pmlcs Posted October 18, 2008 Report Share Posted October 18, 2008 I'm also having the error "utorrent has crashed. Unable to generate crash dump" every time. Can you help me? THANKS!The Hijackthis log is Logfile of HijackThis v1.99.1Scan saved at 11:12:35, on 18-10-2008Platform: Unknown Windows (WinNT 6.00.1905 SP1)MSIE: Internet Explorer v8.00 (8.00.6001.17184)Running processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\WindowsMobile\wmdc.exeC:\Windows\System32\rundll32.exeC:\Program Files\ESET\ESET Smart Security\egui.exeC:\Program Files\TweakMASTER\TMTray.exeC:\Windows\System32\mobsync.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\explorer.exeC:\Windows\system32\taskeng.exeC:\Program Files\uTorrent\uTorrent.exeC:\Users\Pedro\Desktop\ANTI VIRUS\Hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: TweakMASTER Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\PROGRA~1\TWEAKM~1\TweakBHO.dllO3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitserviceO4 - HKLM\..\Run: [TweakMASTER] "C:\PROGRA~1\TWEAKM~1\TMTray.exe"O4 - HKCU\..\Run: [ehTray.exe] -C:\Windows\ehome\ehTray.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dllO9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dllO10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dllO11 - Options group: [iNTERNATIONAL] International*O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.geoweb.pt/vector2/mgaxctrl.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{24976AC0-50B4-4F8D-A44B-C0E8F63DD178}: NameServer = 208.67.222.222,208.67.220.220O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - blank (file missing)O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLLO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - b:\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (file missing)O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exeO23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exeO23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: lxcr_device - - C:\Windows\system32\lxcrcoms.exeO23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exeO23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exeO23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeO23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exeO23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exeO23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)Process explorer log for utorrent isProcess PID CPU Description Company NameSystem Idle Process 0 97.27 Interrupts n/a Hardware Interrupts DPCs n/a Deferred Procedure Calls System 4 smss.exe 516 csrss.exe 584 wininit.exe 632 services.exe 676 svchost.exe 848 mobsync.exe 3584 Microsoft Sync Center Microsoft Corporation nvvsvc.exe 932 rundll32.exe 1448 svchost.exe 960 svchost.exe 1024 svchost.exe 1084 audiodg.exe 1224 svchost.exe 1116 dwm.exe 1048 0.39 Desktop Window Manager Microsoft Corporation svchost.exe 1128 taskeng.exe 420 Task Scheduler Engine Microsoft Corporation taskeng.exe 2100 taskeng.exe 548 SLsvc.exe 1292 svchost.exe 1388 svchost.exe 1564 spoolsv.exe 1860 svchost.exe 1884 AppleMobileDeviceService.exe 2432 mDNSResponder.exe 2444 svchost.exe 2456 ekrn.exe 2500 LSSrvc.exe 2592 lxcrcoms.exe 2604 PnkBstrA.exe 2660 svchost.exe 2680 StarWindServiceAE.exe 2720 svchost.exe 2748 svchost.exe 2796 SearchIndexer.exe 2832 svchost.exe 3416 aawservice.exe 2308 lsass.exe 688 lsm.exe 696 csrss.exe 640 winlogon.exe 872 explorer.exe 1648 Windows Explorer Microsoft Corporation MSASCui.exe 2236 Windows Defender User Interface Microsoft Corporation wmdc.exe 2320 Windows Mobile Device Center Microsoft Corporation rundll32.exe 2344 Windows host process (Rundll32) Microsoft Corporation egui.exe 2368 Eset GUI ESET TMTray.exe 2380 TweakMASTER Agent Hagel Technologies Ltd firefox.exe 3192 Firefox Mozilla Corporation explorer.exe 4056 Windows Explorer Microsoft Corporation uTorrent.exe 1360 µTorrent BitTorrent, Inc. HijackThis.exe 3920 notepad.exe 1472 procexp.exe 3620 Sysinternals Process Explorer Sysinternals - www.sysinternals.comProcess: uTorrent.exe Pid: 1360Name Description Company Name VersionADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 6.00.6001.18000apphelp.dll Application Compatibility Client Library Microsoft Corporation 6.00.6001.18000CLBCatQ.DLL COM+ Configuration Catalog Microsoft Corporation 2001.12.6931.18000COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.10.6001.18000comctl32.dll.mui User Experience Controls Library Microsoft Corporation 6.10.6001.18000comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.6001.18000CRYPT32.dll Crypto API32 Microsoft Corporation 6.00.6001.18000DBGHELP.DLL Windows Image Helper Microsoft Corporation 6.00.6001.18000dhcpcsvc.DLL DHCP Client Service Microsoft Corporation 6.00.6001.18000dhcpcsvc6.DLL DHCPv6 Client Microsoft Corporation 6.00.6001.18000DnsApi.dll DNS Client API DLL Microsoft Corporation 6.00.6001.18000DUser.dll Windows DirectUser Engine Microsoft Corporation 6.00.6001.18000duser.dll.mui Windows