe

C:\WINXP\system32\winlogon.exe

C:\WINXP\system32\services.exe

C:\WINXP\system32\lsass.exe

C:\WINXP\system32\svchost.exe

C:\WINXP\System32\svchost.exe

C:\WINXP\system32\svchost.exe

C:\WINXP\Explorer.EXE

C:\WINXP\System32\svchost.exe

C:\WINXP\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINXP\system32\RUNDLL32.EXE

C:\WINXP\VM305_STI.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINXP\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINXP\system32\nvsvc32.exe

C:\WINXP\system32\svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Documents and Settings\Modestas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Games\Steam\Steam.exe

C:\Documents and Settings\Modestas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Modestas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINXP\system32\rundll32.exe

C:\Documents and Settings\Modestas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\HiJack\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINXP\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [bigDog305] C:\WINXP\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINXP\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINXP\system32\browseui.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\system32\nvsvc32.exe

--

End of file - 6476 bytes

Process Explorer:

Process PID CPU Private Bytes Working Set Description Company Name

System Idle Process 0 0 K 28 K

Interrupts n/a 92.54 0 K 0 K Hardware Interrupts

DPCs n/a 2.99 0 K 0 K Deferred Procedure Calls

System 4 0 K 240 K

smss.exe 580 172 K 412 K Windows NT Session Manager Microsoft Corporation

csrss.exe 652 1,648 K 4,352 K Client Server Runtime Process Microsoft Corporation

winlogon.exe 696 6,396 K 1,612 K Windows NT Logon Application Microsoft Corporation

services.exe 740 1.49 1,808 K 4,236 K Services and Controller app Microsoft Corporation

svchost.exe 924 3,068 K 4,972 K Generic Host Process for Win32 Services Microsoft Corporation

wmiprvse.exe 3988 2,404 K 4,932 K WMI Microsoft Corporation

svchost.exe 1000 1,868 K 4,480 K Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1096 14,916 K 25,060 K Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1136 2,388 K 3,364 K Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1280 1,420 K 3,772 K Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1468 1,496 K 3,948 K Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1608 2,540 K 4,076 K Generic Host Process for Win32 Services Microsoft Corporation

spoolsv.exe 1672 3,172 K 4,796 K Spooler SubSystem App Microsoft Corporation

sched.exe 1732 3,796 K 836 K Antivirus Scheduler Avira GmbH

svchost.exe 1800 1,304 K 3,832 K Generic Host Process for Win32 Services Microsoft Corporation

avguard.exe 1404 85,120 K 17,892 K Antivirus On-Access Service Avira GmbH

avshadow.exe 404 636 K 2,644 K AntiVir shadow copy service Avira GmbH

mDNSResponder.exe 1444 1,080 K 3,564 K Bonjour Service Apple Computer, Inc.

jqs.exe 1612 1,988 K 1,404 K Java Quick Starter Service Sun Microsystems, Inc.

nvsvc32.exe 1832 2,672 K 4,188 K NVIDIA Driver Helper Service, Version 175.16 NVIDIA Corporation

svchost.exe 1976 2,572 K 4,480 K Generic Host Process for Win32 Services Microsoft Corporation

alg.exe 3200 1,160 K 3,652 K Application Layer Gateway Service Microsoft Corporation

lsass.exe 752 3,836 K 1,716 K LSA Shell (Export Version) Microsoft Corporation

explorer.exe 1492 16,996 K 25,872 K Windows Explorer Microsoft Corporation

rundll32.exe 1964 2,460 K 3,560 K Run a DLL as an App Microsoft Corporation

vm305_sti.exe 1988 2,060 K 3,696 K VM305SNAP VM305SNAP

issch.exe 1996 340 K 1,332 K InstallShield Update Service Scheduler InstallShield Software Corporation

avgnt.exe 2012 4,748 K 2,948 K Antivirus System Tray Tool Avira GmbH

ctfmon.exe 160 924 K 3,184 K CTF Loader Microsoft Corporation

Skype.exe 188 90,012 K 39,844 K Skype Skype Technologies S.A.

skypePM.exe 132 11,516 K 16,044 K Skype Extras Manager Skype Technologies

chrome.exe 3472 58,644 K 5,188 K Google Chrome Google Inc.

chrome.exe 3872 26,680 K 36,424 K Google Chrome Google Inc.

rundll32.exe 4012 4,652 K 4,000 K Run a DLL as an App Microsoft Corporation

chrome.exe 4020 8,660 K 13,824 K Google Chrome Google Inc.

