rulang Posted January 13, 2009 Report Posted January 13, 2009 Every 10 minutes I get the message "uTorrent has crashed. Unable to generate crash dump." Can someone please help me?I have windows XP Pro SP3 and I'm using wireless internet (if that help you..)Here is my list from Hijack This:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:07:02, on 13.01.2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Programfiler\Hewlett-Packard\Drive Encryption\HpFkCrypt.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Programfiler\Norman\Npm\bin\ELOGSVC.EXEC:\Programfiler\Norman\Npm\Bin\Zanda.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\agrsmsvc.exeC:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Programfiler\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\ifxspmgt.exeC:\WINDOWS\system32\IFXTCS.exeC:\Programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exeC:\SYS.000\Evl.exeC:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\IfxPsdSv.exeC:\Programfiler\Norman\Npm\bin\NJEEVES.EXEC:\WINDOWS\System32\alg.exeC:\WINDOWS\System32\SCardSvr.exeC:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exeC:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exeC:\Programfiler\iPod\bin\iPodService.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Programfiler\Hewlett-Packard\IAM\bin\asghost.exeC:\Programfiler\Analog Devices\Core\smax4pnp.exeC:\Programfiler\Synaptics\SynTP\SynTPEnh.exeC:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\WINDOWS\system32\AccelerometerSt.exeC:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exeC:\Programfiler\Norman\Npm\bin\ZLH.EXEC:\Programfiler\Java\jre1.6.0_07\bin\jusched.exeC:\SYS.000\SW.exeC:\SYS.000\hostsw.exeC:\Programfiler\Roxio\Drag-to-Disc\DrgToDsc.exeC:\Programfiler\iTunes\iTunesHelper.exeC:\WINDOWS\system32\ctfmon.exeC:\Programfiler\Hewlett-Packard\Embedded Security Software\PSDrt.exeC:\Documents and Settings\runar.langseth\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exeC:\Programfiler\RocketDock\RocketDock.exeC:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exeC:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exeC:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\SYS.000\svpr.exeC:\Programfiler\Hewlett-Packard\Shared\HpqToaster.exeC:\WINDOWS\system32\rundll32.exeC:\Programfiler\Norman\nse\bin\NSESVC.EXEC:\Programfiler\Norman\Nvc\BIN\NIP.EXEC:\Programfiler\Norman\Nvc\bin\nvcoas.exeC:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXEC:\Programfiler\Norman\Nvc\bin\cclaw.exeC:\WINDOWS\System32\svchost.exeC:\Programfiler\Microsoft Office\OFFICE11\WINWORD.EXEC:\Programfiler\Internet Explorer\iexplore.exeC:\Programfiler\Opera\opera.exeC:\Programfiler\Trend Micro\HijackThis\HijackThis.exeD:\Programfiler\uTorrent\uTorrent.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://itsl.ntvgs.no/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://itsl.ntvgs.no/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = KoblingerO2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {1F6C23D6-854C-497f-9275-439C89CF1F68} - (no file)O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Programfiler\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dllO2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programfiler\Hewlett-Packard\IAM\Bin\ItIEAddIn.dllO4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [soundMAX] C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe /trayO4 - HKLM\..\Run: [startCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exeO4 - HKLM\..\Run: [PTHOSTTR] c:\Programfiler\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /StartO4 - HKLM\..\Run: [QlbCtrl.exe] C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /StartO4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModuleO4 - HKLM\..\Run: [iFXSPMGT] C:\WINDOWS\system32\ifxspmgt.exe /NotifyLogonO4 - HKLM\..\Run: [Norman ZANDA] "C:\Programfiler\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASHO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [sSConfig] C:\SYS.000\SW.exeO4 - HKLM\..\Run: [ProcMon] C:\SYS.000\hostsw.exeO4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programfiler\Roxio\Drag-to-Disc\DrgToDsc.