dommi83 Posted October 11, 2008 Report Share Posted October 11, 2008 hi there.i've got a major problem. yesterday i had utorrent running, had to exit the program for some minutes, and when trying to open it again it kept saying "utorrent has crashed" etc., creating a dump file and stuff. i didn't do anything unusual then, i just needed a quick download in firefox, so i shut it down. but reopening wouldn't work at all. only clicking the lowest option at the error popup would change anything, just having windows telling me that uTorrent.exe doesn't work anymore.downloading it again wouldn't help, a beta wasn't present on the download page, and i've got no idea how to solve this problem.therefore i'll append the hijackthis log, the process thing and a link to zshare with a rar archive containing five dump files or something.any help would be appreciated, thanks in advance.p.s.: i use german versions of vista and some other tools, so if questions occur, just ask and i might provide you with proper translations.hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:59:58, on 11.10.2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\csrss.exeC:\Windows\system32\wininit.exeC:\Windows\system32\csrss.exeC:\Windows\system32\services.exeC:\Windows\system32\lsass.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exeC:\Windows\system32\winlogon.exeC:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\system32\rundll32.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Program Files\AntiVir PersonalEdition Classic\avguard.exeC:\Windows\system32\svchost.exeC:\Windows\Explorer.EXEC:\Program Files\AntiVir PersonalEdition Classic\avgnt.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Windows\RtHDVCpl.exeC:\Program Files\PowerDVD\PDVDServ.exeC:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exeC:\Program Files\DAEMON Tools Lite\daemon.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Windows\system32\PnkBstrA.exeC:\Windows\system32\PnkBstrB.exeC:\Windows\system32\svchost.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\Program Files\Sunbelt Personal Firewall\SbPFLnch.exeC:\Program Files\Sunbelt Personal Firewall\SbPFSvc.exeC:\Windows\system32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\system32\SearchIndexer.exeC:\Acer\Empowering Technology\eRecovery\eRecoveryService.exeC:\Windows\system32\WUDFHost.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Sunbelt Personal Firewall\SbPFCl.exeC:\Windows\system32\taskeng.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\explorer.exeC:\Program Files\HiJack This\HijackThis.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ycomp/defaults/sp/*http://de.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O1 - Hosts: ::1 localhostO2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\PowerDVD\Language\Language.exe"O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStartO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [CmPCIaudio] RunDll32 cmicnfg3.cpl,CMICtrlWndO4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exeO4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorunO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKCU\..\RunServices: [MS Service Control] C:\WINDOWS\winlogin.exeO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dllO13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{1DE82158-4FBE-4775-B157-51ECB452DA33}: NameServer = 85.255.116.130,85.255.112.107O17 - HKLM\System\CS1\Services\Tcpip\..\{1DE82158-4FBE-4775-B157-51ECB452DA33}: NameServer = 85.255.116.130,85.255.112.107O17 - HKLM\System\CS2\Services\Tcpip\..