Jump to content

uTorrent Causing a BSOD - Page fault in no-paged area


TrickTrash

Recommended Posts

Posted

I've seen this post http://forum.utorrent.com/viewtopic.php?id=41726 that covers the same ground.

I only get this with utorrent. It doesn't matter what stress I put the system under with other apps [such as Orthos or TAT, or Crysis\CoD 4] I can't recreate it; it only happens after a few minutes of utorrent.

PROCESS EXPLORER LOG:

Process PID CPU Description Company Name

System Idle Process 0 77.69

Interrupts n/a Hardware Interrupts

DPCs n/a Deferred Procedure Calls

System 4 2.31

smss.exe 1268 Windows NT Session Manager Microsoft Corporation

csrss.exe 1520 Client Server Runtime Process Microsoft Corporation

winlogon.exe 1792 Windows NT Logon Application Microsoft Corporation

services.exe 1868 3.08 Services and Controller app Microsoft Corporation

ati2evxx.exe 424 ATI External Event Utility EXE Module ATI Technologies Inc.

svchost.exe 436 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 540 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 704 Generic Host Process for Win32 Services Microsoft Corporation

snarfer.exe 2140 Snarfer 1.0.2 Snarfware LLC

svchost.exe 816 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 996 Generic Host Process for Win32 Services Microsoft Corporation

vsmon.exe 1040 TrueVector Service Zone Labs, LLC

spoolsv.exe 1396 Spooler SubSystem App Microsoft Corporation

guard.exe 880 AVG Anti-Spyware guard GRISOFT s.r.o.

ekrn.exe 1020 Eset Service ESET

sp_rsser.exe 1556 Spyware Terminator Realtime Shield Service Crawler.com

alg.exe 2992 Application Layer Gateway Service Microsoft Corporation

svchost.exe 2216 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 2616 Generic Host Process for Win32 Services Microsoft Corporation

lsass.exe 1880 LSA Shell (Export Version) Microsoft Corporation

ati2evxx.exe 908 ATI External Event Utility EXE Module ATI Technologies Inc.

explorer.exe 1412 Windows Explorer Microsoft Corporation

NetMeter.exe 3240

type32.exe 3356 Type32.exe Microsoft Corporation

avgas.exe 3640 AVG Anti-Spyware GRISOFT s.r.o.

SpywareTerminatorShield.Exe 3748 Spyware Terminator Realtime Shield Crawler.com

egui.exe 3800 Eset GUI ESET

zlclient.exe 808 ZoneAlarm Client Zone Labs, LLC

mantispm.exe 3212 Spam Filter

Mmm.exe 3224

ATnotes.exe 3376 ATnotes Thomas Ascher

ctfmon.exe 1844 CTF Loader Microsoft Corporation

te.exe 3492 Acesoft

Automate.exe 4048 AutoMate Task Service Unisyn Software, LLC

removeit.exe 3784

Perfy.exe 4068 Performance Monitor Jan G.P. Sijm

taskmgr.exe 2024 Windows TaskManager Microsoft Corporation

xplorer2_UC.exe 728 x2 - explorer replacement ZabKat

qtracker.exe 1012 Qtracker Ronald E. Mercer

pg2.exe 948 PeerGuardian 2 Methlabs

procexp.exe 1984 3.08 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

firefox.exe 2248 Firefox Mozilla Corporation

uTorrent.exe 2796 13.85

Process: uTorrent.exe Pid: 2796

Name Description Company Name Version

ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.5512

AMNT.dll AutoMate Action and Trigger Support Library Unisyn Software, LLC 4.03.0000.0004

CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0700

COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.5512

comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.2900.5512

COMRes.dll Microsoft Corporation 2001.12.4414.0700

ctype.nls

DNSAPI.dll DNS Client API DLL Microsoft Corporation 5.01.2600.5512

GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.5512

hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.01.2600.5512

kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.5512

locale.nls

mlfhook.dll Spam Filter Hook 5.00.0006.8903

MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.01.2600.5512

mslbui.dll LangageBar Add In Microsoft Corporation 5.01.2600.5512

msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.5512

mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.01.2600.5512

ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.5512

ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.5512

oleaut32.dll Microsoft Corporation 5.01.2600.5512

rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.5512

RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.5512

Secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.5512

SETUPAPI.dll Windows Setup API Microsoft Corporation 5.01.2600.5512

SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.5512

SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.5512

sortkey.nls

sorttbls.nls

unicode.nls

USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.5512

uTorrent.exe

uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.5512

VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.5512

winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 5.01.2600.5512

WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.5512

WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.5512

WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.5512

wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.5512

HIJACKTHIS LOG

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:48:56, on 20/06/08

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

d:\Program Files\AVG Anti-Spyware\guard.exe

D:\Program Files\ESET\Antivirus\ekrn.exe

C:\Program Files\Spyware Terminator\sp_rsser.exe

D:\Program Files\NetMeter\NetMeter.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

