1.6 and 1.8 crash

eestreet · August 17, 2008

After not getting my 1.8 crash figured out - I uninstalled it and then installed 1.6 which also now crashes. Here's the dmp link:http://www.mediafire.com/?wnbhovghak1

DreadWingKnight · August 17, 2008

And a hijackthis log?

And a process explorer process list with the DLL list for the utorrent.exe process?

eestreet · August 18, 2008

Here's the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:32:34 AM, on 8/18/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\userinit.exe

C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe

C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\msdtc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\lxdccoms.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\mcshield.exe

C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

C:\Program Files\lotus\notes\ntmulti.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe

C:\WINDOWS\system32\fxssvc.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\Program Files\MailWasher\MailWasher.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {54B02808-B60E-44CD-A72D-9865117E4E62} - (no file)

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: AGFormHelperObj Class - {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} - C:\Program Files\agat\AGForm\AGFormsHelper.dll

O3 - Toolbar: AGForms - {ed2e7de7-07db-4941-a06d-f780b93ba730} - C:\Program Files\agat\AGForm\AGForms.dll

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [lxdcmon.exe] "C:\Program Files\Lexmark 1300 Series\lxdcmon.exe"

O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"

O4 - HKLM\..\Run: [LXDCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: MailWasherPro.lnk = C:\Program Files\MailWasher\MailWasher.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: BlueSoleil.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O15 - Trusted Zone: www.dimeadozen.org

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130524135140

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130531545515

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {EECC2B58-FDE7-4F3A-B933-B25BE90F1D37} (CTXAXSetupCtl Object) - http://download.yoomba.com/YoombaActivation.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{598DC449-CC5A-4DDD-953F-D9D38E3DEB99}: NameServer = 194.90.1.5 212.143.212.143

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe

O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe

--

End of file - 8973 bytes

Here's the process explorer log:

Process PID CPU Description Company Name

System Idle Process 0 96.97

Interrupts n/a Hardware Interrupts

DPCs n/a Deferred Procedure Calls

System 4

SMSS.EXE 684 Windows NT Session Manager Microsoft Corporation

CSRSS.EXE 768 Client Server Runtime Process Microsoft Corporation

WINLOGON.EXE 796 Windows NT Logon Application Microsoft Corporation

SERVICES.EXE 840 1.52 Services and Controller app Microsoft Corporation

SVCHOST.EXE 1008 Generic Host Process for Win32 Services Microsoft Corporation

naPrdMgr.exe 1712 NAI Product Manager Network Associates, Inc.

MPAPI3s.exe 3832 Mobile Phone API Nokia Corporation

wmiprvse.exe 3684 WMI Microsoft Corporation

SVCHOST.EXE 1064 Generic Host Process for Win32 Services Microsoft Corporation

SVCHOST.EXE 1152 Generic Host Process for Win32 Services Microsoft Corporation

SVCHOST.EXE 1188 Generic Host Process for Win32 Services Microsoft Corporation

SR_Service.exe 1500 SecureClient Service Check Point Software Technologies

SR_Watchdog.exe 1592 Check Point Software Technologies

SR_GUI.Exe 1604 SecureClient Application Check Point Software Technologies

SVCHOST.EXE 1676 Generic Host Process for Win32 Services Microsoft Corporation

SVCHOST.EXE 1728 Generic Host Process for Win32 Services Microsoft Corporation

SPOOLSV.EXE 1844 Spooler SubSystem App Microsoft Corporation

MSDTC.EXE 428 MS DTC console program Microsoft Corporation

SVCHOST.EXE 504 Generic Host Process for Win32 Services Microsoft Corporation

DLLHOST.EXE 516 COM Surrogate Microsoft Corporation

SVCHOST.EXE 648 Generic Host Process for Win32 Services Microsoft Corporation

LXDCCOMS.EXE 748 Printer Communication System

FrameworkService.exe 1104 Framework Service Network Associates, Inc.

mcshield.exe 1348 On-Access Scanner service Network Associates, Inc.

vstskmgr.exe 1364 Task Manager : scheduling and OAS alerting service Network Associates, Inc.

ntmulti.exe 1400 IBM Lotus Notes/Domino IBM Corp

SVCHOST.EXE 1688 Generic Host Process for Win32 Services Microsoft Corporation

FXSSVC.EXE 1932 Fax Service Microsoft Corporation

alg.exe 2656 Application Layer Gateway Service Microsoft Corporation

ServiceLayer.exe 1220 ServiceLayer Module Nokia.