\{1DE82158-4FBE-4775-B157-51ECB452DA33}: NameServer = 85.255.116.130,85.255.112.107O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exeO23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exeO23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exeO23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exeO23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Personal Firewall\SbPFLnch.exeO23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Personal Firewall\SbPFSvc.exeO23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exeO23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exeO23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdunp.exe--End of file - 10115 bytesprocexp.txt:Process PID CPU Description Company NameSystem Idle Process 0 99.05 Interrupts n/a Hardware Interrupts DPCs n/a 0.77 Deferred Procedure Calls System 4 csrss.exe 628 Client-Server-Laufzeitprozess Microsoft Corporationwininit.exe 680 Windows-Startanwendung Microsoft Corporation services.exe 724 Anwendung für Dienste und Controller Microsoft Corporation svchost.exe 908 Hostprozess für Windows-Dienste Microsoft Corporation WmiPrvSE.exe 3756 WMI Provider Host Microsoft Corporation dllhost.exe 2956 COM Surrogate Microsoft Corporation nvvsvc.exe 952 NVIDIA Driver Helper Service, Version 175.19 NVIDIA Corporation rundll32.exe 1632 Windows-Hostprozess (Rundll32) Microsoft Corporation svchost.exe 984 Hostprozess für Windows-Dienste Microsoft Corporation svchost.exe 1116 Hostprozess für Windows-Dienste Microsoft Corporation audiodg.exe 1248 Windows Graphisolierung für Audiogeräte Microsoft Corporation svchost.exe 1144 Hostprozess für Windows-Dienste Microsoft Corporation dwm.exe 2036 Desktopfenster-Manager Microsoft Corporation WUDFHost.exe 3124 Windows Driver Foundation - Benutzermodus-Treiberframework-Hostprozess Microsoft Corporation svchost.exe 1176 Hostprozess für Windows-Dienste Microsoft Corporation taskeng.exe 2020 Aufgabenplanungsmodul Microsoft Corporation taskeng.exe 3404 Aufgabenplanungsmodul Microsoft Corporation taskeng.exe 2044 Aufgabenplanungsmodul Microsoft Corporation SLsvc.exe 1276 Microsoft-Softwarelizenzierungsdienst Microsoft Corporation svchost.exe 1316 Hostprozess für Windows-Dienste Microsoft Corporation svchost.exe 1480 Hostprozess für Windows-Dienste Microsoft Corporation aawservice.exe 1716 Ad-Aware Service Lavasoft spoolsv.exe 2004 Spoolersubsystem-Anwendung Microsoft Corporation avguard.exe 208 Antivirus On-Access Service Avira GmbH svchost.exe 272 Hostprozess für Windows-Dienste Microsoft Corporation sched.exe 2404 Antivirus Scheduler Avira GmbH mDNSResponder.exe 2420 Bonjour Service Apple Computer, Inc. LSSrvc.exe 2464 Hewlett-Packard Company PnkBstrA.exe 2544 PnkBstrB.exe 2644 svchost.exe 2700 Hostprozess für Windows-Dienste Microsoft Corporation RichVideo.exe 2716 RichVideo Module SbPFLnch.exe 2760 Sunbelt Personal Firewall SbPFLnch Sunbelt Software, Inc. SbPFSvc.exe 2784 Sunbelt Firewall Service Sunbelt Software, Inc. SbPFCl.exe 4080 Sunbelt Firewall GUI Sunbelt Software, Inc. svchost.exe 2828 Hostprozess für Windows-Dienste Microsoft Corporation svchost.exe 2864 Hostprozess für Windows-Dienste Microsoft Corporation SearchIndexer.exe 2960 Microsoft Windows Search-Indexerstellung Microsoft Corporation eRecoveryService.exe 3036 eRecoveryService Acer Inc. wmpnetwk.exe 3520 Windows Media Player-Netzwerkfreigabedienst Microsoft Corporation lsass.exe 736 Local Security Authority Process Microsoft Corporation lsm.exe 744 Lokaler Sitzungs-Manager-Dienst Microsoft Corporationcsrss.exe 688 Client-Server-Laufzeitprozess Microsoft Corporationwinlogon.exe 1024 Windows-Anmeldeanwendung Microsoft Corporationexplorer.exe 488 Windows-Explorer Microsoft Corporation avgnt.exe 1896 Antivirus System Tray Tool Avira GmbH jusched.exe 472 Java Platform SE binary Sun Microsystems, Inc. RtHDVCpl.exe 2064 HD Audio Control Panel Realtek Semiconductor PDVDServ.exe 2072 PowerDVD RC Service Cyberlink Corp. rundll32.exe 2120 Windows-Hostprozess (Rundll32) Microsoft Corporation rundll32.exe 2144 Windows-Hostprozess (Rundll32) Microsoft Corporation daemon.exe 2188 DAEMON Tools Lite DT Soft Ltd wmpnscfg.exe 2196 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation firefox.exe 468 Firefox Mozilla Corporation explorer.exe 3388 Windows-Explorer Microsoft Corporation uTorrent.exe 1488 µTorrent BitTorrent, Inc. procexp.exe 1840 0.77 Sysinternals Process Explorer Sysinternals - www.sysinternals.comnotepad.exe 3112 Editor Microsoft Corporationdump files (rar archive):http://www.zshare.net/download/203722108bfe8365/ Link to comment Share on other sites More sharing options...