D:\Program Files\AVG Anti-Spyware\avgas.exe

C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

D:\Program Files\ESET\Antivirus\egui.exe

D:\Program Files\ZoneAlarm\zlclient.exe

D:\Program Files\Mmm\Mmm.exe

D:\Program Files\ATnotes\ATnotes.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Program Files\Tracks Eraser Pro\te.exe

D:\Program Files\AutoMate\Automate.exe

D:\Program Files\Perfy\Perfy.exe

C:\WINDOWS\system32\taskmgr.exe

D:\Program Files\xplorer2\xplorer2_UC.exe

C:\WINDOWS\system32\svchost.exe

d:\Program Files\ZoneAlarm\MailFrontier\mantispm.exe

C:\WINDOWS\System32\svchost.exe

D:\Program Files\Qtracker\qtracker.exe

D:\Program Files\Mozilla\Firefox\firefox.exe

D:\Program Files\Snarfer\snarfer.exe

D:\Program Files\PeerGuardian\pg2.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\WINDOWS\system32\NOTEPAD.EXE

D:\Program Files\HijackThis\HijackThis.exe

D:\Program Files\HijackReader\HijackReader.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.bt.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.bt.yahoo.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;2

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)

R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - (no file)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O2 - BHO: CKeyScramblerBHO Object - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - D:\Program Files\KeyScrambler\KeyScramblerIE.dll

O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - C:\Program Files\McAfee\Anti-Phishing Filter\McAfeeAntiPhishingBHO.dll

O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - D:\Program Files\Desktop Sidebar\sbhelp.dll

O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - d:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\Spybot\SDHelper.dll

O2 - BHO: jZip Webmail plugin - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - d:\Program Files\jZip\WebmailPlugin.dll

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files\Roboform\roboform.dll

O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - d:\Program Files\Iconix eMail ID\IEAddOn\IconixBHO_32.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\bin\ssv.dll

O2 - BHO: SecureBrowsingBho Helper - {7632ABCA-B104-4fbc-9C70-419C4147061B} - d:\Program Files\Finjan Secure Browsing\bho.dll

O2 - BHO: NXIECatcher Class - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - d:\Program Files\NetXfer\NXIEHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: tyBit Browser Helper Class - {AC56597E-E7A9-4F2E-B829-8872DCCCD488} - d:\Program Files\tyBit Unified Search\tyBit.Browser.Helper.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll

O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - d:\Program Files\Advanced System Optimizer\IEHelper.dll

O2 - BHO: GooglePreviewIE Toolbar Helper - {D476B977-AF6C-481A-8472-2ABAB5E89F20} - C:\Program Files\GooglePreviewIE Toolbar\v3.2.0.0\GooglePreviewIE_Toolbar.dll

O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll

O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - D:\PROGRA~1\Star Downloader\SDIEInt.dll

O3 - Toolbar: (no name) - {AEC32322-9D72-4C55-A108-33875F07BC03} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\SnagIt\SnagItIEAddin.dll

O3 - Toolbar: OnShareToolbar 1.0 - {B1A0CB06-2A5F-4D80-AAA2-1B05D78314CC} - (no file)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: (no name) - -{855F3B16-6D32-4FE6-8A56-BBB695989046} - (no file)

O3 - Toolbar: (no name) - -{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: (no name) - -{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4} - (no file)

O3 - Toolbar: tyBit Search - {7969FC37-F7A5-468E-A79F-285F64008ECD} - d:\Program Files\tyBit Unified Search\tyBit Bar2_0.dll

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Veoh\Plugins\reg\VeohToolbar.dll

O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - d:\Program Files\NetXfer\NXToolBar.dll

O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - d:\Program Files\ReGet\iebar.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Program Files\Styler\TB\StylerTB.dll

O3 - Toolbar: Finjan Secure Browsing - {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - d:\Program Files\Finjan Secure Browsing\bho.dll

O3 - Toolbar: (no name) - {CB789373-04D5-4ef4-9C16-871463FD0830} - (no file)

O3 - Toolbar: (no name) - {3F756BC4-26CB-497E-9409-8F09C1850C80} - (no file)

