Jump to content

BSOD on Windows XP caused by µTorrent


MageMinds

Recommended Posts

Posted

I know there are tons of that kind of posts about µTorrent being the bad guy, but I have proof now! So developers can debug.

Let me explain how the BSOF appear, while trying to avoid my ISP traffic shaping I have set µTorrent to use the port 1723, the PPTP server port and I have enforced encryption and rejecting legacy connections, making all communication encrypted on the port 1723 make the detection hard for my ISP and I was able to get full throttle.

Since I made that modification I had strange behaviour from my PC, from time to time I was getting a reboot, I knew that was because of a crash and the auto reboot was activated, so I disabled it to see the actual blue screen it was most of the time BAD_HEADER_POOL with no driver listed.

I tested everything, memory, video card, hard disks, I even changed one hard drive, but the problem was still there. Then I made a little search about my problem and found a lot of result in google about people complaining the µTorrent was the cause of this. So I just closed my µTorrent for a week and the PC didn't crash. Then I restarted µTorrent and in less the 24 hours the PC crashed.

I then remember that the only thing that had changed in µTorrent was the port I used, then I set it back to what it was before, and since then everything run smoothly, less the fact that sometimes my line gets choked by my ISP, but it's no µTorrent fault.

I suspect that a legitimate or illegitimate software was trying to connect to the supposed PPTP server but µTorrent didn't like it making some sort of bad thing to the memory calls to make Windows crash ... This is a huge security risk, since anybody can make a remote PC crash (BSOD) if it run µTorrent, they only have to figure out how this was happening to me and instead send the bad packets to the port the remote user is using for its µTorrent.

For what it's worth I have an AMD Opteron 180 (Dual Core)

MageMinds

Posted

The HijackThis log can be found at the following address

Logfile of HijackThis v1.99.1
Scan saved at 14:11:38, on 2009/02/19
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AhsayACB\aua\bin\AuaAcb.exe
C:\Program Files\AhsayACB\aua\jvm\bin\AuaAcbJW.exe
C:\Program Files\AhsayACB\bin\bsch.exe
C:\Program Files\AhsayACB\jvm\bin\bschJW.exe
C:\Program Files\cwRsyncServer\bin\cygrunsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\cwRsyncServer\bin\rsync.exe
C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AhsayACB\bin\btray.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
D:\UTILITAIRES\Utilitaires Internet\SNMP Router Monitor\monomon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\SABnzbd\SABnzbd.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\UTILITAIRES\Utilitaires PC\HijackThis\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ig?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.77.2.1:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [OBASystemTray ] "C:\Program Files\AhsayACB\bin\btray.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [monomon] D:\UTILITAIRES\Utilitaires Internet\SNMP Router Monitor\monomon.exe -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201052884937
O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: AutoUpdateAgent (AhsayACB) (OBAAutoUpdate) - Unknown owner - C:\Program Files\AhsayACB\aua\bin\AuaAcb.exe
O23 - Service: Online Backup Scheduler (AhsayACB) (OBAScheduler) - Unknown owner - C:\Program Files\AhsayACB\bin\bsch.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: RsyncServer - Unknown owner - C:\Program Files\cwRsyncServer\bin\cygrunsrv.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: Uplink Skype2Sip Service (UplinkService) - Unknown owner - C:\Program Files\NCH Swift Sound\Uplink\uplink.exe" -service (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

