utorrent keeps crashing

[dommi83]

hi there.

i've got a major problem. yesterday i had utorrent running, had to exit the program for some minutes, and when trying to open it again it kept saying "utorrent has crashed" etc., creating a dump file and stuff. i didn't do anything unusual then, i just needed a quick download in firefox, so i shut it down. but reopening wouldn't work at all. only clicking the lowest option at the error popup would change anything, just having windows telling me that uTorrent.exe doesn't work anymore.

downloading it again wouldn't help, a beta wasn't present on the download page, and i've got no idea how to solve this problem.

therefore i'll append the hijackthis log, the process thing and a link to zshare with a rar archive containing five dump files or something.

any help would be appreciated, thanks in advance.

p.s.: i use german versions of vista and some other tools, so if questions occur, just ask and i might provide you with proper translations.

hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:59:58, on 11.10.2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\winlogon.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Windows\system32\svchost.exe

C:\Windows\Explorer.EXE

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\PowerDVD\PDVDServ.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\PnkBstrA.exe

C:\Windows\system32\PnkBstrB.exe

C:\Windows\system32\svchost.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Sunbelt Personal Firewall\SbPFLnch.exe

C:\Program Files\Sunbelt Personal Firewall\SbPFSvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Sunbelt Personal Firewall\SbPFCl.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\explorer.exe

C:\Program Files\HiJack This\HijackThis.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://de.rd.yahoo.com/customize/ycomp/defaults/sp/*http://de.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://de.intl.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://de.intl.acer.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

*.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-

0090271D4F88} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} -

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32

\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 cmicnfg3.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -

autorun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\RunServices: [MS Service Control] C:\WINDOWS\winlogin.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem

(User 'LOKALER DIENST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe

oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem

(User 'NETZWERKDIENST')

O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren -

res://C:\Program Files\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei

konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren -

res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren -

res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1

\Java\JRE16~4.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll

O13 - Gopher Prefix:

O17 - HKLM\System\CCS\Services\Tcpip\..\{1DE82158-4FBE-4775-B157-51ECB452DA33}: NameServer

= 85.255.116.130,85.255.112.107

O17 - HKLM\System\CS1\Services\Tcpip\..\{1DE82158-4FBE-4775-B157-51ECB452DA33}: NameServer

= 85.255.116.130,85.255.112.107

O17 - HKLM\System\CS2\Services\Tcpip\..\{1DE82158-4FBE-4775-B157-51ECB452DA33}: NameServer

= 85.255.116.130,85.255.112.107

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program

Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe

Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH -

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH -

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) -

Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner -

c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering

Technology\eRecovery\eRecoveryService.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program

Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) -

Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation -

C:\Windows\system32\nvvsvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program

Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Personal

Firewall\SbPFLnch.exe

O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program

Files\Sunbelt Personal Firewall\SbPFSvc.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common

Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp

Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdunp.exe

--

End of file - 10115 bytes

procexp.txt:

Process PID CPU Description Company Name

System Idle Process 0 99.05

Interrupts n/a Hardware Interrupts

DPCs n/a 0.77 Deferred Procedure Calls

System 4

csrss.exe 628 Client-Server-Laufzeitprozess Microsoft Corporation

wininit.exe 680 Windows-Startanwendung Microsoft Corporation

services.exe 724 Anwendung für Dienste und Controller Microsoft Corporation

svchost.exe 908 Hostprozess für Windows-Dienste Microsoft Corporation

WmiPrvSE.exe 3756 WMI Provider Host Microsoft Corporation

dllhost.exe 2956 COM Surrogate Microsoft Corporation

nvvsvc.exe 952 NVIDIA Driver Helper Service, Version 175.19 NVIDIA Corporation

rundll32.exe 1632 Windows-Hostprozess (Rundll32) Microsoft Corporation

svchost.exe 984 Hostprozess für Windows-Dienste Microsoft Corporation

svchost.exe 1116 Hostprozess für Windows-Dienste Microsoft Corporation

audiodg.exe 1248 Windows Graphisolierung für Audiogeräte Microsoft Corporation

svchost.exe 1144 Hostprozess für Windows-Dienste Microsoft Corporation

dwm.exe 2036 Desktopfenster-Manager Microsoft Corporation

WUDFHost.exe 3124 Windows Driver Foundation - Benutzermodus-Treiberframework-Hostprozess Microsoft Corporation