DirectUser Engine Microsoft Corporation 6.00.6000.16386FirewallAPI.dll Windows Firewall API Microsoft Corporation 6.00.6001.18000GDI32.dll GDI Client DLL Microsoft Corporation 6.00.6001.18023iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 8.00.6001.17184IESetting.dll Internet Explorer Settings Manager Microsoft Corporation 8.00.6001.17184imageres.dll Windows Image Resource Microsoft Corporation 6.00.6000.16386imageres.dll.mui Windows Image Resource Microsoft Corporation 6.00.6000.16386IMM32.DLL Multi-User Windows IMM32 API Client DLL Microsoft Corporation 6.00.6001.18000Iphlpapi.dll IP Helper API Microsoft Corporation 6.00.6001.18000kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 6.00.6001.18000locale.nls locale.nls LPK.DLL Language Pack Microsoft Corporation 6.00.6001.18000mdnsNSP.dll Bonjour Namespace Provider Apple Inc. 1.00.0005.0011MPR.dll Multiple Provider Router DLL Microsoft Corporation 6.00.6001.18000MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 6.00.6000.16386MSCTF.dll MSCTF Server DLL Microsoft Corporation 6.00.6001.18000msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.6001.18000mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 6.00.6001.18000napinsp.dll E-mail Naming Shim Provider Microsoft Corporation 6.00.6001.18000NLAapi.dll Network Location Awareness 2 Microsoft Corporation 6.00.6001.18000npmproxy.dll Network List Manager Proxy Microsoft Corporation 6.00.6000.16386NSI.dll NSI User-mode interface DLL Microsoft Corporation 6.00.6001.18000ntdll.dll NT Layer DLL Microsoft Corporation 6.00.6001.18000ole32.dll Microsoft OLE for Windows Microsoft Corporation 6.00.6001.18000oleaut32.dll Microsoft Corporation 6.00.6001.18000pnrpnsp.dll PNRP Name Space Provider Microsoft Corporation 6.00.6001.18000PROPSYS.dll Microsoft Property System Microsoft Corporation 7.00.6001.16503PSAPI.DLL Process Status Helper Microsoft Corporation 6.00.6000.16386R000000000009.clb rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 6.00.6000.16386RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 6.00.6001.18051rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 6.00.6001.18000Secur32.dll Security Support Provider Interface Microsoft Corporation 6.00.6001.18000SETUPAPI.dll Windows Setup API Microsoft Corporation 6.00.6001.18000SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.6001.18062shfolder.dll Shell Folder Service Microsoft Corporation 6.00.6000.16386SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.6001.18000urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 8.00.6001.17184USER32.dll Multi-User Windows USER API Client DLL Microsoft Corporation 6.00.6001.18000user32.dll.mui Multi-User Windows USER API Client DLL Microsoft Corporation 6.00.6001.18000USERENV.dll Userenv Microsoft Corporation 6.00.6001.18000USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.626.6001.18000uTorrent.exe µTorrent BitTorrent, Inc. 1.08.0001.12639uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.6001.18000VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 6.00.6001.18000WINNSI.DLL Network Store Information RPC interface Microsoft Corporation 6.00.6001.18000winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 6.00.6000.16386WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 6.00.6001.18000WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 6.00.6001.18000wship6.dll Winsock2 Helper DLL (TL/IPv6) Microsoft Corporation 6.00.6001.18000wshtcpip.dll Winsock2 Helper DLL (TL/IPv4) Microsoft Corporation 6.00.6001.18000 Link to comment Share on other sites More sharing options...
Firon Posted October 18, 2008 Report Share Posted October 18, 2008 Are you running 1.8.1? Link to comment Share on other sites More sharing options...
thelittlefire Posted October 18, 2008 Report Share Posted October 18, 2008 uTorrent 12639... ESET and NLA LSP injection :/Startby stopping/closing TweakMaster.... Verify those LSP injections aren't causing trouble. Link to comment Share on other sites More sharing options...
Firon Posted October 19, 2008 Report Share Posted October 19, 2008 Just to tell you, those nla things are built into Vista. It's not 3rd party software. Link to comment Share on other sites More sharing options...
Ultima Posted October 19, 2008 Report Share Posted October 19, 2008 NLA is even a service under XP.That WormRadar thing actually has me suspicious. If you search the fourm for wormradar*, you'll find a LOT of threads related to crashes. Link to comment Share on other sites More sharing options...
thelittlefire Posted October 19, 2008 Report Share Posted October 19, 2008 Built in LSP injection? Another reason Vista is two steps back. >< Link to comment Share on other sites More sharing options...
Ultima Posted October 19, 2008 Report Share Posted October 19, 2008 ... In XP, perform Start > Run > cmd /k netsh winsock show catalogYou'll find that NLA is listed there as well -- it's not a Vista-only thing. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.