MageMinds Posted February 19, 2009 Report Posted February 19, 2009 I know there are tons of that kind of posts about µTorrent being the bad guy, but I have proof now! So developers can debug.Let me explain how the BSOF appear, while trying to avoid my ISP traffic shaping I have set µTorrent to use the port 1723, the PPTP server port and I have enforced encryption and rejecting legacy connections, making all communication encrypted on the port 1723 make the detection hard for my ISP and I was able to get full throttle.Since I made that modification I had strange behaviour from my PC, from time to time I was getting a reboot, I knew that was because of a crash and the auto reboot was activated, so I disabled it to see the actual blue screen it was most of the time BAD_HEADER_POOL with no driver listed.I tested everything, memory, video card, hard disks, I even changed one hard drive, but the problem was still there. Then I made a little search about my problem and found a lot of result in google about people complaining the µTorrent was the cause of this. So I just closed my µTorrent for a week and the PC didn't crash. Then I restarted µTorrent and in less the 24 hours the PC crashed.I then remember that the only thing that had changed in µTorrent was the port I used, then I set it back to what it was before, and since then everything run smoothly, less the fact that sometimes my line gets choked by my ISP, but it's no µTorrent fault.I suspect that a legitimate or illegitimate software was trying to connect to the supposed PPTP server but µTorrent didn't like it making some sort of bad thing to the memory calls to make Windows crash ... This is a huge security risk, since anybody can make a remote PC crash (BSOD) if it run µTorrent, they only have to figure out how this was happening to me and instead send the bad packets to the port the remote user is using for its µTorrent.For what it's worth I have an AMD Opteron 180 (Dual Core)MageMinds
DreadWingKnight Posted February 19, 2009 Report Posted February 19, 2009 Missing the minidump from the crash at %windir%\minidump
MageMinds Posted February 19, 2009 Author Report Posted February 19, 2009 I just put the minidump therehttp://mageminds.com/mageminds.zip
DreadWingKnight Posted February 19, 2009 Report Posted February 19, 2009 Hijackthis log and process explorer process list with a dll list for the utorrent.exe process too please.
MageMinds Posted February 19, 2009 Author Report Posted February 19, 2009 The HijackThis log can be found at the following addressLogfile of HijackThis v1.99.1Scan saved at 14:11:38, on 2009/02/19Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\AhsayACB\aua\bin\AuaAcb.exeC:\Program Files\AhsayACB\aua\jvm\bin\AuaAcbJW.exeC:\Program Files\AhsayACB\bin\bsch.exeC:\Program Files\AhsayACB\jvm\bin\bschJW.exeC:\Program Files\cwRsyncServer\bin\cygrunsrv.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\VMware\VMware Server\vmware-authd.exeC:\Program Files\cwRsyncServer\bin\rsync.exeC:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exeC:\WINDOWS\system32\vmnat.exeC:\WINDOWS\system32\vmnetdhcp.exeC:\Program Files\VMware\VMware Server\vmserverdWin32.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\AhsayACB\bin\btray.exeC:\Program Files\Google\Gmail Notifier\gnotify.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\DAEMON Tools Lite\daemon.exeC:\WINDOWS\system32\ctfmon.exeD:\UTILITAIRES\Utilitaires Internet\SNMP Router Monitor\monomon.exeC:\Program Files\Java\jre1.6.0_07\bin\jucheck.exeC:\WINDOWS\system32\taskmgr.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\SABnzbd\SABnzbd.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\rdpclip.exeC:\WINDOWS\system32\logonui.exeC:\WINDOWS\system32\Ati2evxx.exeD:\UTILITAIRES\Utilitaires PC\HijackThis\Scanner.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ig?hl=frR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.77.2.1:3128R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dllO2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dllO4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [OBASystemTray ] "C:\Program Files\AhsayACB\bin\btray.exe"O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorunO4 - HKCU\..\Run: [monomon] D:\UTILITAIRES\Utilitaires Internet\SNMP Router Monitor\monomon.exe -autorunO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htmO8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htmO8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htmO8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htmO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [INTERNATIONAL] International*O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201052884937O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - (no file)O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLLO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exeO23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeO23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: AutoUpdateAgent (AhsayACB) (OBAAutoUpdate) - Unknown owner - C:\Program Files\AhsayACB\aua\bin\AuaAcb.exeO23 - Service: Online Backup Scheduler (AhsayACB) (OBAScheduler) - Unknown owner - C:\Program Files\AhsayACB\bin\bsch.