eestreet Posted August 15, 2008 Report Share Posted August 15, 2008 1.8 loads minimized - when I click to open it crashes and I get a pop-up to reload, send dump,etc. If I choose to reload it repeats again, etc. I tried to install the latest update but it doesnt get far since it crashes.Thanks for your help.Here's Process explorer link:utorrent.exe.txt - 0.01MBHijack log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:48:41 AM, on 8/15/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exeC:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.ExeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\msdtc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\lxdccoms.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\Network Associates\VirusScan\mcshield.exeC:\Program Files\Network Associates\VirusScan\vstskmgr.exeC:\Program Files\lotus\notes\ntmulti.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exeC:\WINDOWS\system32\fxssvc.exeC:\WINDOWS\System32\alg.exeC:\Program Files\ScanSoft\OmniPageSE\opware32.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Winamp\winampa.exeC:\Program Files\Network Associates\VirusScan\SHSTAT.EXEC:\Program Files\Network Associates\Common Framework\UpdaterUI.exeC:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exeC:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exeC:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exeC:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exeC:\Program Files\MailWasher\MailWasher.exeC:\Program Files\PC Connectivity Solution\ServiceLayer.exeC:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exeC:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exeC:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: (no name) - {54B02808-B60E-44CD-A72D-9865117E4E62} - (no file)O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)O2 - BHO: AGFormHelperObj Class - {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} - C:\Program Files\agat\AGForm\AGFormsHelper.dllO3 - Toolbar: AGForms - {ed2e7de7-07db-4941-a06d-f780b93ba730} - C:\Program Files\agat\AGForm\AGForms.dllO4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exeO4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgentO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [lxdcmon.exe] "C:\Program Files\Lexmark 1300 Series\lxdcmon.exe"O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"O4 - HKLM\..\Run: [LXDCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONEO4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKeyO4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialogO4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytrayO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: MailWasherPro.lnk = C:\Program Files\MailWasher\MailWasher.exeO4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: BlueSoleil.lnk = ?O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dllO15 - Trusted Zone: www.dimeadozen.orgO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130524135140O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130531545515O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO16 - DPF: {EECC2B58-FDE7-4F3A-B933-B25BE90F1D37} (CTXAXSetupCtl Object) - http://download.yoomba.com/YoombaActivation.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{598DC449-CC5A-4DDD-953F-D9D38E3DEB99}: NameServer = 194.90.1.5 212.143.212.143O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exeO23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exeO23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exeO23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exeO23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exeO23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exeO23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe--End of file - 8991 bytes Link to comment Share on other sites More sharing options...
DreadWingKnight Posted August 15, 2008 Report Share Posted August 15, 2008 Process explorer DLL list for the utorrent.exe process please. Link to comment Share on other sites More sharing options...
eestreet Posted August 15, 2008 Author Report Share Posted August 15, 2008 Here's the dll:Process PID CPU Description Company NameSystem Idle Process 0 93.94 Interrupts n/a Hardware Interrupts DPCs n/a Deferred Procedure Calls System 4 SMSS.EXE 684 Windows NT Session Manager Microsoft Corporation CSRSS.EXE 768 1.52 Client Server Runtime Process Microsoft Corporation WINLOGON.EXE 796 Windows NT Logon Application Microsoft Corporation SERVICES.EXE 840 1.52 Services and Controller app Microsoft Corporation SVCHOST.EXE 1004 Generic Host Process for Win32 Services Microsoft Corporation naPrdMgr.exe 1792 NAI Product Manager Network Associates, Inc. MPAPI3s.exe 2084 Mobile Phone API Nokia Corporation SVCHOST.EXE 1060 Generic Host Process for Win32 Services Microsoft Corporation SVCHOST.EXE 1152 Generic Host Process for Win32 Services Microsoft Corporation SVCHOST.EXE 1188 Generic Host Process for Win32 Services Microsoft Corporation SR_Service.exe 1496 SecureClient Service Check Point Software Technologies SR_Watchdog.exe 1584 Check Point Software Technologies SR_GUI.Exe 1600 SecureClient Application Check Point Software Technologies SVCHOST.EXE 1680 Generic Host Process for Win32 Services Microsoft Corporation SVCHOST.EXE 1720 Generic Host Process for Win32 Services Microsoft Corporation SPOOLSV.EXE 1852 Spooler SubSystem App Microsoft Corporation MSDTC.EXE 412 MS DTC console program Microsoft Corporation SVCHOST.EXE 484 Generic Host Process for Win32 Services Microsoft Corporation DLLHOST.EXE 500 COM Surrogate Microsoft Corporation SVCHOST.EXE 620 Generic Host Process for Win32 Services Microsoft Corporation LXDCCOMS.EXE 748 Printer Communication System FrameworkService.exe 976 Framework Service Network Associates, Inc. mcshield.exe 1284 On-Access Scanner service Network Associates, Inc. vstskmgr.exe 1344 Task Manager : scheduling and OAS alerting service Network Associates, Inc. ntmulti.exe 1388 IBM Lotus Notes/Domino IBM Corp SVCHOST.EXE 1376 Generic Host Process for Win32 Services Microsoft Corporation FXSSVC.EXE 1884 Fax Service Microsoft Corporation alg.exe 2712 Application Layer Gateway Service Microsoft Corporation ServiceLayer.exe 152 ServiceLayer Module Nokia. NclUSBSrv.exe 1524 NclUSBSrv Application NclRSSrv.exe 1732 