svchost.exe 1176 Hostprozess für Windows-Dienste Microsoft Corporation

taskeng.exe 2020 Aufgabenplanungsmodul Microsoft Corporation

taskeng.exe 3404 Aufgabenplanungsmodul Microsoft Corporation

taskeng.exe 2044 Aufgabenplanungsmodul Microsoft Corporation

SLsvc.exe 1276 Microsoft-Softwarelizenzierungsdienst Microsoft Corporation

svchost.exe 1316 Hostprozess für Windows-Dienste Microsoft Corporation

svchost.exe 1480 Hostprozess für Windows-Dienste Microsoft Corporation

aawservice.exe 1716 Ad-Aware Service Lavasoft

spoolsv.exe 2004 Spoolersubsystem-Anwendung Microsoft Corporation

avguard.exe 208 Antivirus On-Access Service Avira GmbH

svchost.exe 272 Hostprozess für Windows-Dienste Microsoft Corporation

sched.exe 2404 Antivirus Scheduler Avira GmbH

mDNSResponder.exe 2420 Bonjour Service Apple Computer, Inc.

LSSrvc.exe 2464 Hewlett-Packard Company

PnkBstrA.exe 2544

PnkBstrB.exe 2644

svchost.exe 2700 Hostprozess für Windows-Dienste Microsoft Corporation

RichVideo.exe 2716 RichVideo Module

SbPFLnch.exe 2760 Sunbelt Personal Firewall SbPFLnch Sunbelt Software, Inc.

SbPFSvc.exe 2784 Sunbelt Firewall Service Sunbelt Software, Inc.

SbPFCl.exe 4080 Sunbelt Firewall GUI Sunbelt Software, Inc.

svchost.exe 2828 Hostprozess für Windows-Dienste Microsoft Corporation

svchost.exe 2864 Hostprozess für Windows-Dienste Microsoft Corporation

SearchIndexer.exe 2960 Microsoft Windows Search-Indexerstellung Microsoft Corporation

eRecoveryService.exe 3036 eRecoveryService Acer Inc.

wmpnetwk.exe 3520 Windows Media Player-Netzwerkfreigabedienst Microsoft Corporation

lsass.exe 736 Local Security Authority Process Microsoft Corporation

lsm.exe 744 Lokaler Sitzungs-Manager-Dienst Microsoft Corporation

csrss.exe 688 Client-Server-Laufzeitprozess Microsoft Corporation

winlogon.exe 1024 Windows-Anmeldeanwendung Microsoft Corporation

explorer.exe 488 Windows-Explorer Microsoft Corporation

avgnt.exe 1896 Antivirus System Tray Tool Avira GmbH

jusched.exe 472 Java Platform SE binary Sun Microsystems, Inc.

RtHDVCpl.exe 2064 HD Audio Control Panel Realtek Semiconductor

PDVDServ.exe 2072 PowerDVD RC Service Cyberlink Corp.

rundll32.exe 2120 Windows-Hostprozess (Rundll32) Microsoft Corporation

rundll32.exe 2144 Windows-Hostprozess (Rundll32) Microsoft Corporation

daemon.exe 2188 DAEMON Tools Lite DT Soft Ltd

wmpnscfg.exe 2196 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation

firefox.exe 468 Firefox Mozilla Corporation

explorer.exe 3388 Windows-Explorer Microsoft Corporation

uTorrent.exe 1488 µTorrent BitTorrent, Inc.

procexp.exe 1840 0.77 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

notepad.exe 3112 Editor Microsoft Corporation

dump files (rar archive):

http://www.zshare.net/download/203722108bfe8365/

[Ultima]

Do you have the DLL list from Process Explorer?

[Firon]

You also didn't mention if you're on 1.8.1 stable.