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)O23 - Service: RsyncServer - Unknown owner - C:\Program Files\cwRsyncServer\bin\cygrunsrv.exeO23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exeO23 - Service: Uplink Skype2Sip Service (UplinkService) - Unknown owner - C:\Program Files\NCH Swift Sound\Uplink\uplink.exe" -service (file missing)O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exeO23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exeO23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exeO23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exeO23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exeHere the Process ExplorerProcess PID CPU Description Company NameSystem Idle Process 0 97.02 Interrupts n/a Hardware Interrupts DPCs n/a Deferred Procedure Calls System 4 smss.exe 976 Gestionnaire de session Windows NT Microsoft Corporation csrss.exe 1036 Client Server Runtime Process Microsoft Corporation winlogon.exe 1068 Application d'ouverture de session Windows NT Microsoft Corporation services.exe 1112 0.75 Applications Services et Contrôleur Microsoft Corporation ati2evxx.exe 1300 ATI External Event Utility EXE Module ATI Technologies Inc. svchost.exe 1332 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1408 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1504 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1660 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1772 Generic Host Process for Win32 Services Microsoft Corporation spoolsv.exe 1852 Spooler SubSystem App Microsoft Corporation sched.exe 1908 Antivirus Scheduler Avira GmbH avguard.exe 736 Antivirus On-Access Service Avira GmbH MDM.EXE 800 Machine Debug Manager Microsoft Corporation AuaAcb.exe 832 AuaAcbJW.exe 872 Java(TM) Platform SE binary Sun Microsystems, Inc. bsch.exe 876 bschJW.exe 904 Java(TM) Platform SE binary Sun Microsystems, Inc. cygrunsrv.exe 1272 svchost.exe 1360 Generic Host Process for Win32 Services Microsoft Corporation vmware-authd.exe 1460 VMware Authorization Service VMware, Inc. vmount2.exe 1628 virtual disk mount service VMware, Inc. vmnat.exe 2016 VMware NAT Service VMware, Inc. vmnetdhcp.exe 2104 VMware VMnet DHCP service VMware, Inc. vmserverdWin32.exe 2752 VMware VirtualCenter Agent VMware, Inc. alg.exe 3444 Application Layer Gateway Service Microsoft Corporation lsass.exe 1132 LSA Shell (Export Version) Microsoft Corporation ati2evxx.exe 3988 ATI External Event Utility EXE Module ATI Technologies Inc. rdpclip.exe 3268 RDP Clip Monitor Microsoft Corporation csrss.exe 3684 Client Server Runtime Process Microsoft Corporation winlogon.exe 1948 Application d'ouverture de session Windows NT Microsoft Corporation ati2evxx.exe 1388 ATI External Event Utility EXE Module ATI Technologies Inc. scrnsave.scr 4012 Écran de veille par défaut Microsoft Corporation csrss.exe 3100 Client Server Runtime Process Microsoft Corporation winlogon.exe 3260 Application d'ouverture de session Windows NT Microsoft Corporation logonui.exe 2092 Windows Logon UI Microsoft Corporation ati2evxx.exe 1404 ATI External Event Utility EXE Module ATI Technologies Inc. logon.scr 4024 Ouverture de session Microsoft Corporationrsync.exe 1468 explorer.exe 336 Explorateur Windows Microsoft Corporation soundman.exe 2364 Realtek Sound Manager Realtek Semiconductor Corp. btray.exe 2580 Systray Shortcut gnotify.exe 2784 Gmail Notifier Google Inc. avgnt.exe 2872 Antivirus System Tray Tool Avira GmbH jusched.exe 2988 Java(TM) Platform SE binary Sun Microsystems, Inc. jucheck.exe 4072 Java(TM) Update Checker Sun Microsystems, Inc. utorrent.exe 3008 0.75 µTorrent BitTorrent, Inc. daemon.exe 3044 DAEMON Tools main application DT Soft Ltd ctfmon.exe 3088 CTF Loader Microsoft Corporation taskmgr.exe 2820 Gestionnaire des tâches de Windows Microsoft Corporation SABnzbd.exe 2472 SABnzbd 0.4.x procexp.exe 4032 0.75 Sysinternals Process Explorer Sysinternalsmonomon.exe 3136 0.75 monitoring client for monowall Matthias Feistexplorer.exe 676 Explorateur Windows Microsoft Corporation soundman.exe 2600 Realtek Sound Manager Realtek Semiconductor Corp. btray.exe 592 Systray Shortcut gnotify.exe 3220 Gmail Notifier Google Inc. avgnt.exe 2264 Antivirus System Tray Tool Avira GmbHPrintkey2000.exe 968 Fred's SoftwareProcess: utorrent.exe Pid: 3008Name Description Company Name Versionactiveds.dll DLL de la couche de routage AD Microsoft Corporation 5.01.2600.5512adsldpc.dll DLL C du fournisseur LDAP AD Microsoft Corporation 5.01.2600.5512advapi32.dll API avancées Windows 32 Microsoft Corporation 5.01.2600.5512apphelp.dll Application Compatibility Client Library Microsoft Corporation 5.01.2600.5512atl.dll ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0001browseui.dll Bibliothèque de l'interface utilisateur du navigateur Microsoft Corporation 6.00.2900.5512clbcatq.dll Microsoft Corporation 2001.12.4414.0700comctl32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.5512comdlg32.dll DLL commune de boîtes de dialogues Microsoft Corporation 6.00.2900.5512comres.dll Microsoft Corporation 2001.12.4414.0700crypt32.dll Crypto API32 Microsoft Corporation 5.131.2600.5512cryptui.dll Fournisseur de