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programfiler\Fellesfiler\LightScribe\LightScribeControlPanel.exe -hiddenO4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\runar.langseth\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [RocketDock] "C:\Programfiler\RocketDock\RocketDock.exe"O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorunO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Programfiler\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dllO9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exeO16 - DPF: DirectEdit - https://www.itslearning.com//file/DirectEdit.CABO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1216030961260&h=f5bc1b26c862bb88ebddc147bd202ac2/&filename=jinstall-6u7-windows-i586-jc.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ntvgs.noO17 - HKLM\Software\..\Telephony: DomainName = ntvgs.noO17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ntvgs.noO20 - AppInit_DLLs: APSHook.dllO20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dllO20 - Winlogon Notify: OneCard - C:\Programfiler\Hewlett-Packard\IAM\Bin\ASWLNPkg.dllO23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exeO23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exeO23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\bin\ELOGSVC.EXEO23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exeO23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - C:\Programfiler\Hewlett-Packard\Drive Encryption\HpFkCrypt.exeO23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\ifxspmgt.exeO23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exeO23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exeO23 - Service: IviRegMgr - InterVideo - C:\Programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exeO23 - Service: Event Log Audit (MASEL) - CISL - C:\SYS.000\Evl.exeO23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exeO23 - Service: Norman NJeeves - Norman ASA - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXEO23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exeO23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Programfiler\Norman\nse\bin\NSESVC.EXEO23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exeO23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXEO23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exeO23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programfiler\Fellesfiler\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exeO23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programfiler\Fellesfiler\SureThing Shared\stllssvr.exe--End of file - 13168 bytes
moogly Posted January 13, 2009 Report Posted January 13, 2009 Hmmm... I saw a previous issue with Norman security suite. Pretty sure Norman modules (email or web scanner) are injected in uT.Can you post a Process Explorer log when uT is running ?http://forum.utorrent.com/viewtopic.php?id=29748Dont forget to select utorrent.exe and enable DLL mode (ctrl+d) in Proc. Explorer.
Ultima Posted January 13, 2009 Report Posted January 13, 2009 Get Process Explorer from sysinternals.com, run it, Ctrl+D (to show the lower DLL pane), select the µTorrent process from the list, Ctrl+S (and save the list somewhere you'll find easily -- like the Desktop), then post the contents of the saved process list in the .txt file here.
rulang Posted January 13, 2009 Author Report Posted January 13, 2009 I think I did correct now:Process PID CPU Description Company NameSystem Idle Process 0 61.43 Interrupts n/a 0.71 Hardware Interrupts DPCs n/a 2.14 Deferred Procedure Calls System 4 0.71 smss.exe 860 Windows NT Session Manager Microsoft Corporation csrss.exe 908 0.71 Client Server Runtime Process Microsoft Corporation winlogon.exe 948 Påloggingsprogram for Windows NT Microsoft Corporation services.exe 996 2.14 Program for tjenester og kontroller Microsoft Corporation svchost.exe 1188 Generic Host Process for Win32 Services Microsoft Corporation ati2evxx.exe 1260 ATI External Event Utility EXE Module ATI Technologies Inc. svchost.exe 1276 Generic Host Process for Win32 Services Microsoft Corporation wmiprvse.exe 820 WMI Microsoft Corporation asghost.exe 3532 Global Virtual Card Host Bioscrypt Inc. NMIndexStoreSvr.exe 320 Nero Home Nero AG HpqToaster.exe 3416 HpqToaster Module HpFkCrypt.exe 1348 Drive Encryption for HP ProtectTools Service SafeBoot International svchost.exe 1388 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1432 Generic Host Process for Win32 Services