[dommi83]

yep, i use 1.8.1 stable, for i could find no beta on the dl-page.

and the DLL list follows up, but unfortunately. most are labelled in german. so just ask if something is unclear.

thanks in advance!

DLL-list:

Name Description Company Name Version

ADVAPI32.dll Erweiterte Windows 32 Base-API Microsoft Corporation 6.00.6001.18000

CLBCatQ.DLL COM+ Configuration Catalog Microsoft Corporation 2001.12.6931.18000

COMCTL32.dll Bibliothek für Steuerelemente Microsoft Corporation 6.10.6001.18000

comctl32.dll.mui Bibliothek für Steuerelemente Microsoft Corporation 6.10.6000.16386

comdlg32.dll DLL für gemeinsame Dialoge Microsoft Corporation 6.00.6001.18000

DBGHELP.DLL Windows Image Helper Microsoft Corporation 6.00.6001.18000

dhcpcsvc.DLL DHCP Clientdienst Microsoft Corporation 6.00.6001.18000

dhcpcsvc6.DLL DHCPv6-Client Microsoft Corporation 6.00.6001.18000

DNSAPI.dll DNS-Client-API-DLL Microsoft Corporation 6.00.6001.18000

DUser.dll Windows DirectUser Engine Microsoft Corporation 6.00.6001.18000

duser.dll.mui Windows DirectUser Engine Microsoft Corporation 6.00.6000.16386

FirewallAPI.dll Windows-Firewall-API Microsoft Corporation 6.00.6001.18000

FirewallAPI.dll.mui Windows-Firewall-API Microsoft Corporation 6.00.6000.16386

GDI32.dll GDI Client DLL Microsoft Corporation 6.00.6001.18023

iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 7.00.6001.18000

imageres.dll Windows Image Resource Microsoft Corporation 6.00.6000.16386

imageres.dll.mui Windows Image Resource Microsoft Corporation 6.00.6000.16386

IMM32.DLL Multi-User Windows IMM32 API Client DLL Microsoft Corporation 6.00.6001.18000

iphlpapi.dll IP-Hilfs-API Microsoft Corporation 6.00.6001.18000

iphlpapi.dll.mui IP-Hilfs-API Microsoft Corporation 6.00.6000.16386

kernel32.dll Client-DLL für Windows NT-Basis-API Microsoft Corporation 6.00.6001.18000

locale.nls

locale.nls

LPK.DLL Language Pack Microsoft Corporation 6.00.6001.18000

MSCTF.dll MSCTF-Server-DLL Microsoft Corporation 6.00.6001.18000

msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.6001.18000

mswsock.dll Microsoft Windows Sockets 2.0-Dienstanbieter Microsoft Corporation 6.00.6001.18000

mswsock.dll.mui Microsoft Windows Sockets 2.0-Dienstanbieter Microsoft Corporation 6.00.6000.16386

Normaliz.dll Unicode Normalization DLL Microsoft Corporation 6.00.6000.16386

npmproxy.dll Network List Manager Proxy Microsoft Corporation 6.00.6000.16386

NSI.dll NSI User-mode interface DLL Microsoft Corporation 6.00.6001.18000

ntdll.dll DLL für NT-Layer Microsoft Corporation 6.00.6001.18000

ole32.dll Microsoft OLE für Windows Microsoft Corporation 6.00.6001.18000

OLEAUT32.dll Microsoft Corporation 6.00.6001.18000

psapi.dll Process Status Helper Microsoft Corporation 6.00.6000.16386

RPCRT4.dll Remoteprozeduraufruf-Laufzeitumgebung Microsoft Corporation 6.00.6001.18051

rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 6.00.6001.18000

Secur32.dll Security Support Provider Interface Microsoft Corporation 6.00.6001.18000

SHELL32.dll Allgemeine Windows-Shell-DLL Microsoft Corporation 6.00.6001.18062

shfolder.dll Shell Folder Service Microsoft Corporation 6.00.6000.16386

SHLWAPI.dll Shell Light-weight-Dienstprogrammbibliothek Microsoft Corporation 6.00.6001.18000

urlmon.dll OLE32-Erweiterung für Win32 Microsoft Corporation 7.00.6001.18099

USER32.dll Multi-User Windows USER API Client DLL Microsoft Corporation 6.00.6001.18000

user32.dll.mui Multi-User Windows USER API Client DLL Microsoft Corporation 6.00.6001.18000

