Corozat Posted May 3, 2011 Report Share Posted May 3, 2011 I was working fine with my utorrent and then, one day, he just stopped, and every time that i try to swicht it on he just shows the message "Some software in your computer is causing problems to utorrent. The memory '*******' cannot be written. Somebody help me please. Link to comment Share on other sites More sharing options...
moogly Posted May 3, 2011 Report Share Posted May 3, 2011 Post Hijackthis log please. Link to comment Share on other sites More sharing options...
Corozat Posted May 4, 2011 Author Report Share Posted May 4, 2011 Logfile of Trend Micro HijackThis v2.0.4Scan saved at 15:34:30, on 04-05-2011Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Programas\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Programas\Ficheiros comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\WINDOWS\System32\svchost.exeC:\Programas\Java\jre6\bin\jqs.exeC:\Programas\Malwarebytes' Anti-Malware\mbamservice.exeC:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Programas\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exeC:\WINDOWS\system32\PnkBstrA.exeC:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\WINDOWS\system32\SearchIndexer.exeC:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Programas\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\Programas\Ficheiros comuns\InstallShield\UpdateService\issch.exeC:\Documents and Settings\João Miguel\Os meus documentos\Transferências\utorrent-3.0-beta-falcon-25220.upx.exeC:\Programas\Windows Live\Messenger\msnmsgr.exeC:\WINDOWS\system32\ctfmon.exeC:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\WINDOWS\system32\wbem\wmiapsrv.exeC:\Programas\Windows Live\Contacts\wlcomm.exeC:\Programas\Mozilla Firefox\firefox.exeC:\Programas\Mozilla Firefox\plugin-container.exeC:\Documents and Settings\João Miguel\Os meus documentos\Transferências\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = HiperligaçõesO2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programas\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dllO2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programas\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLLO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programas\Google\Google Toolbar\GoogleToolbar_32.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programas\Google\Google Toolbar\GoogleToolbar_32.dllO3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programas\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dllO4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exeO4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHEI~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Programas\Ficheiros comuns\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programas\Malwarebytes' Anti-Malware\mbamgui.exe" /starttrayO4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\João Miguel\Os meus documentos\Transferências\utorrent-3.0-beta-falcon-25220.upx.exe"O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [swg] "C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10o_Plugin.exe -update pluginO4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHEI~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Programas\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHEI~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')O4 - Global Startup: AutorunsDisabledO8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\João Miguel\Application Data\Dealio\kb127\res\DealioSearch.htmlO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Google Sidewiki... - res://C:\Programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.htmlO9 - Extra button: (no name) - AutorunsDisabled - (no file)O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO10 - Unknown file in Winsock LSP: icaproxy.dllO10 - Unknown file in Winsock LSP: icaproxy.dllO10 - Unknown file in Winsock LSP: icaproxy.dllO10 - Unknown file in Winsock LSP: icaproxy.dllO10 - Unknown file in Winsock LSP: icaproxy.dllO10 - Unknown file in Winsock LSP: icaproxy.dllO10 - Unknown file in Winsock LSP: icaproxy.dllO10 - Unknown file in Winsock LSP: icaproxy.dllO10 - Unknown file in Winsock LSP: icaproxy.dllO10 - Unknown file in Winsock LSP: icaproxy.dllO10 - Unknown file in Winsock LSP: icaproxy.dllO10 - Unknown file in Winsock LSP: icaproxy.dllO10 - Unknown file in Winsock LSP: icaproxy.dllO10 - Unknown file in Winsock LSP: icaproxy.dllO10 - Unknown file in Winsock LSP: icaproxy.dllO10 - Unknown file in Winsock LSP: icaproxy.dllO10 - Unknown file in Winsock LSP: icaproxy.dllO10 - Unknown file in Winsock LSP: icaproxy.dllO10 - Unknown file in Winsock LSP: icaproxy.dllO10 - Unknown file in Winsock LSP: icaproxy.dllO10 - Unknown file in Winsock LSP: icaproxy.dllO10 - Unknown file in Winsock LSP: icaproxy.dllO10 - Unknown file in Winsock LSP: icaproxy.dllO12 - Plugin for .spop: C:\Programas\Internet Explorer\Plugins\NPDocBox.dllO15 - Trusted IP range: http://192.168.1.1O15 - ESC Trusted IP range: http://192.168.1.1O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cabO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabO16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147178312695O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO16 - DPF: {E8524E2F-E79C-4751-891F-648FF28FF1C5} - http://www.portoeditora.pt/update/cab/peupdate.cabO16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cabO18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programas\Design Science\MathPlayer\MathMLMimer.dllO18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programas\Design Science\MathPlayer\MathMLMimer.dllO18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programas\Design Science\MathPlayer\MathMLMimer.dllO18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programas\Design Science\MathPlayer\MathMLMimer.dllO22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Daemon da cache de categorias dos componentes - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: iPod Service - Apple Inc. - C:\Programas\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Programas\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Programas\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: ServiceLayer - Nokia - C:\Programas\PC Connectivity Solution\ServiceLayer.exeO23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Programas\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe--End of file - 12631 bytes Link to comment Share on other sites More sharing options...
moogly Posted May 4, 2011 Report Share Posted May 4, 2011 O10 - Unknown file in Winsock LSP: icaproxy.dllWhat's that? Link to comment Share on other sites More sharing options...
Nostromov Posted May 5, 2011 Report Share Posted May 5, 2011 O10 - Unknown file in Winsock LSP: icaproxy.dllWhat's that?It's mentioned here. Link to comment Share on other sites More sharing options...
moogly Posted May 5, 2011 Report Share Posted May 5, 2011 Ok so remove this crappy DLL icaproxy.dll, that's the culprit. Link to comment Share on other sites More sharing options...
Corozat Posted May 5, 2011 Author Report Share Posted May 5, 2011 ok, thanks to the members who have answered Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.