l'interface Microsoft Trust Microsoft Corporation 5.131.2600.5512cscdll.dll Agent réseau hors connexion Microsoft Corporation 5.01.2600.5512cscui.dll IU de cache côté client Microsoft Corporation 5.01.2600.5512ctype.nls dnsapi.dll DNS Client API DLL Microsoft Corporation 5.01.2600.5625gdi32.dll GDI Client DLL Microsoft Corporation 5.01.2600.5698hnetcfg.dll Gestionnaire de configuration de réseau domestique Microsoft Corporation 5.01.2600.5512ieframe.dll Internet Explorer Microsoft Corporation 7.00.6000.16791ieframe.dll.mui Internet Explorer Microsoft Corporation 7.00.6000.16414iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 7.00.6000.16791imagehlp.dll Windows NT Image Helper Microsoft Corporation 5.01.2600.5512iphlpapi.dll API de l'application d'assistance IP Microsoft Corporation 5.01.2600.5512kernel32.dll DLL du client API BASE Windows NT Microsoft Corporation 5.01.2600.5512locale.nls mprapi.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.01.2600.5512msasn1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.5512msctf.dll DLL de MSCTF Server Microsoft Corporation 5.01.2600.5512msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.5512mswsock.dll Fournisseur de service Sockets 2.0 de Microsoft Windows Microsoft Corporation 5.01.2600.5625netapi32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.5694normaliz.dll Unicode Normalization DLL Microsoft Corporation 6.00.5441.0000ntdll.dll DLL Couche NT Microsoft Corporation 5.01.2600.5512ole32.dll Microsoft OLE pour Windows Microsoft Corporation 5.01.2600.5512oleaut32.dll Microsoft Corporation 5.01.2600.5512psapi.dll Process Status Helper Microsoft Corporation 5.01.2600.5512rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.5512rpcrt4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.5512rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.01.2600.5507rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.5512samlib.dll SAM Library DLL Microsoft Corporation 5.01.2600.5512SASSEH.DLL ShellExecuteHook SuperAdBlocker.com 1.00.0000.1012secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.5512setupapi.dll Installation de L'API Windows Microsoft Corporation 5.01.2600.5512shdocvw.dll Bibliothèque d'objets et de contrôles de documents de l'environnement Microsoft Corporation 6.00.2900.5512shell32.dll DLL commune du shell Windows Microsoft Corporation 6.00.2900.5512shfolder.dll Shell Folder Service Microsoft Corporation 6.00.2900.5512shlwapi.dll Bibliothèque d'utilitaires légers du Shell Microsoft Corporation 6.00.2900.5512sortkey.nls sorttbls.nls unicode.nls urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 7.00.6000.16791user32.dll DLL client de l'API Utilisateur de Windows XP Microsoft Corporation 5.01.2600.5512userenv.dll Userenv Microsoft Corporation 5.01.2600.5512utorrent.exe µTorrent BitTorrent, Inc. 1.08.0002.14458uxtheme.dll Bibliothèque de thèmes Ux Microsoft Microsoft Corporation 6.00.2900.5512version.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.5512wininet.dll Internet Extensions for Win32 Microsoft Corporation 7.00.6000.16791winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 5.01.2600.5512wintrust.dll API Microsoft de vérification de la confiance Microsoft Corporation 5.131.2600.5512wldap32.dll DLL API LDAP Win32 Microsoft Corporation 5.01.2600.5512ws2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.5512ws2help.dll Application d'assistance de Windows Socket 2.0 pour Windows NT Microsoft Corporation 5.01.2600.5512wship6.dll IPv6 Helper DLL Microsoft Corporation 5.01.2600.5512wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.5512
moogly Posted February 19, 2009 Report Posted February 19, 2009 Copy and paste the 2 logs here, it's really better to read.Guide: http://forum.utorrent.com/viewtopic.php?id=29748
MageMinds Posted February 19, 2009 Author Report Posted February 19, 2009 Thanks moogly for the hint, I edited my previous message according to the recommendations you made.I didn't know Process Explorer could export the view. And I didn't think of pasting the HijackThis log here. Anyways I putted it in a code tag so the post isn't too long to "read".MageMinds
moogly Posted February 19, 2009 Report Posted February 19, 2009 SASSEH.DLL ShellExecuteHook SuperAdBlocker.com 1.00.0000.1012It's injected in uT, did you try to remove and check if crashes continue. It can be the culprit.
MageMinds Posted February 20, 2009 Author Report Posted February 20, 2009 Good I just unregistered the dll and I will put back uT on the 1723 port, since changing back to my old port have solved the problem. I will come back with results later.I did check and the dll doesn't load itself anyore...MageMindsEdit: 2009-02-21So far so good, that seem to have solved the problem, I should probably reinject the dll to see if the problem come back, that would confirm that uT doesn't like SUPERAntiSpyware dlls. But even when the dlls are unregistered SUPERAntiSpyware still works.Remember that my problem was happening only when I was on port 1723 and the dll was registered, on other ports the problem wasn't there... This is strange huh!?!MageMinds
Recommended Posts
Archived
This topic is now archived and is closed to further replies.