USERENV.dll Userenv Microsoft Corporation 6.00.6001.18000

userenv.dll.mui Userenv Microsoft Corporation 6.00.6000.16386

USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.626.6001.18000

uTorrent.exe µTorrent BitTorrent, Inc. 1.08.0001.12639

UxTheme.dll Microsoft UxTheme-Bibliothek Microsoft Corporation 6.00.6001.18000

VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 6.00.6001.18000

WININET.dll Interneterweiterungen für Win32 Microsoft Corporation 7.00.6001.18099

WINNSI.DLL Network Store Information RPC interface Microsoft Corporation 6.00.6001.18000

WS2_32.dll Windows Socket 2.0-32-Bit-DLL Microsoft Corporation 6.00.6001.18000

ws2_32.dll.mui Windows Socket 2.0-32-Bit-DLL Microsoft Corporation 6.00.6000.16386

wship6.dll Winsock2-Hilfs-DLL (TL/IPv6) Microsoft Corporation 6.00.6001.18000

wshtcpip.dll Winsock2-Hilfs-DLL (TL/IPv4) Microsoft Corporation 6.00.6001.18000

[Ultima]

Hm. I don't see any obvious culprit :/ What network card are you using? What motherboard chipset?

Can you perform Start > Run > cmd /c netsh winsock show catalog > C:\winsock.txt

Then copy and paste the contents of C:\winsock.txt here?

[dommi83]

network card is a Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller. but it can't be the network card causing these issues, for utorrent worked for a long time, never had any problems with any version. i just closed it for 30 minutes approx, and when trying to reopen it, it simply wouldn't. it worked before, suddenly it didn't anymore. the last two or three times i started utorrent the program had to check the files first before continuing to download them. that wasn't unusual, for i download larger files to an external HDD, smaller ones to the built-in ones.

the processor is an AMD Athlon 64 X2 Dual Core Processor 4600+, 2410 MHz. there is a bugfix driver that fixes various issues, which i already installed.

winsock.txt:

Winsock-Kataloganbietereintrag

------------------------------------------------------

Eintragstyp: Basisdienstanbieter

Beschreibung: MSAFD-Tcpip [TCP/IP]

Anbieterkennung: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

Anbieterpfad: %SystemRoot%\system32\mswsock.dll

Katalogeintragskennung: 1001

Version: 2

Adressfamilie: 2

Max. Adressl„nge: 16

Min. Adressl„nge: 16

Sockettyp: 1

Protokoll: 6

Protokollverkettungsl„nge: 1

Winsock-Kataloganbietereintrag

------------------------------------------------------

Eintragstyp: Basisdienstanbieter

Beschreibung: MSAFD-Tcpip [uDP/IP]

Anbieterkennung: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

Anbieterpfad: %SystemRoot%\system32\mswsock.dll

Katalogeintragskennung: 1002

Version: 2

Adressfamilie: 2

Max. Adressl„nge: 16

Min. Adressl„nge: 16

Sockettyp: 2

Protokoll: 17

Protokollverkettungsl„nge: 1

Winsock-Kataloganbietereintrag

------------------------------------------------------

Eintragstyp: Basisdienstanbieter

Beschreibung: MSAFD-Tcpip [RAW/IP]

Anbieterkennung: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

Anbieterpfad: %SystemRoot%\system32\mswsock.dll

Katalogeintragskennung: 1003

Version: 2

Adressfamilie: 2

Max. Adressl„nge: 16

Min. Adressl„nge: 16

Sockettyp: 3

Protokoll: 0

Protokollverkettungsl„nge: 1

Winsock-Kataloganbietereintrag

------------------------------------------------------

Eintragstyp: Basisdienstanbieter

Beschreibung: MSAFD-Tcpip [TCP/IPv6]