Here the Process Explorer

Process    PID    CPU    Description    Company Name
System Idle Process 0 97.02
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 976 Gestionnaire de session Windows NT Microsoft Corporation
csrss.exe 1036 Client Server Runtime Process Microsoft Corporation
winlogon.exe 1068 Application d'ouverture de session Windows NT Microsoft Corporation
services.exe 1112 0.75 Applications Services et Contrôleur Microsoft Corporation
ati2evxx.exe 1300 ATI External Event Utility EXE Module ATI Technologies Inc.
svchost.exe 1332 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1408 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1504 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1660 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1772 Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1852 Spooler SubSystem App Microsoft Corporation
sched.exe 1908 Antivirus Scheduler Avira GmbH
avguard.exe 736 Antivirus On-Access Service Avira GmbH
MDM.EXE 800 Machine Debug Manager Microsoft Corporation
AuaAcb.exe 832
AuaAcbJW.exe 872 Java(TM) Platform SE binary Sun Microsystems, Inc.
bsch.exe 876
bschJW.exe 904 Java(TM) Platform SE binary Sun Microsystems, Inc.
cygrunsrv.exe 1272
svchost.exe 1360 Generic Host Process for Win32 Services Microsoft Corporation
vmware-authd.exe 1460 VMware Authorization Service VMware, Inc.
vmount2.exe 1628 virtual disk mount service VMware, Inc.
vmnat.exe 2016 VMware NAT Service VMware, Inc.
vmnetdhcp.exe 2104 VMware VMnet DHCP service VMware, Inc.
vmserverdWin32.exe 2752 VMware VirtualCenter Agent VMware, Inc.
alg.exe 3444 Application Layer Gateway Service Microsoft Corporation
lsass.exe 1132 LSA Shell (Export Version) Microsoft Corporation
ati2evxx.exe 3988 ATI External Event Utility EXE Module ATI Technologies Inc.
rdpclip.exe 3268 RDP Clip Monitor Microsoft Corporation
csrss.exe 3684 Client Server Runtime Process Microsoft Corporation
winlogon.exe 1948 Application d'ouverture de session Windows NT Microsoft Corporation
ati2evxx.exe 1388 ATI External Event Utility EXE Module ATI Technologies Inc.
scrnsave.scr 4012 Écran de veille par défaut Microsoft Corporation
csrss.exe 3100 Client Server Runtime Process Microsoft Corporation
winlogon.exe 3260 Application d'ouverture de session Windows NT Microsoft Corporation
logonui.exe 2092 Windows Logon UI Microsoft Corporation
ati2evxx.exe 1404 ATI External Event Utility EXE Module ATI Technologies Inc.
logon.scr 4024 Ouverture de session Microsoft Corporation
rsync.exe 1468
explorer.exe 336 Explorateur Windows Microsoft Corporation
soundman.exe 2364 Realtek Sound Manager Realtek Semiconductor Corp.
btray.exe 2580 Systray Shortcut
gnotify.exe 2784 Gmail Notifier Google Inc.
avgnt.exe 2872 Antivirus System Tray Tool Avira GmbH
jusched.exe 2988 Java(TM) Platform SE binary Sun Microsystems, Inc.
jucheck.exe 4072 Java(TM) Update Checker Sun Microsystems, Inc.
utorrent.exe 3008 0.75 µTorrent BitTorrent, Inc.
daemon.exe 3044 DAEMON Tools main application DT Soft Ltd
ctfmon.exe 3088 CTF Loader Microsoft Corporation
taskmgr.exe 2820 Gestionnaire des tâches de Windows Microsoft Corporation
SABnzbd.exe 2472 SABnzbd 0.4.x
procexp.exe 4032 0.75 Sysinternals Process Explorer Sysinternals
monomon.exe 3136 0.75 monitoring client for monowall Matthias Feist
explorer.exe 676 Explorateur Windows Microsoft Corporation
soundman.exe 2600 Realtek Sound Manager Realtek Semiconductor Corp.
btray.exe 592 Systray Shortcut
gnotify.exe 3220 Gmail Notifier Google Inc.
avgnt.exe 2264 Antivirus System Tray Tool Avira GmbH
Printkey2000.exe 968 Fred's Software