NclUSBSrv.exe 3212 NclUSBSrv Application

NclRSSrv.exe 1980 NclRSSrv Application

LSASS.EXE 852 LSA Shell (Export Version) Microsoft Corporation

USERINIT.EXE 1476

EXPLORER.EXE 1520 Windows Explorer Microsoft Corporation

CTFMON.EXE 1540 CTF Loader Microsoft Corporation

SOUNDMAN.EXE 3460 Realtek Sound Manager Realtek Semiconductor Corp.

WINAMPA.EXE 3556

shstat.exe 3604 On-access scanner statistics Network Associates, Inc.

UpdaterUI.exe 3652 Common User Interface Network Associates, Inc.

tbmon.exe 3692 TalkBack Monitor Network Associates, Inc.

PcSync2.exe 3944 PC Sync Time Information Services Ltd.

PCSuite.exe 3972 Nokia Launch Application Nokia

BlueSoleil.exe 4052 Bluetooth Application IVT Corporation

MailWasher.exe 4080 MailWasher Pro Firetrust Ltd

firefox.exe 736 Firefox Mozilla Corporation

WinRAR.exe 1828

procexp.exe 2268 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

uTorrent.exe 3108 1.52

Process: uTorrent.exe Pid: 3108

Name Description Company Name Version

ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.2180

c_1252.nls

CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0308

comctl32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2982

comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.2900.2180

COMRes.dll Microsoft Corporation 2001.12.4414.0258

ctype.nls

DBGHELP.DLL Windows Image Helper Microsoft Corporation 5.01.2600.2180

DNSAPI.dll DNS Client API DLL Microsoft Corporation 5.01.2600.3394

GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.3316

hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.01.2600.2180

IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.2180

kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.3119

locale.nls

LPK.DLL Language Pack Microsoft Corporation 5.01.2600.2180

MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.01.2600.3319

msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.01.2600.2180

msi.dll Windows Installer Microsoft Corporation 3.01.4000.4039

mslbui.dll LangageBar Add In Microsoft Corporation 5.01.2600.2180

MSVCP60.dll Microsoft ® C++ Runtime Library Microsoft Corporation 6.02.3104.0000

msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.2180

mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.01.2600.3394

ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.2180

ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.2726

OLEACC.dll Active Accessibility Core Component Microsoft Corporation 4.02.5406.0000

oleaccrc.dll Active Accessibility Resource DLL Microsoft Corporation 4.02.5406.0000

OLEAUT32.dll Microsoft Corporation 5.01.2600.3266

rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.2938

RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.3173

Secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.2180

SETUPAPI.dll Windows Setup API Microsoft Corporation 5.01.2600.2180

SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.3241

SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.3020

SKCHUI.DLL Draw Pen Tip Microsoft Corporation 1.00.1038.0000

sortkey.nls

sorttbls.nls

SPGRMR.DLL SPTIP Grammar DLL Microsoft Corporation 5.01.2600.2180

sptip.dll SAPI5.0/CTF layer DLL Microsoft Corporation 5.01.2600.2180

unicode.nls

USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.3099

USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.420.2600.2180

uTorrent.exe

UxTheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.2180

VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180

winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 5.01.2600.2180

WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.2180

WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180

WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.2180

wshbth.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.2180

wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.2180

Firon · August 18, 2008

It's an omnipage bug. Uninstall Omnipage.

Sign In

1.6 and 1.8 crash

Recommended Posts

eestreet

Link to comment

Share on other sites

DreadWingKnight

Link to comment

Share on other sites

eestreet

Link to comment

Share on other sites

Firon

Link to comment

Share on other sites

Archived

Browse

Activity