Anbieterkennung: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}

Anbieterpfad: %SystemRoot%\system32\mswsock.dll

Katalogeintragskennung: 1004

Version: 2

Adressfamilie: 23

Max. Adressl„nge: 28

Min. Adressl„nge: 28

Sockettyp: 1

Protokoll: 6

Protokollverkettungsl„nge: 1

Winsock-Kataloganbietereintrag

------------------------------------------------------

Eintragstyp: Basisdienstanbieter

Beschreibung: MSAFD-Tcpip [uDP/IPv6]

Anbieterkennung: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}

Anbieterpfad: %SystemRoot%\system32\mswsock.dll

Katalogeintragskennung: 1005

Version: 2

Adressfamilie: 23

Max. Adressl„nge: 28

Min. Adressl„nge: 28

Sockettyp: 2

Protokoll: 17

Protokollverkettungsl„nge: 1

Winsock-Kataloganbietereintrag

------------------------------------------------------

Eintragstyp: Basisdienstanbieter

Beschreibung: MSAFD-Tcpip [RAW/IPv6]

Anbieterkennung: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}

Anbieterpfad: %SystemRoot%\system32\mswsock.dll

Katalogeintragskennung: 1006

Version: 2

Adressfamilie: 23

Max. Adressl„nge: 28

Min. Adressl„nge: 28

Sockettyp: 3

Protokoll: 0

Protokollverkettungsl„nge: 1

Winsock-Kataloganbietereintrag

------------------------------------------------------

Eintragstyp: Basisdienstanbieter

Beschreibung: RSVP-TCPv6-Dienstanbieter

Anbieterkennung: {9D60A9E0-337A-11D0-BD88-0000C082E69A}

Anbieterpfad: %SystemRoot%\system32\mswsock.dll

Katalogeintragskennung: 1015

Version: 2

Adressfamilie: 23

Max. Adressl„nge: 28

Min. Adressl„nge: 28

Sockettyp: 1

Protokoll: 6

Protokollverkettungsl„nge: 1

Winsock-Kataloganbietereintrag

------------------------------------------------------

Eintragstyp: Basisdienstanbieter

Beschreibung: RSVP-TCP-Dienstanbieter

Anbieterkennung: {9D60A9E0-337A-11D0-BD88-0000C082E69A}

Anbieterpfad: %SystemRoot%\system32\mswsock.dll

Katalogeintragskennung: 1016

Version: 2

Adressfamilie: 2

Max. Adressl„nge: 16

Min. Adressl„nge: 16

Sockettyp: 1

Protokoll: 6

Protokollverkettungsl„nge: 1

Winsock-Kataloganbietereintrag

------------------------------------------------------

Eintragstyp: Basisdienstanbieter

Beschreibung: RSVP-UDPv6-Dienstanbieter

Anbieterkennung: {9D60A9E0-337A-11D0-BD88-0000C082E69A}

Anbieterpfad: %SystemRoot%\system32\mswsock.dll

Katalogeintragskennung: 1017

Version: 2

Adressfamilie: 23

Max. Adressl„nge: 28

Min. Adressl„nge: 28

Sockettyp: 2

Protokoll: 17

Protokollverkettungsl„nge: 1

Winsock-Kataloganbietereintrag

------------------------------------------------------

Eintragstyp: Basisdienstanbieter

Beschreibung: RSVP-UDP-Dienstanbieter

Anbieterkennung: {9D60A9E0-337A-11D0-BD88-0000C082E69A}

Anbieterpfad: %SystemRoot%\system32\mswsock.dll

Katalogeintragskennung: 1018

Version: 2

Adressfamilie: 2

Max. Adressl„nge: 16

Min. Adressl„nge: 16

Sockettyp: 2

Protokoll: 17

Protokollverkettungsl„nge: 1

Winsock-Kataloganbietereintrag

------------------------------------------------------

Eintragstyp: Basisdienstanbieter

Beschreibung: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1DE82158-4FBE-4775-B157-51ECB452DA33}] SEQPACKET 4