Ultima Posted October 11, 2008 Report Share Posted October 11, 2008 Do you have the DLL list from Process Explorer? Link to comment Share on other sites More sharing options...
Firon Posted October 12, 2008 Report Share Posted October 12, 2008 You also didn't mention if you're on 1.8.1 stable. Link to comment Share on other sites More sharing options...
dommi83 Posted October 12, 2008 Author Report Share Posted October 12, 2008 yep, i use 1.8.1 stable, for i could find no beta on the dl-page.and the DLL list follows up, but unfortunately. most are labelled in german. so just ask if something is unclear.thanks in advance!DLL-list:Name Description Company Name VersionADVAPI32.dll Erweiterte Windows 32 Base-API Microsoft Corporation 6.00.6001.18000CLBCatQ.DLL COM+ Configuration Catalog Microsoft Corporation 2001.12.6931.18000COMCTL32.dll Bibliothek für Steuerelemente Microsoft Corporation 6.10.6001.18000comctl32.dll.mui Bibliothek für Steuerelemente Microsoft Corporation 6.10.6000.16386comdlg32.dll DLL für gemeinsame Dialoge Microsoft Corporation 6.00.6001.18000DBGHELP.DLL Windows Image Helper Microsoft Corporation 6.00.6001.18000dhcpcsvc.DLL DHCP Clientdienst Microsoft Corporation 6.00.6001.18000dhcpcsvc6.DLL DHCPv6-Client Microsoft Corporation 6.00.6001.18000DNSAPI.dll DNS-Client-API-DLL Microsoft Corporation 6.00.6001.18000DUser.dll Windows DirectUser Engine Microsoft Corporation 6.00.6001.18000duser.dll.mui Windows DirectUser Engine Microsoft Corporation 6.00.6000.16386FirewallAPI.dll Windows-Firewall-API Microsoft Corporation 6.00.6001.18000FirewallAPI.dll.mui Windows-Firewall-API Microsoft Corporation 6.00.6000.16386GDI32.dll GDI Client DLL Microsoft Corporation 6.00.6001.18023iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 7.00.6001.18000imageres.dll Windows Image Resource Microsoft Corporation 6.00.6000.16386imageres.dll.mui Windows Image Resource Microsoft Corporation 6.00.6000.16386IMM32.DLL Multi-User Windows IMM32 API Client DLL Microsoft Corporation 6.00.6001.18000iphlpapi.dll IP-Hilfs-API Microsoft Corporation 6.00.6001.18000iphlpapi.dll.mui IP-Hilfs-API Microsoft Corporation 6.00.6000.16386kernel32.dll Client-DLL für Windows NT-Basis-API Microsoft Corporation 6.00.6001.18000locale.nls locale.nls LPK.DLL Language Pack Microsoft Corporation 6.00.6001.18000MSCTF.dll MSCTF-Server-DLL Microsoft Corporation 6.00.6001.18000msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.6001.18000mswsock.dll Microsoft Windows Sockets 2.0-Dienstanbieter Microsoft Corporation 6.00.6001.18000mswsock.dll.mui Microsoft Windows Sockets 2.0-Dienstanbieter Microsoft Corporation 6.00.6000.16386Normaliz.dll Unicode Normalization DLL Microsoft Corporation 6.00.6000.16386npmproxy.dll Network List Manager Proxy Microsoft Corporation 6.00.6000.16386NSI.dll NSI User-mode interface DLL Microsoft Corporation 6.00.6001.18000ntdll.dll DLL für NT-Layer Microsoft Corporation 6.00.6001.18000ole32.dll Microsoft OLE für Windows Microsoft Corporation 6.00.6001.18000OLEAUT32.dll Microsoft Corporation 6.00.6001.18000psapi.dll Process Status Helper Microsoft Corporation 6.00.6000.16386RPCRT4.dll Remoteprozeduraufruf-Laufzeitumgebung Microsoft Corporation 6.00.6001.18051rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 6.00.6001.18000Secur32.dll Security Support Provider Interface Microsoft Corporation 6.00.6001.18000SHELL32.dll Allgemeine Windows-Shell-DLL Microsoft Corporation 6.00.6001.18062shfolder.dll Shell Folder Service Microsoft Corporation 6.00.6000.16386SHLWAPI.dll Shell Light-weight-Dienstprogrammbibliothek Microsoft Corporation 6.00.6001.18000urlmon.dll OLE32-Erweiterung für Win32 Microsoft Corporation 7.00.6001.18099USER32.dll Multi-User Windows USER API Client DLL Microsoft