O3 - Toolbar: (no name) - {4ADFE869-0C09-4F41-AD79-A8F1CFA201E8} - (no file)

O3 - Toolbar: (no name) - {2977A961-7304-49C3-9BA5-C957E5277A76} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O3 - Toolbar: (no name) - {3E7609CA-FEAE-4204-88AE-68EEB7B077A3} - (no file)

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Roboform\roboform.dll

O4 - HKLM\..\Run: [NetMeter] "D:\Program Files\NetMeter\NetMeter.exe"

O4 - HKLM\..\Run: [Type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [bootSkin Startup Jobs] "D:\Program Files\BootSkin\BootSkin.exe" /StartupJobs

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG Anti-Spyware\avgas.exe" /minimized

O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [ZoneAlarm Client] "d:\Program Files\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [Mmm] "D:\Program Files\Mmm\Mmm.exe"

O4 - HKCU\..\Run: [ATnotes] "D:\Program Files\ATnotes\ATnotes.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Tracks Eraser Pro] D:\Program Files\Tracks Eraser Pro\te.exe min

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [sSS7] "D:\Program Files\Steganos Security Suite\SSS7.exe" -firstboot (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [sSS7] "D:\Program Files\Steganos Security Suite\SSS7.exe" -firstboot (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [sSS7] "D:\Program Files\Steganos Security Suite\SSS7.exe" -firstboot (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [sSS7] "D:\Program Files\Steganos Security Suite\SSS7.exe" -firstboot (User 'Default user')

O4 - Startup: Perfy.lnk = D:\Program Files\Perfy\Perfy.exe

O4 - Startup: Task Manager.lnk = ?

O4 - Startup: xplorer2.lnk = ?

O4 - Global Startup: AutoMate.lnk = D:\Program Files\AutoMate\Automate.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: &Get file size - res://d:\Program Files\InternetFileSize\IFSIEMenuStub.dll/201

O8 - Extra context menu item: &ieSpell Options - res://d:\Program Files\IESpell\iespell.dll/SPELLOPTION.HTM

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Check &Spelling - res://d:\Program Files\IESpell\iespell.dll/SPELLCHECK.HTM

O8 - Extra context menu item: Customize Menu - file://D:\Program Files\Roboform\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm

O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm

O8 - Extra context menu item: Download All Files by HiDownload - d:\Program Files\HiDownload\HDGetAll.htm

O8 - Extra context menu item: Download by HiDownload - d:\Program Files\HiDownload\HDGet.htm

O8 - Extra context menu item: Download with Star Downloader - D:\Program Files\Star Downloader\sdie.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://d:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Enqueue in Star Downloader - D:\Program Files\Star Downloader\sdieenq.htm

O8 - Extra context menu item: Fill Forms - file://D:\Program Files\Roboform\RoboFormComFillForms.html

O8 - Extra context menu item: Leech with Star Downloader - D:\Program Files\Star Downloader\leechie.htm

O8 - Extra context menu item: Lookup on Merriam Webster - file://d:\Program Files\IESpell\Merriam Webster.HTM

O8 - Extra context menu item: Lookup on Wikipedia - file://d:\Program Files\IESpell\wikipedia.HTM

O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?8fa0e486e93e42a08987b429fd252e7c

O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?8fa0e486e93e42a08987b429fd252e7c

O8 - Extra context menu item: RoboForm Toolbar - file://D:\Program Files\Roboform\RoboFormComShowToolbar.html

O8 - Extra context menu item: Save Forms - file://D:\Program Files\Roboform\RoboFormComSavePass.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\bin\ssv.dll

O9 - Extra button: Insert Fun Smiley into Email - {08F64E75-0A83-4214-B06F-BCC11F652582} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - D:\Program Files\Desktop Sidebar\sbhelp.dll

O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - D:\Program Files\Desktop Sidebar\sbhelp.dll

O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - d:\Program Files\IESpell\iespell.dll

O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - d:\Program Files\IESpell\iespell.dll

O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - d:\Program Files\IESpell\iespell.dll

O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - d:\Program Files\IESpell\iespell.dll

O9 - Extra button: Spy - {16664849-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll

O9 - Extra 'Tools' menuitem: MSIE &Spy - {16664849-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Roboform\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Roboform\RoboFormComFillForms.html

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Roboform\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Roboform\RoboFormComSavePass.html

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - d:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - d:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: Desktop Currency Converter - {38C06FA6-BF6E-479a-9F32-494E09FC30CB} - D:\Program Files\Currency Converter\Desktop Currency Converter.exe

O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\Program Files\McAfee\Anti-Phishing Filter\McAfeeAntiPhishingBHO.dll