Steam.exe 3680 111,996 K 12,840 K Steam Valve Corporation

procexp.exe 3832 2.99 9,988 K 8,668 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com

uTorrent.exe 3968 21,844 K 16,140 K µTorrent BitTorrent, Inc.

Process: uTorrent.exe Pid: 3996

Name Description Company Name Version

activeds.dll ADs Router Layer DLL Microsoft Corporation 5.1.2600.5512

adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.1.2600.5512

advapi32.dll Advanced Windows 32 Base API Microsoft Corporation 5.1.2600.5755

atl.dll ATL Module for Windows XP (Unicode) Microsoft Corporation 3.5.2284.2

clbcatq.dll Microsoft Corporation 2001.12.4414.700

comctl32.dll User Experience Controls Library Microsoft Corporation 6.0.2900.6028

comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.0.2900.5512

comres.dll Microsoft Corporation 2001.12.4414.700

credui.dll Credential Manager User Interface Microsoft Corporation 5.1.2600.5512

crypt32.dll Crypto API32 Microsoft Corporation 5.131.2600.5512

ctype.nls

dnsapi.dll DNS Client API DLL Microsoft Corporation 5.1.2600.5625

dot3api.dll 802.3 Autoconfiguration API Microsoft Corporation 5.1.2600.5512

dot3dlg.dll 802.3 UI Helper Microsoft Corporation 5.1.2600.5512

eappcfg.dll Eap Peer Config Microsoft Corporation 5.1.2600.5512

eappprxy.dll Microsoft EAPHost Peer Client DLL Microsoft Corporation 5.1.2600.5512

gdi32.dll GDI Client DLL Microsoft Corporation 5.1.2600.5698

hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.1.2600.5512

iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 8.0.6001.23084

imm32.dll Windows XP IMM32 API Client DLL Microsoft Corporation 5.1.2600.5512

iphlpapi.dll IP Helper API Microsoft Corporation 5.1.2600.5512

kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.1.2600.5781

locale.nls

mdnsNSP.dll Bonjour Namespace Provider Apple Computer, Inc. 1.0.3.1

mprapi.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.1.2600.5512

msasn1.dll ASN.1 Runtime APIs Microsoft Corporation 5.1.2600.5875

MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.1.2600.5512

MSCTFIME.IME Microsoft Text Frame Work Service IME Microsoft Corporation 5.1.2600.5512

msi.dll Windows Installer Microsoft Corporation 3.1.4001.5512

msimg32.dll GDIEXT Client DLL Microsoft Corporation 5.1.2600.5512

msvcp60.dll Microsoft ® C++ Runtime Library Microsoft Corporation 6.2.3104.0

msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.2600.5512

mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.1.2600.5625

netapi32.dll Net Win32 API DLL Microsoft Corporation 5.1.2600.5694

netshell.dll Network Connections Shell Microsoft Corporation 5.1.2600.5512

ntdll.dll NT Layer DLL Microsoft Corporation 5.1.2600.5755

ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.1.2600.6010

oleaut32.dll Microsoft Corporation 5.1.2600.5512

onex.dll IEEE 802.1X supplicant library Microsoft Corporation 5.1.2600.5512

psapi.dll Process Status Helper Microsoft Corporation 5.1.2600.5512

rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.1.2600.5512

rpcrt4.dll Remote Procedure Call Runtime Microsoft Corporation 5.1.2600.6022

rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.1.2600.5507

rtutils.dll Routing Utilities Microsoft Corporation 5.1.2600.5512

samlib.dll SAM Library DLL Microsoft Corporation 5.1.2600.5512

secur32.dll Security Support Provider Interface Microsoft Corporation 5.1.2600.5834