Anbieterkennung: {8D5F1830-C273-11CF-95C8-00805F48A192}

Anbieterpfad: %SystemRoot%\system32\mswsock.dll

Katalogeintragskennung: 1727

Version: 2

Adressfamilie: 17

Max. Adressl„nge: 20

Min. Adressl„nge: 20

Sockettyp: 5

Protokoll: -4

Protokollverkettungsl„nge: 1

Winsock-Kataloganbietereintrag

------------------------------------------------------

Eintragstyp: Basisdienstanbieter

Beschreibung: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1DE82158-4FBE-4775-B157-51ECB452DA33}] DATAGRAM 4

Anbieterkennung: {8D5F1830-C273-11CF-95C8-00805F48A192}

Anbieterpfad: %SystemRoot%\system32\mswsock.dll

Katalogeintragskennung: 1728

Version: 2

Adressfamilie: 17

Max. Adressl„nge: 20

Min. Adressl„nge: 20

Sockettyp: 2

Protokoll: -4

Protokollverkettungsl„nge: 1

Winsock-Kataloganbietereintrag

------------------------------------------------------

Eintragstyp: Basisdienstanbieter

Beschreibung: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F95B6C4A-7CEF-4526-9586-54AEE9D4E9F0}] SEQPACKET 0

Anbieterkennung: {8D5F1830-C273-11CF-95C8-00805F48A192}

Anbieterpfad: %SystemRoot%\system32\mswsock.dll

Katalogeintragskennung: 1729

Version: 2

Adressfamilie: 17

Max. Adressl„nge: 20

Min. Adressl„nge: 20

Sockettyp: 5

Protokoll: -2147483648

Protokollverkettungsl„nge: 1

Winsock-Kataloganbietereintrag

------------------------------------------------------

Eintragstyp: Basisdienstanbieter

Beschreibung: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F95B6C4A-7CEF-4526-9586-54AEE9D4E9F0}] DATAGRAM 0

Anbieterkennung: {8D5F1830-C273-11CF-95C8-00805F48A192}

Anbieterpfad: %SystemRoot%\system32\mswsock.dll

Katalogeintragskennung: 1730

Version: 2

Adressfamilie: 17

Max. Adressl„nge: 20

Min. Adressl„nge: 20

Sockettyp: 2

Protokoll: -2147483648

Protokollverkettungsl„nge: 1

Winsock-Kataloganbietereintrag

------------------------------------------------------

Eintragstyp: Basisdienstanbieter

Beschreibung: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{CB89849F-DCA3-449B-A27E-33C716D81D61}] SEQPACKET 2

Anbieterkennung: {8D5F1830-C273-11CF-95C8-00805F48A192}

Anbieterpfad: %SystemRoot%\system32\mswsock.dll

Katalogeintragskennung: 1731

Version: 2

Adressfamilie: 17

Max. Adressl„nge: 20

Min. Adressl„nge: 20

Sockettyp: 5

Protokoll: -2

Protokollverkettungsl„nge: 1

Winsock-Kataloganbietereintrag

------------------------------------------------------

Eintragstyp: Basisdienstanbieter

Beschreibung: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{CB89849F-DCA3-449B-A27E-33C716D81D61}] DATAGRAM 2

Anbieterkennung: {8D5F1830-C273-11CF-95C8-00805F48A192}

Anbieterpfad: %SystemRoot%\system32\mswsock.dll

Katalogeintragskennung: 1732

Version: 2

Adressfamilie: 17

Max. Adressl„nge: 20

Min. Adressl„nge: 20

Sockettyp: 2

Protokoll: -2

Protokollverkettungsl„nge: 1

Winsock-Kataloganbietereintrag

------------------------------------------------------

Eintragstyp: Basisdienstanbieter

Beschreibung: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{1DE82158-4FBE-4775-B157-51ECB452DA33}] SEQPACKET 5

Anbieterkennung: {8D5F1830-C273-11CF-95C8-00805F48A192}

Anbieterpfad: %SystemRoot%\system32\mswsock.dll

Katalogeintragskennung: 1733

Version: 2

Adressfamilie: 17

Max. Adressl„nge: 20

Min. Adressl„nge: 20

Sockettyp: 5

Protokoll: -5

Protokollverkettungsl„nge: 1

Winsock-Kataloganbietereintrag

------------------------------------------------------

Eintragstyp: Basisdienstanbieter

Beschreibung: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{1DE82158-4FBE-4775-B157-51ECB452DA33}] DATAGRAM 5