Microsoft Corporation btwdins.exe 1460 Bluetooth Support Server Broadcom Corporation. elogsvc.exe 1500 Norman eLogger service Norman ASA Zanda.exe 1588 0.71 Norman Zanda service Norman ASA svchost.exe 1620 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1660 Generic Host Process for Win32 Services Microsoft Corporation spoolsv.exe 1932 Spooler SubSystem App Microsoft Corporation agrsmsvc.exe 596 Agere Soft Modem Call Progress Service Agere Systems AppleMobileDeviceService.exe 612 Apple Mobile Device Service Apple Inc. mDNSResponder.exe 632 Bonjour Service Apple Inc. IFXSPMGT.exe 688 Security Platform Management Service Infineon Technologies AG IFXTCS.exe 832 TCPA TSS Core Service Infineon Technologies AG iviRegMgr.exe 904 RegMgr Module InterVideo Evl.exe 1168 CISL MDM.EXE 1532 Machine Debug Manager Microsoft Corporation IfxPsdSv.exe 1552 PSD Service Infineon Technologies AG Njeeves.exe 2008 NJeeves service Norman ASA alg.exe 496 Application Layer Gateway Service Microsoft Corporation scardsvr.exe 1916 Smart Card Resource Management Server Microsoft Corporation hpqwmiex.exe 2544 hpqwmiex Module Hewlett-Packard Development Company, L.P. Com4QLBEx.exe 2092 Com for QLB application Hewlett-Packard Development Company, L.P. NMIndexingService.exe 2720 Nero Home Nero AG iPodService.exe 3080 iPodService Module Apple Inc. Nsesvc.exe 2696 Norman Scanner Engine Service Norman ASA Nvcoas.exe 2704 1.43 NVC OnAccess virus scanner Norman ASA Nvcsched.exe 2852 NVC Scheduler Norman ASA svchost.exe 4016 Generic Host Process for Win32 Services Microsoft Corporation lsass.exe 1008 LSA Shell (Export Version) Microsoft Corporation ati2evxx.exe 3472 ATI External Event Utility EXE Module ATI Technologies Inc.explorer.exe 3700 1.43 Windows Utforsker Microsoft Corporation smax4pnp.exe 3984 SMax4PNP Analog Devices, Inc. SynTPEnh.exe 1548 1.43 Synaptics TouchPad Enhancements Synaptics, Inc. accelerometerST.exe 1772 Hp Accelerometer System Tray Hewlett-Packard Corporation QLBCTRL.exe 2644 Quick Launch Buttons Hewlett-Packard Development Company, L.P. Zlh.exe 3464 Norman ZLH Norman ASA Nip.exe 1164 NVC Internet Protection Norman ASA jusched.exe 892 Java Platform SE binary Sun Microsystems, Inc. SW.exe 3220 CISL svpr.exe 3816 CISL hostsw.exe 1340 SW DrgToDsc.exe 1684 Drag To Disc Application Roxio iTunesHelper.exe 1272 iTunesHelper Module Apple Inc. ctfmon.exe 2748 CTF Loader Microsoft Corporation GoogleUpdate.exe 1104 Google-oppdatering Google Inc. RocketDock.exe 3992 iexplore.exe 2476 13.57 Internet Explorer Microsoft Corporation opera.exe 1452 0.71 Opera Internet Browser Opera Software uTorrent.exe 3016 2.14 µTorrent BitTorrent, Inc. NMBgMonitor.exe 2448 Nero Home Nero AG WINWORD.EXE 2156 Microsoft Office Word Microsoft CorporationMOM.exe 3128 Catalyst Control Center: Monitoring program Advanced Micro Devices Inc. CCC.exe 1928 Catalyst Control Centre: Host application ATI Technologies Inc.PSDrt.exe 1744 PSD Runtime Application Infineon Technologies AGrundll32.exe 1700 Kjør en DLL som et program Microsoft CorporationCClaw.exe 4084 CClaw Norman ASAprocexp.exe 1752 10.71 Sysinternals Process Explorer Sysinternals - www.sysinternals.comProcess: uTorrent.exe Pid: 3016Name Description Company Name VersionACTIVEDS.dll ADs ruterlags-DLL Microsoft Corporation 5.01.2600.5512adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.01.2600.5512ADVAPI32.dll Avansert Windows 32 Base-API Microsoft Corporation 5.01.2600.5512APSHook.dll Application Protection Hook Bioscrypt Inc. 2.05.0000.0029ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0001CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0700COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.5512comdlg32.dll DLL for felles dialogbokser Microsoft Corporation 6.00.2900.5512COMRes.dll Microsoft Corporation 2001.12.4414.0700credui.dll Brukergrensesnitt for behandling av legitimasjonsbeskrivelser Microsoft Corporation 5.01.2600.5512CRYPT32.dll Crypto API32 Microsoft Corporation 5.131.2600.5512ctype.nls DnsApi.dll DNS Client API DLL Microsoft Corporation 5.01.2600.5625dot3api.dll 802.3-autokonfigurasjons-API Microsoft Corporation 5.01.2600.5512dot3dlg.dll 802.3 UI - hjelpeprogram Microsoft Corporation 5.01.2600.5512dwspy36.DLL SpyWorks support library. Desaware Inc. 6.00.0001.0003eappcfg.dll Eap Peer Config Microsoft Corporation 