setupapi.dll Windows Setup API Microsoft Corporation 5.1.2600.5512

shell32.dll Windows Shell Common Dll Microsoft Corporation 6.0.2900.6018

shfolder.dll Shell Folder Service Microsoft Corporation 6.0.2900.5512

shlwapi.dll Shell Light-weight Utility Library Microsoft Corporation 6.0.2900.5912

sortkey.nls

sorttbls.nls

unicode.nls

urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 8.0.6001.23084

user32.dll Windows XP USER API Client DLL Microsoft Corporation 5.1.2600.5512

userenv.dll Userenv Microsoft Corporation 5.1.2600.5512

uTorrent.exe µTorrent BitTorrent, Inc. 2.2.0.23774

uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.0.2900.5512

version.dll Version Checking and File Installation Libraries Microsoft Corporation 5.1.2600.5512

winsta.dll Winstation Library Microsoft Corporation 5.1.2600.5512

wldap32.dll Win32 LDAP API DLL Microsoft Corporation 5.1.2600.5512

ws2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.1.2600.5512

ws2help.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.1.2600.5512

wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.1.2600.5512

wtsapi32.dll Windows Terminal Server SDK APIs Microsoft Corporation 5.1.2600.5512

xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.1.2600.5512

[GTHK]

Missing DLL list.

[drSHLEFF]

Missing DLL list.

OK. DLL list added

[Liutecis]

Missing DLL list.

I added added dll. And please, help me, I don't know what to do.

[drivah7]

Yesterday I let uTorrent upgrade from 2.0 to 2.2 and I have the same problem, uTorrent consume 50% of CPU ( 100% of one core ). Now I noticed that it only consumes CPU when there is a uTorrent window on the screen, when minimized in tray - there is very little CPU usage as usual, and it uploads (seeding) normally.

I have Core2Duo E4700 on ASUS P5PE-VM, 2Gb RAM, running WinXP SP2.

I tried tun off all possible bars ( F4-F12 ) - doesn't help.

Here's the tech stuff:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:53:57, on 31.12.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\ABBYY Lingvo 12\Lvagent.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinOrganizer\WinOrganizer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Tracker Checker 2\Tracker Checker 2.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\ICQLite\icq.exe
C:\my_progs\putty\putty.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\my_progs\putty\putty.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\VMware\VMware Workstation\vmware.exe
C:\Program Files\VMware\VMware Workstation\vmware-unity-helper.exe
C:\Program Files\Far\Far.exe
C:\Program Files\Far\Far.exe
C:\Program Files\XMind\xmind.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\ABBYY Lingvo 12\Lingvo.exe
C:\Program Files\Mozilla Firefox 3\firefox.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\WINDOWS\system32\calc.exe
C:\Program Files\Far\Far.exe
G:\z\Soft.1\utils\System\Process Explorer\Prosess Explorer\procexp.exe
C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\VMware\VMware Workstation\vmware-vmx.exe
C:\Program Files\VMware\VMware Workstation\vprintproxy.exe
C:\Program Files\uTorrent\uTorrent.exe
G:\z\Soft.1\AV\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
R3 - URLSearchHook: (no name) - {83821C2B-32A8-4DD7-B6D4-44309A78E668} - C:\Program Files\Mail.Ru\Agent\Mra\dll\newmrasearch.dll
O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Яндекс.Бар - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files\Yandex\YandexBarIE\yndbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Lingvo Launcher] "C:\Program Files\ABBYY Lingvo 12\Lvagent.exe" /STARTUP
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinOrganizer] C:\Program Files\WinOrganizer\WinOrganizer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [TrackerChecker2] "C:\Program Files\Tracker Checker 2\Tracker Checker 2.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O8 - Extra context menu item: Копировать в Semagic - C:\Program Files\Semagic\copy.htm
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - S:\my_progs\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - S:\my_progs\ICQ\ICQ.exe
O9 - Extra button: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe
O9 - Extra 'Tools' menuitem: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe
O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: ICQ Lite - {E59EB121-F339-4851-A3BA-FE49C35617C2} - ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {E59EB121-F339-4851-A3BA-FE49C35617C2} - ICQ.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O16 - DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} (AcceptWM Class) - https://w3s.webmoney.ru/WMAcceptor.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228729823765
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB3D1265-CF18-4F63-8F8A-4CD3D518951C}: NameServer = 194.8.160.90,195.131.52.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{E153E466-CCA6-43FF-801A-188B413C7688}: NameServer = 192.168.1.7,192.168.1.1
O22 - SharedTaskScheduler: Предзагрузчик Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Демон кэша категорий компонентов - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - C:\WINDOWS\system32\imapi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация Майкрософт - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)