Anbieterkennung: {8D5F1830-C273-11CF-95C8-00805F48A192}

Anbieterpfad: %SystemRoot%\system32\mswsock.dll

Katalogeintragskennung: 1734

Version: 2

Adressfamilie: 17

Max. Adressl„nge: 20

Min. Adressl„nge: 20

Sockettyp: 2

Protokoll: -5

Protokollverkettungsl„nge: 1

Namespace-Anbietereintrag

------------------------------------------------------

Beschreibung: NLA (Network Location Awareness, NLAv1)-Namespace

Anbieterkennung: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}

Namespace: 15

Aktiv: 1

Version: 0

Namespace-Anbietereintrag

------------------------------------------------------

Beschreibung: E-Mail-Namenshimanbieter

Anbieterkennung: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}

Namespace: 37

Aktiv: 1

Version: 0

Namespace-Anbietereintrag

------------------------------------------------------

Beschreibung: PNRP-Wolken-Namespaceanbieter

Anbieterkennung: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}

Namespace: 39

Aktiv: 1

Version: 0

Namespace-Anbietereintrag

------------------------------------------------------

Beschreibung: PNRP-Namen-Namespaceanbieter

Anbieterkennung: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}

Namespace: 38

Aktiv: 1

Version: 0

Namespace-Anbietereintrag

------------------------------------------------------

Beschreibung: TCP/IP

Anbieterkennung: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}

Namespace: 12

Aktiv: 1

Version: 0

Namespace-Anbietereintrag

------------------------------------------------------

Beschreibung: NTDS

Anbieterkennung: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}

Namespace: 32

Aktiv: 1

Version: 0

Namespace-Anbietereintrag

------------------------------------------------------

Beschreibung: mdnsNSP

Anbieterkennung: {B600E6E9-553B-4A19-8696-335E5C896153}

Namespace: 12

Aktiv: 1

Version: 1

[Ultima]

Try resetting your Winsock settings using Start > Run > cmd /c netsh winsock reset

I'm pretty out-of-ideas at this point.

[dommi83]

"Try resetting your Winsock settings using Start > Run > cmd /c netsh winsock reset"

failed, error persists.

[thelittlefire]

Well, you have malware...

O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdunp.exe

is bad juju. From searching, it is horrible to eliminate. Good luck. :/

[dommi83]

okay, thanks, i'll try that

[thelittlefire]

This is assuming Avira isn't at fault.... Can you upload any of the .DMP files to http://mediafire.com for someone to look at?

I'm also making sure you ONLY installed the nvidia display drivers, their "forceware network manager" aka firewall is bad juju as well.

Edit: Here's the link I used to determine the random 5 characters "Windows Tribute Service" is malware. http://www.google.com/search?q=Windows+Tribute+Service Common practices there should help you remove it, then again most of those people don't mention how/when it got infected :/ The interesting thing is it doesn't get flagged externally... it must be with some software you may have tried out?

[dommi83]

might well be.

when searching for the kdunp.exe i was redirected to the homepage of exterminate it!, which labelled the exe as malware, the Zlob.DNS Changer. scan is still running and the tribute service is already detected as mal. i'll wait for the scan to finish and then try to remove it.

avira didn't find any bad stuff, neither did adaware.

and which .dmp files are you referring to?

[thelittlefire]

Well GREAT!

There's two types of dump files people look at here, Windows ones in \MiniDump http://forum.utorrent.com/viewtopic.php?id=47624 and uTorrent dump files with your settings.dat .. heh I previously mentioned this stuff @ http://forum.utorrent.com/viewtopic.php?pid=358004#p358004 it's late

[dommi83]

just perfect. having spybot search and destroy running in safe mode removed the tribute service. from this point on everything works fine again, not only the utorrent issues but even my erroneous windows update..

thanks for all the help provided, especially to thelittlefire for pointing at this.

issue resolved, thread may be closed.