Corporation 6.00.6001.18000user32.dll.mui Multi-User Windows USER API Client DLL Microsoft Corporation 6.00.6001.18000USERENV.dll Userenv Microsoft Corporation 6.00.6001.18000userenv.dll.mui Userenv Microsoft Corporation 6.00.6000.16386USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.626.6001.18000uTorrent.exe µTorrent BitTorrent, Inc. 1.08.0001.12639UxTheme.dll Microsoft UxTheme-Bibliothek Microsoft Corporation 6.00.6001.18000VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 6.00.6001.18000WININET.dll Interneterweiterungen für Win32 Microsoft Corporation 7.00.6001.18099WINNSI.DLL Network Store Information RPC interface Microsoft Corporation 6.00.6001.18000WS2_32.dll Windows Socket 2.0-32-Bit-DLL Microsoft Corporation 6.00.6001.18000ws2_32.dll.mui Windows Socket 2.0-32-Bit-DLL Microsoft Corporation 6.00.6000.16386wship6.dll Winsock2-Hilfs-DLL (TL/IPv6) Microsoft Corporation 6.00.6001.18000wshtcpip.dll Winsock2-Hilfs-DLL (TL/IPv4) Microsoft Corporation 6.00.6001.18000 Link to comment Share on other sites More sharing options...
Ultima Posted October 12, 2008 Report Share Posted October 12, 2008 Hm. I don't see any obvious culprit :/ What network card are you using? What motherboard chipset?Can you perform Start > Run > cmd /c netsh winsock show catalog > C:\winsock.txtThen copy and paste the contents of C:\winsock.txt here? Link to comment Share on other sites More sharing options...
dommi83 Posted October 12, 2008 Author Report Share Posted October 12, 2008 network card is a Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller. but it can't be the network card causing these issues, for utorrent worked for a long time, never had any problems with any version. i just closed it for 30 minutes approx, and when trying to reopen it, it simply wouldn't. it worked before, suddenly it didn't anymore. the last two or three times i started utorrent the program had to check the files first before continuing to download them. that wasn't unusual, for i download larger files to an external HDD, smaller ones to the built-in ones.the processor is an AMD Athlon 64 X2 Dual Core Processor 4600+, 2410 MHz. there is a bugfix driver that fixes various issues, which i already installed.winsock.txt:Winsock-Kataloganbietereintrag------------------------------------------------------Eintragstyp: BasisdienstanbieterBeschreibung: MSAFD-Tcpip [TCP/IP]Anbieterkennung: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}Anbieterpfad: %SystemRoot%\system32\mswsock.dllKatalogeintragskennung: 1001Version: 2Adressfamilie: 2Max. Adressl„nge: 16Min. Adressl„nge: 16Sockettyp: 1Protokoll: 6Protokollverkettungsl„nge: 1Winsock-Kataloganbietereintrag------------------------------------------------------Eintragstyp: BasisdienstanbieterBeschreibung: MSAFD-Tcpip [uDP/IP]Anbieterkennung: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}Anbieterpfad: %SystemRoot%\system32\mswsock.dllKatalogeintragskennung: 1002Version: 2Adressfamilie: 2Max. Adressl„nge: 16Min. Adressl„nge: 16Sockettyp: 2Protokoll: 17Protokollverkettungsl„nge: 1Winsock-Kataloganbietereintrag------------------------------------------------------Eintragstyp: BasisdienstanbieterBeschreibung: MSAFD-Tcpip [RAW/IP]Anbieterkennung: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}Anbieterpfad: %SystemRoot%\system32\mswsock.dllKatalogeintragskennung: 1003Version: 2Adressfamilie: 2Max. Adressl„nge: 16Min. Adressl„nge: 16Sockettyp: 3Protokoll: 0Protokollverkettungsl„nge: 1Winsock-Kataloganbietereintrag------------------------------------------------------Eintragstyp: BasisdienstanbieterBeschreibung: MSAFD-Tcpip [TCP/IPv6]Anbieterkennung: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}Anbieterpfad: %SystemRoot%\system32\mswsock.dllKatalogeintragskennung: 1004Version: 2Adressfamilie: 23Max. Adressl„nge: 28Min. Adressl„nge: 28Sockettyp: 1Protokoll: 6Protokollverkettungsl„nge: 1Winsock-Kataloganbietereintrag------------------------------------------------------Eintragstyp: BasisdienstanbieterBeschreibung: MSAFD-Tcpip [uDP/IPv6]Anbieterkennung: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}Anbieterpfad: %SystemRoot%\system32\mswsock.dllKatalogeintragskennung: 1005Version: 2Adressfamilie: 23Max. Adressl„nge: 28Min. Adressl„nge: 28Sockettyp: 2Protokoll: 17Protokollverkettungsl„nge: 1Winsock-Kataloganbietereintrag------------------------------------------------------Eintragstyp: BasisdienstanbieterBeschreibung: MSAFD-Tcpip [RAW/IPv6]Anbieterkennung: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}Anbieterpfad: %SystemRoot%\system32\mswsock.dllKatalogeintragskennung: 1006Version: 2Adressfamilie: 23Max. Adressl„nge: 28Min. Adressl„nge: 28Sockettyp: 3Protokoll: 0Protokollverkettungsl„nge: 1Winsock-Kataloganbietereintrag------------------------------------------------------Eintragstyp: BasisdienstanbieterBeschreibung: RSVP-TCPv6-DienstanbieterAnbieterkennung: {9D60A9E0-337A-11D0-BD88-0000C082E69A}Anbieterpfad: %SystemRoot%\system32\mswsock.dllKatalogeintragskennung: 1015Version: 2Adressfamilie: 23Max. Adressl„nge: 28Min. Adressl„nge: 28Sockettyp: 1Protokoll: 6Protokollverkettungsl„nge: 1Winsock-Kataloganbietereintrag------------------------------------------------------Eintragstyp: BasisdienstanbieterBeschreibung: RSVP-TCP-DienstanbieterAnbieterkennung: {9D60A9E0-337A-11D0-BD88-0000C082E69A}Anbieterpfad: %SystemRoot%\system32\mswsock.dllKatalogeintragskennung: 1016Version: 2Adressfamilie: 2Max. Adressl„nge: 16Min. Adressl„nge: 16Sockettyp: 1Protokoll: 6Protokollverkettungsl„nge: 1Winsock-Kataloganbietereintrag------------------------------------------------------Eintragstyp: BasisdienstanbieterBeschreibung: RSVP-UDPv6-DienstanbieterAnbieterkennung: {9D60A9E0-337A-11D0-BD88-0000C082E69A}Anbieterpfad: %SystemRoot%\system32\mswsock.dllKatalogeintragskennung: 1017Version: 2Adressfamilie: 23Max. Adressl„nge: 28Min. Adressl„nge: 28Sockettyp: 2Protokoll: 17Protokollverkettungsl„nge: 1Winsock-Kataloganbietereintrag------------------------------------------------------Eintragstyp: BasisdienstanbieterBeschreibung: RSVP-UDP-DienstanbieterAnbieterkennung: {9D60A9E0-337A-11D0-BD88-0000C082E69A}Anbieterpfad: %SystemRoot%\system32\mswsock.dllKatalogeintragskennung: 1018Version: 2Adressfamilie: 2Max. Adressl„nge: 16Min. Adressl„nge: 16Sockettyp: 2Protokoll: 17Protokollverkettungsl„nge: 1Winsock-Kataloganbietereintrag------------------------------------------------------Eintragstyp: BasisdienstanbieterBeschreibung: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1DE82158-4FBE-4775-B157-51ECB452DA33}] SEQPACKET 4Anbieterkennung: {8D5F1830-C273-11CF-95C8-00805F48A192}Anbieterpfad: %SystemRoot%\system32\mswsock.dllKatalogeintragskennung: 1727Version: 2Adressfamilie: 17Max. Adressl„nge: 20Min. Adressl„nge: 20Sockettyp: 5Protokoll: -4Protokollverkettungsl„nge: 1Winsock-Kataloganbietereintrag------------------------------------------------------Eintragstyp: BasisdienstanbieterBeschreibung: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1DE82158-4FBE-4775-B157-51ECB452DA33}] DATAGRAM 4Anbieterkennung: {8D5F1830-C273-11CF-95C8-00805F48A192}Anbieterpfad: %SystemRoot%\system32\mswsock.dllKatalogeintragskennung: 1728Version: 2Adressfamilie: 17Max. Adressl„nge: 20Min. Adressl„nge: 20Sockettyp: 2Protokoll: -4Protokollverkettungsl„nge: 1Winsock-Kataloganbietereintrag------------------------------------------------------Eintragstyp: BasisdienstanbieterBeschreibung: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F95B6C4A-7CEF-4526-9586-54AEE9D4E9F0}] SEQPACKET 