Process: uTorrent.exe Pid: 2940

Name    Description    Company Name    Version
activeds.dll    Библиотека DLL уровня маршрутизатора AD    Корпорация Майкрософт    5.01.2600.2180
adsldpc.dll    Библиотека DLL поставщика LDAP AD    Корпорация Майкрософт    5.01.2600.2180
advapi32.dll    Расширенная библиотека API Windows 32    Корпорация Майкрософт    5.01.2600.2180
atl.dll    ATL Module for Windows XP (Unicode)    Microsoft Corporation    3.05.2284.0000
comctl32.dll    User Experience Controls Library    Microsoft Corporation    6.00.2900.2180
comdlg32.dll    Библиотека общих диалоговых окон    Корпорация Майкрософт    6.00.2900.2180
ctype.nls            
dnsapi.dll    DNS Client API DLL    Microsoft Corporation    5.01.2600.2180
FLVSrvLib.dll    FLV Service Library for Ask and Record Toolbar    Applian Technologies, Inc.    1.00.0000.0000
gdi32.dll    GDI Client DLL    Microsoft Corporation    5.01.2600.2180
hnetcfg.dll    Диспетчер конфигурации домашней сети    Корпорация Майкрософт    5.01.2600.2180
iphlpapi.dll    API модуля поддержки IP    Корпорация Майкрософт    5.01.2600.2180
kernel32.dll    Библиотека клиента Windows NT BASE API    Корпорация Майкрософт    5.01.2600.2180
locale.nls            
LvHook.dll    Lingvo Hook DLL    ABBYY (BIT Software)    12.00.0000.0356
mprapi.dll    Windows NT MP Router Administration DLL    Microsoft Corporation    5.01.2600.2180
MSCTF.dll    Библиотека (DLL) MSCTF-сервера    Корпорация Майкрософт    5.01.2600.2180
msi.dll    Windows Installer    Microsoft Corporation    3.00.3790.2180
msimg32.dll    GDIEXT Client DLL    Microsoft Corporation    5.01.2600.2180
msvcrt.dll    Windows NT CRT DLL    Microsoft Corporation    7.00.2600.2180
mswsock.dll    Расширение поставщика службы API Microsoft Windows Sockets 2.0    Корпорация Майкрософт    5.01.2600.2180
netapi32.dll    Net Win32 API DLL    Microsoft Corporation    5.01.2600.2180
ntdll.dll    Системная библиотека NT    Корпорация Майкрософт    5.01.2600.2180
ole32.dll    Microsoft OLE для  Windows    Корпорация Майкрософт    5.01.2600.2180
oleaut32.dll        Microsoft Corporation    5.01.2600.2180
psapi.dll    Process Status Helper    Microsoft Corporation    5.01.2600.2180
rasadhlp.dll    Remote Access AutoDial Helper    Microsoft Corporation    5.01.2600.2180
rpcrt4.dll    Remote Procedure Call Runtime    Microsoft Corporation    5.01.2600.2180
rsaenh.dll    Microsoft Enhanced Cryptographic Provider    Microsoft Corporation    5.01.2600.2161
rtutils.dll    Routing Utilities    Microsoft Corporation    5.01.2600.2180
samlib.dll    SAM Library DLL    Microsoft Corporation    5.01.2600.2180
secur32.dll    Security Support Provider Interface    Microsoft Corporation    5.01.2600.2180
setupapi.dll    Windows Setup API    Корпорация Майкрософт    5.01.2600.2180
shell32.dll    Общая библиотека оболочки Windows    Корпорация Майкрософт    6.00.2900.2180
shfolder.dll    Shell Folder Service    Microsoft Corporation    6.00.2900.2180
shlwapi.dll    Библиотека небольших программ оболочки    Корпорация Майкрософт    6.00.2900.2180
sortkey.nls            
sorttbls.nls            
unicode.nls            
urlmon.dll    Расширения OLE32 для Win32    Корпорация Майкрософт    6.00.2900.2180
user32.dll    Библиотека клиента USER API Windows XP    Корпорация Майкрософт    5.01.2600.2180
userenv.dll    Userenv    Корпорация Майкрософт    5.01.2600.2180
uTorrent.exe    µTorrent    BitTorrent, Inc.    2.02.0000.23703
uxtheme.dll    Библиотека тем UxTheme (Microsoft)    Корпорация Майкрософт    6.00.2900.2180
version.dll    Version Checking and File Installation Libraries    Microsoft Corporation    5.01.2600.2180
wl_hook.dll    Winlogon Hooking    Agnitum Ltd.    4.00.1007.7323
wldap32.dll    Win32 LDAP API DLL    Корпорация Майкрософт    5.01.2600.2180
ws2_32.dll    Windows Socket 2.0 32-Bit DLL    Microsoft Corporation    5.01.2600.2180
ws2help.dll    Модуль поддержки Windows Socket 2.0 для Windows NT    Корпорация Майкрософт    5.01.2600.2180