5.01.2600.5512eappprxy.dll Microsoft EAPHost Peer Client DLL Microsoft Corporation 5.01.2600.5512GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.5512hnetcfg.dll Konfigurasjonsbehandling for hjemmenettverk Microsoft Corporation 5.01.2600.5512IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.5512Iphlpapi.dll IP-hjelpeprogram-API Microsoft Corporation 5.01.2600.5512ItClient.dll SSO Hook Module Cognizance Corporation 2.01.0000.0102kernel32.dll DLL-fil for Windows NT BASE API-klient Microsoft Corporation 5.01.2600.5512locale.nls mdnsNSP.dll Bonjour Namespace Provider Apple Inc. 1.00.0005.0011MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.01.2600.5512MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.5512MSCTF.dll MSCTF-server-DLL Microsoft Corporation 5.01.2600.5512msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.01.2600.5512MSVCP60.dll Microsoft ® C++ Runtime Library Microsoft Corporation 6.02.3104.0000msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.5512mswsock.dll Microsoft Windows Sockets 2.0-tjenesteprogram Microsoft Corporation 5.01.2600.5625netapi32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.5512NETSHELL.dll Skall for nettverkstilkoblinger Microsoft Corporation 5.01.2600.5512Niphk.dll NVC Internet Protection Norman ASA 5.99.0000.0001ntdll.dll NT nivå-dll Microsoft Corporation 5.01.2600.5512NTMARTA.DLL Windows NT MARTA-leverandør Microsoft Corporation 5.01.2600.5512ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.5512OLEACC.dll Active Accessibility Core Component Microsoft Corporation 4.02.5406.0000oleaccrc.dll Active Accessibility Resource DLL Microsoft Corporation 4.02.5406.0000OLEAUT32.dll Microsoft Corporation 5.01.2600.5512OneX.DLL IEEE 802.1X-anmoderbibliotek Microsoft Corporation 5.01.2600.5512PSAPI.DLL Process Status Helper Microsoft Corporation 5.01.2600.5512rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.5512RocketDock.dll RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.5512rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.01.2600.5507rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.5512SAMLIB.dll SAM Library DLL Microsoft Corporation 5.01.2600.5512Secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.5512SETUPAPI.dll Installasjons-API for Windows Microsoft Corporation 5.01.2600.5512SHELL32.dll Felles DLL-fil for Windows-skall Microsoft Corporation 6.00.2900.5512shfolder.dll Shell Folder Service Microsoft Corporation 6.00.2900.5512SHLWAPI.dll Lavnivåbibliotek for grensesnitt Microsoft Corporation 6.00.2900.5512sortkey.nls sorttbls.nls unicode.nls USER32.dll DLL-fil for Windows XP USER API-klient Microsoft Corporation 5.01.2600.5512USERENV.dll Userenv Microsoft Corporation 5.01.2600.5512uTorrent.exe µTorrent BitTorrent, Inc. 1.08.0001.12639uxtheme.dll Microsoft UxTema-bibliotek Microsoft Corporation 6.00.2900.5512VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.5512WINSTA.dll Winstation Library Microsoft Corporation 5.01.2600.5512WLDAP32.dll DLL-fil for Win32 LDAP-API Microsoft Corporation 5.01.2600.5512WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.5512WS2HELP.dll Hjelpeprogram for Windows Socket 2.0 for Windows NT Microsoft Corporation 5.01.2600.5512wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.5512WTSAPI32.dll Windows Terminal Server SDK APIs Microsoft Corporation 5.01.2600.5512xpsp2res.dll Meldinger for Service Pack 2 Microsoft Corporation 5.01.2600.5512
Ultima Posted January 13, 2009 Report Posted January 13, 2009 APSHook.dll Application Protection Hook Bioscrypt Inc. 2.05.0000.0029dwspy36.DLL SpyWorks support library. Desaware Inc. 6.00.0001.0003Niphk.dll NVC Internet Protection Norman ASA 5.99.0000.0001Most likely Norman.
rulang Posted January 13, 2009 Author Report Posted January 13, 2009 Thanks for helping me :-)What shall I do with these three files?
moogly Posted January 13, 2009 Report Posted January 13, 2009 You can disable Web protection of Norman and run again a PE log to see if Niphk.dll is still injected in uT.If uT doesn't stop crashing, maybe the culprit is SpyWorks.
rulang Posted January 13, 2009 Author Report Posted January 13, 2009 Thanks for all the help If I don't report any more back in a couple of days, it is fixed.Thanks :-)
Recommended Posts
Archived
This topic is now archived and is closed to further replies.