Process: utorrent.exe Pid: 3008

Name Description Company Name Version
activeds.dll DLL de la couche de routage AD Microsoft Corporation 5.01.2600.5512
adsldpc.dll DLL C du fournisseur LDAP AD Microsoft Corporation 5.01.2600.5512
advapi32.dll API avancées Windows 32 Microsoft Corporation 5.01.2600.5512
apphelp.dll Application Compatibility Client Library Microsoft Corporation 5.01.2600.5512
atl.dll ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0001
browseui.dll Bibliothèque de l'interface utilisateur du navigateur Microsoft Corporation 6.00.2900.5512
clbcatq.dll Microsoft Corporation 2001.12.4414.0700
comctl32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.5512
comdlg32.dll DLL commune de boîtes de dialogues Microsoft Corporation 6.00.2900.5512
comres.dll Microsoft Corporation 2001.12.4414.0700
crypt32.dll Crypto API32 Microsoft Corporation 5.131.2600.5512
cryptui.dll Fournisseur de l'interface Microsoft Trust Microsoft Corporation 5.131.2600.5512
cscdll.dll Agent réseau hors connexion Microsoft Corporation 5.01.2600.5512
cscui.dll IU de cache côté client Microsoft Corporation 5.01.2600.5512
ctype.nls
dnsapi.dll DNS Client API DLL Microsoft Corporation 5.01.2600.5625
gdi32.dll GDI Client DLL Microsoft Corporation 5.01.2600.5698
hnetcfg.dll Gestionnaire de configuration de réseau domestique Microsoft Corporation 5.01.2600.5512
ieframe.dll Internet Explorer Microsoft Corporation 7.00.6000.16791
ieframe.dll.mui Internet Explorer Microsoft Corporation 7.00.6000.16414
iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 7.00.6000.16791
imagehlp.dll Windows NT Image Helper Microsoft Corporation 5.01.2600.5512
iphlpapi.dll API de l'application d'assistance IP Microsoft Corporation 5.01.2600.5512
kernel32.dll DLL du client API BASE Windows NT Microsoft Corporation 5.01.2600.5512
locale.nls
mprapi.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.01.2600.5512
msasn1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.5512
msctf.dll DLL de MSCTF Server Microsoft Corporation 5.01.2600.5512
msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.5512
mswsock.dll Fournisseur de service Sockets 2.0 de Microsoft Windows Microsoft Corporation 5.01.2600.5625
netapi32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.5694
normaliz.dll Unicode Normalization DLL Microsoft Corporation 6.00.5441.0000
ntdll.dll DLL Couche NT Microsoft Corporation 5.01.2600.5512
ole32.dll Microsoft OLE pour Windows Microsoft Corporation 5.01.2600.5512
oleaut32.dll Microsoft Corporation 5.01.2600.5512
psapi.dll Process Status Helper Microsoft Corporation 5.01.2600.5512
rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.5512
rpcrt4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.5512
rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.01.2600.5507
rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.5512
samlib.dll SAM Library DLL Microsoft Corporation 5.01.2600.5512
SASSEH.DLL ShellExecuteHook SuperAdBlocker.com 1.00.0000.1012
secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.5512
setupapi.dll Installation de L'API Windows Microsoft Corporation 5.01.2600.5512
shdocvw.dll Bibliothèque d'objets et de contrôles de documents de l'environnement Microsoft Corporation 6.00.2900.5512
shell32.dll DLL commune du shell Windows Microsoft Corporation 6.00.2900.5512
shfolder.dll Shell Folder Service Microsoft Corporation 6.00.2900.5512
shlwapi.dll Bibliothèque d'utilitaires légers du Shell Microsoft Corporation 6.00.2900.5512
sortkey.nls
sorttbls.nls
unicode.nls
urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 7.00.6000.16791
user32.dll DLL client de l'API Utilisateur de Windows XP Microsoft Corporation 5.01.2600.5512
userenv.dll Userenv Microsoft Corporation 5.01.2600.5512
utorrent.exe µTorrent BitTorrent, Inc. 1.08.0002.14458
uxtheme.dll Bibliothèque de thèmes Ux Microsoft Microsoft Corporation 6.00.2900.5512
version.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.5512
wininet.dll Internet Extensions for Win32 Microsoft Corporation 7.00.6000.16791
winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 5.01.2600.5512
wintrust.dll API Microsoft de vérification de la confiance Microsoft Corporation 5.131.2600.5512
wldap32.dll DLL API LDAP Win32 Microsoft Corporation 5.01.2600.5512
ws2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.5512
ws2help.dll Application d'assistance de Windows Socket 2.0 pour Windows NT Microsoft Corporation 5.01.2600.5512
wship6.dll IPv6 Helper DLL Microsoft Corporation 5.01.2600.5512
wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.5512

Posted

Thanks moogly for the hint, I edited my previous message according to the recommendations you made.

I didn't know Process Explorer could export the view. And I didn't think of pasting the HijackThis log here. Anyways I putted it in a code tag so the post isn't too long to "read".

MageMinds

Posted
SASSEH.DLL ShellExecuteHook SuperAdBlocker.com 1.00.0000.1012

It's injected in uT, did you try to remove and check if crashes continue. It can be the culprit.

Posted

Good I just unregistered the dll and I will put back uT on the 1723 port, since changing back to my old port have solved the problem. I will come back with results later.

I did check and the dll doesn't load itself anyore...

MageMinds

Edit: 2009-02-21

So far so good, that seem to have solved the problem, I should probably reinject the dll to see if the problem come back, that would confirm that uT doesn't like SUPERAntiSpyware dlls. But even when the dlls are unregistered SUPERAntiSpyware still works.

Remember that my problem was happening only when I was on port 1723 and the dll was registered, on other ports the problem wasn't there... This is strange huh!?!

MageMinds

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...