[DreadWingKnight]

LvHook.dll Lingvo Hook DLL ABBYY (BIT Software) 12.00.0000.0356

What is this from?

[drivah7]

I think this is ABBYY Lingvo launcher ( dictionary ), I always have it running.

Process: LvAgent.exe Pid: 2508

Name    Description    Company Name    Version
advapi32.dll    Расширенная библиотека API Windows 32    Корпорация Майкрософт    5.01.2600.2180
comctl32.dll    User Experience Controls Library    Microsoft Corporation    6.00.2900.2180
ctype.nls            
FLVSrvLib.dll    FLV Service Library for Ask and Record Toolbar    Applian Technologies, Inc.    1.00.0000.0000
gdi32.dll    GDI Client DLL    Microsoft Corporation    5.01.2600.2180
kernel32.dll    Библиотека клиента Windows NT BASE API    Корпорация Майкрософт    5.01.2600.2180
locale.nls            
LvAgent.exe    Lingvo Launcher    ABBYY (BIT Software)    12.00.0000.0356
LvHook.dll    Lingvo Hook DLL    ABBYY (BIT Software)    12.00.0000.0356
MSCTF.dll    Библиотека (DLL) MSCTF-сервера    Корпорация Майкрософт    5.01.2600.2180
msvcrt.dll    Windows NT CRT DLL    Microsoft Corporation    7.00.2600.2180
ntdll.dll    Системная библиотека NT    Корпорация Майкрософт    5.01.2600.2180
rpcrt4.dll    Remote Procedure Call Runtime    Microsoft Corporation    5.01.2600.2180
shell32.dll    Общая библиотека оболочки Windows    Корпорация Майкрософт    6.00.2900.2180
shlwapi.dll    Библиотека небольших программ оболочки    Корпорация Майкрософт    6.00.2900.2180
sortkey.nls            
sorttbls.nls            
unicode.nls            
user32.dll    Библиотека клиента USER API Windows XP    Корпорация Майкрософт    5.01.2600.2180
uxtheme.dll    Библиотека тем UxTheme (Microsoft)    Корпорация Майкрософт    6.00.2900.2180
wl_hook.dll    Winlogon Hooking    Agnitum Ltd.    4.00.1007.7323

[DreadWingKnight]

And why does it hook into everything?