0Anbieterkennung: {8D5F1830-C273-11CF-95C8-00805F48A192}Anbieterpfad: %SystemRoot%\system32\mswsock.dllKatalogeintragskennung: 1729Version: 2Adressfamilie: 17Max. Adressl„nge: 20Min. Adressl„nge: 20Sockettyp: 5Protokoll: -2147483648Protokollverkettungsl„nge: 1Winsock-Kataloganbietereintrag------------------------------------------------------Eintragstyp: BasisdienstanbieterBeschreibung: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F95B6C4A-7CEF-4526-9586-54AEE9D4E9F0}] DATAGRAM 0Anbieterkennung: {8D5F1830-C273-11CF-95C8-00805F48A192}Anbieterpfad: %SystemRoot%\system32\mswsock.dllKatalogeintragskennung: 1730Version: 2Adressfamilie: 17Max. Adressl„nge: 20Min. Adressl„nge: 20Sockettyp: 2Protokoll: -2147483648Protokollverkettungsl„nge: 1Winsock-Kataloganbietereintrag------------------------------------------------------Eintragstyp: BasisdienstanbieterBeschreibung: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{CB89849F-DCA3-449B-A27E-33C716D81D61}] SEQPACKET 2Anbieterkennung: {8D5F1830-C273-11CF-95C8-00805F48A192}Anbieterpfad: %SystemRoot%\system32\mswsock.dllKatalogeintragskennung: 1731Version: 2Adressfamilie: 17Max. Adressl„nge: 20Min. Adressl„nge: 20Sockettyp: 5Protokoll: -2Protokollverkettungsl„nge: 1Winsock-Kataloganbietereintrag------------------------------------------------------Eintragstyp: BasisdienstanbieterBeschreibung: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{CB89849F-DCA3-449B-A27E-33C716D81D61}] DATAGRAM 2Anbieterkennung: {8D5F1830-C273-11CF-95C8-00805F48A192}Anbieterpfad: %SystemRoot%\system32\mswsock.dllKatalogeintragskennung: 1732Version: 2Adressfamilie: 17Max. Adressl„nge: 20Min. Adressl„nge: 20Sockettyp: 2Protokoll: -2Protokollverkettungsl„nge: 1Winsock-Kataloganbietereintrag------------------------------------------------------Eintragstyp: BasisdienstanbieterBeschreibung: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{1DE82158-4FBE-4775-B157-51ECB452DA33}] SEQPACKET 5Anbieterkennung: {8D5F1830-C273-11CF-95C8-00805F48A192}Anbieterpfad: %SystemRoot%\system32\mswsock.dllKatalogeintragskennung: 1733Version: 2Adressfamilie: 17Max. Adressl„nge: 20Min. Adressl„nge: 20Sockettyp: 5Protokoll: -5Protokollverkettungsl„nge: 1Winsock-Kataloganbietereintrag------------------------------------------------------Eintragstyp: BasisdienstanbieterBeschreibung: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{1DE82158-4FBE-4775-B157-51ECB452DA33}] DATAGRAM 5Anbieterkennung: {8D5F1830-C273-11CF-95C8-00805F48A192}Anbieterpfad: %SystemRoot%\system32\mswsock.dllKatalogeintragskennung: 1734Version: 2Adressfamilie: 17Max. Adressl„nge: 20Min. Adressl„nge: 20Sockettyp: 2Protokoll: -5Protokollverkettungsl„nge: 1Namespace-Anbietereintrag------------------------------------------------------Beschreibung: NLA (Network Location Awareness, NLAv1)-NamespaceAnbieterkennung: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}Namespace: 15Aktiv: 1Version: 0Namespace-Anbietereintrag------------------------------------------------------Beschreibung: E-Mail-NamenshimanbieterAnbieterkennung: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}Namespace: 37Aktiv: 1Version: 0Namespace-Anbietereintrag------------------------------------------------------Beschreibung: PNRP-Wolken-NamespaceanbieterAnbieterkennung: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}Namespace: 39Aktiv: 1Version: 0Namespace-Anbietereintrag------------------------------------------------------Beschreibung: PNRP-Namen-NamespaceanbieterAnbieterkennung: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}Namespace: 38Aktiv: 1Version: 0Namespace-Anbietereintrag------------------------------------------------------Beschreibung: TCP/IPAnbieterkennung: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}Namespace: 12Aktiv: 1Version: 0Namespace-Anbietereintrag------------------------------------------------------Beschreibung: NTDSAnbieterkennung: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}Namespace: 32Aktiv: 1Version: 0Namespace-Anbietereintrag------------------------------------------------------Beschreibung: mdnsNSPAnbieterkennung: {B600E6E9-553B-4A19-8696-335E5C896153}Namespace: 12Aktiv: 1Version: 1 Link to comment Share on other sites More sharing options...
Ultima Posted October 12, 2008 Report Share Posted October 12, 2008 Try resetting your Winsock settings using Start > Run > cmd /c netsh winsock resetI'm pretty out-of-ideas at this point. Link to comment Share on other sites More sharing options...
dommi83 Posted October 13, 2008 Author Report Share Posted October 13, 2008 "Try resetting your Winsock settings using Start > Run > cmd /c netsh winsock reset"failed, error persists. Link to comment Share on other sites More sharing options...
thelittlefire Posted October 13, 2008 Report Share Posted October 13, 2008 Well, you have malware...O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdunp.exeis bad juju. From searching, it is horrible to eliminate. Good luck. :/ Link to comment Share on other sites More sharing options...
dommi83 Posted October 13, 2008 Author Report Share Posted October 13, 2008 okay, thanks, i'll try that Link to comment Share on other sites More sharing options...
thelittlefire Posted October 13, 2008 Report Share Posted October 13, 2008 This is assuming Avira isn't at fault.... Can you upload any of the .DMP files to http://mediafire.com for someone to look at?I'm also making sure you ONLY installed the nvidia display drivers, their "forceware network manager" aka firewall is bad juju as well.Edit: Here's the link I used to determine the random 5 characters "Windows Tribute Service" is malware. http://www.google.com/search?q=Windows+Tribute+Service Common practices there should help you remove it, then again most of those people don't mention how/when it got infected :/ The interesting thing is it doesn't get flagged externally... it must be with some software you may have tried out? Link to comment Share on other sites More sharing options...
dommi83 Posted October 13, 2008 Author Report Share Posted October 13, 2008 might well be.when searching for the kdunp.exe i was redirected to the homepage of exterminate it!, which labelled the exe as malware, the Zlob.DNS Changer. scan is still running and the tribute service is already detected as mal. i'll wait for the scan to finish and then try to remove it.avira didn't find any bad stuff, neither did adaware.and which .dmp files are you referring to? Link to comment Share on other sites More sharing options...
thelittlefire Posted October 13, 2008 Report Share Posted October 13, 2008 Well GREAT!There's two types of dump files people look at here, Windows ones in \MiniDump http://forum.utorrent.com/viewtopic.php?id=47624 and uTorrent dump files with your settings.dat .. heh I previously mentioned this stuff @ http://forum.utorrent.com/viewtopic.php?pid=358004#p358004 it's late Link to comment Share on other sites More sharing options...
dommi83 Posted October 13, 2008 Author Report Share Posted October 13, 2008 just perfect. having spybot search and destroy running in safe mode removed the tribute service. from this point on everything works fine again, not only the utorrent issues but even my erroneous windows update..thanks for all the help provided, especially to thelittlefire for pointing at this. issue resolved, thread may be closed. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.