O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\Program Files\McAfee\Anti-Phishing Filter\McAfeeAntiPhishingBHO.dll

O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - d:\Program Files\Iconix eMail ID\IEAddOn\IconixBHO_32.dll

O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - d:\Program Files\Iconix eMail ID\IEAddOn\IconixBHO_32.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - d:\Program Files\Paltalk\Paltalk.exe

O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - D:\Program Files\KeyScrambler\KeyScramblerIE.dll

O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - D:\Program Files\KeyScrambler\KeyScramblerIE.dll

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Roboform\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Roboform\RoboFormComShowToolbar.html

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - d:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - d:\Program Files\Iconix eMail ID\IEAddOn\IconixBHO_32.dll

O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - d:\Program Files\Iconix eMail ID\IEAddOn\IconixBHO_32.dll

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\Spybot\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\Spybot\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\Program Files\ICQ\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\Program Files\ICQ\ICQ6\ICQ.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{CF94F5FB-0B7E-4FE0-9F56-72B3C275453D}: NameServer = 194.72.0.114,194.74.65.69

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Program Files\AVG Anti-Spyware\guard.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: Bonjour Service - Apple Computer, Inc. - d:\Program Files\Gizmo\mDNSResponder.exe

O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe

O23 - Service: Droppix Service - Droppix - C:\Program Files\Common Files\Droppix\DxService.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\Antivirus\ekrn.exe

O23 - Service: Flexcrypt - Unknown owner - D:\Program Files\Flexcrypt\TProxy.exe

O23 - Service: Folder Size (FolderSize) - Brio - D:\Program Files\FolderSize\FolderSizeSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Nero 7\Nero 7\InCD\InCDsrv.exe

O23 - Service: Kaspersky AVP Tool 7.0.0.180_05.03.2008_01-17 - Unknown owner - D:\Program Files\Kaspersky Lab Tool\Kaspersky AVP Tool 7.0.0.180_05.03.2008_01-17.exe (file missing)

O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NMSAccessU - Unknown owner - d:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: PDEngine - Raxco Software, Inc. - d:\Program Files\PerfectDisk\PDEngine.exe

O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - d:\Program Files\PerfectDisk\PDSched.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - d:\Program Files\SiSoftware\Sandra\Win32\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - d:\Program Files\SiSoftware\Sandra\RpcSandraSrv.exe

O23 - Service: ScsiAccess - Unknown owner - d:\Program Files\ProShowGold\ScsiAccess.exe

O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

O23 - Service: Steganos Live Encryption Engine 8.1 [service] (SLEE_81_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE81.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

O23 - Service: Streamload Service (StreamloadService) - Streamload - D:\Program Files\MediaMax XL\StreamloadService.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: BT Auto Backup Service (VaultClientSRV) - Unknown owner - d:\Program Files\BT Auto Backup\VaultClientSRV.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPcservice.exe

--

End of file - 22453 bytes

I've investigated every item in the HijackThis log and can account for all of them. [i used HijackReader to check everything on CastleCops] I've since removed a couple of leftover entries, without affect.

I have XP Pro SP3, with all the latest security updates.

NOD32 updated to today. And many other security apps that I run daily.

I don't believe for a moment that this is anything to do with failing hardware. This system is mostly a new build and I can't recreate the event with any other software.

Nothing useful in the Event logs from the crash.

I'd appreciate any help you might be able to give; this is my favorite torrent app.

Thank you

Posted

Automater is injected, same with that spam filter thing.... neither should cause it but you never know.

Did you uninstall ZA to test if it's causing the problems?

Are you using wifi or USB to connect to your internet?

... got enough browser toolbars?!

Posted

LOL jewelisheaven! I have road-tested a lot of browser toolbars, but I hardly use IE, so I don't worry about it. [though you're right, of course, I should get rid of some of them]

As for ZA guys; why would it suddenly start causing this? I'd been happily using the app for ages with the current setup and haven't updated ZA recently.

I appreciate your replies :) I only posted the HijackThis and the ProcessExplorer since the guys who are looking at this needed it, but I know every item in these logs and have used them all for ages. Including ZA; does anyone have any other ideas?

I do need to do a clean install and will also try it without ZA.

Thanks chaps

Posted

I've got auto update turned off ATM with ZA; I'll give your suggestions a go; thank you!

___________________________________________________________________________

Following on form this, I recreated the conditions to see more details about the error number and got a BSOD again, but this time the error was a Bad Pool Caller error; does that make any sense to anyone?

Thank you

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...