NclRSSrv Application LSASS.EXE 852 LSA Shell (Export Version) Microsoft CorporationEXPLORER.EXE 1516 Windows Explorer Microsoft Corporation CTFMON.EXE 1536 CTF Loader Microsoft Corporation opware32.exe 2876 OCR Aware (32-bit) ScanSoft, Inc SOUNDMAN.EXE 2944 Realtek Sound Manager Realtek Semiconductor Corp. WINAMPA.EXE 3104 shstat.exe 3468 On-access scanner statistics Network Associates, Inc. UpdaterUI.exe 3492 Common User Interface Network Associates, Inc. tbmon.exe 3576 TalkBack Monitor Network Associates, Inc. PcSync2.exe 3640 PC Sync Time Information Services Ltd. PCSuite.exe 3788 Nokia Launch Application Nokia BlueSoleil.exe 3880 Bluetooth Application IVT Corporation MailWasher.exe 4036 MailWasher Pro Firetrust Ltd FIREFOX.EXE 3996 Firefox Mozilla CorporationuTorrent.exe 2428 1.52 µTorrent BitTorrent, Inc.procexp.exe 1268 1.52 Sysinternals Process Explorer Sysinternals - www.sysinternals.comProcess: uTorrent.exe Pid: 2428Name Description Company Name VersionACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation 5.01.2600.2180adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.01.2600.2180ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.2180ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0000c_1252.nls CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0308COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2982comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.2900.2180COMRes.dll Microsoft Corporation 2001.12.4414.0258credui.dll Credential Manager User Interface Microsoft Corporation 5.01.2600.2180ctype.nls DBGHELP.DLL Windows Image Helper Microsoft Corporation 5.01.2600.2180DNSAPI.dll DNS Client API DLL Microsoft Corporation 5.01.2600.3394GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.3316hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.01.2600.2180IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.2180Iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.2912kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.3119locale.nls LPK.DLL Language Pack Microsoft Corporation 5.01.2600.2180MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.01.2600.2180MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.01.2600.3319msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.01.2600.2180msi.dll Windows Installer Microsoft Corporation 3.01.4000.4039mslbui.dll LangageBar Add In Microsoft Corporation 5.01.2600.2180MSVCP60.dll Microsoft ® C++ Runtime Library Microsoft Corporation 6.02.3104.0000msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.2180mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.01.2600.3394NETAPI32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.2976NETSHELL.dll Network Connections Shell Microsoft Corporation 5.01.2600.2180ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.2180ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.2726OLEACC.dll Active Accessibility Core Component Microsoft Corporation 4.02.5406.0000oleaccrc.dll Active Accessibility Resource DLL Microsoft Corporation 4.02.5406.0000oleaut32.dll Microsoft Corporation 5.01.2600.3266ophook32.dll OCR Aware Hook (32-bit) ScanSoft, Inc 11.00.0000.0001rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.2938RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.3173rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.2180SAMLIB.dll SAM Library DLL Microsoft Corporation 5.01.2600.2180Secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.2180SETUPAPI.dll Windows Setup API Microsoft Corporation 5.01.2600.2180SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.3241shfolder.dll Shell Folder Service Microsoft Corporation 6.00.2900.2180SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.3020SKCHUI.DLL Draw Pen Tip Microsoft Corporation 1.00.1038.0000sortkey.nls sorttbls.nls SPGRMR.DLL SPTIP Grammar DLL Microsoft Corporation 5.01.2600.2180sptip.dll SAPI5.0/CTF layer DLL Microsoft Corporation 5.01.2600.2180unicode.nls USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.3099USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.420.2600.2180uTorrent.exe µTorrent BitTorrent, Inc. 1.08.0000.11813UxTheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.2180VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.2180WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.2180wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.2180xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.01.2600.2180 Link to comment Share on other sites More sharing options...
Greg Hazel Posted August 15, 2008 Report Share Posted August 15, 2008 Can you post the dump file on http://mediafire.com and link to it here? Link to comment Share on other sites More sharing options...
thelittlefire Posted August 15, 2008 Report Share Posted August 15, 2008 You should find the dump files in your %APPDATA%\uTorrent folder with the settings.dat and other configuration files, or in your %ProgramFiles%\uTorrent folder with uTorrent.exe Link to comment Share on other sites More sharing options...
eestreet Posted August 16, 2008 Author Report Share Posted August 16, 2008 Here's the link to the dmp file:http://www.mediafire.com/?sharekey=ba5cbe5fa91eebdcd2db6fb9a8902bdaThanks. Link to comment Share on other sites More sharing options...
Greg Hazel Posted August 16, 2008 Report Share Posted August 16, 2008 This looks like a problem with something that hooks WSARecv and causes uTorrent to crash. The only 3rd party DLL I see loaded is ophook32.dll from OmniPageSE.Searching a bit in the uTorrent forums:http://forum.utorrent.com/viewtopic.php?pid=202836#p202836and then you might ask this question http://forum.utorrent.com/viewtopic.php?pid=203937#p203937 Link to comment Share on other sites More sharing options...
eestreet Posted August 16, 2008 Author Report Share Posted August 16, 2008 Well, deleted Omnipage and it still crashes.Here's the dmp:http://www.mediafire.com/?sharekey=ba5cbe5fa91eebdcab1eab3e9fa335ca89703704bf141529 Link to comment Share on other sites More sharing options...
Greg Hazel Posted August 16, 2008 Report Share Posted August 16, 2008 Please try this test build, and let me know if it still crashes:http://utorrent.com/utorrent.11874.exe Link to comment Share on other sites More sharing options...
eestreet Posted August 17, 2008 Author Report Share Posted August 17, 2008 Still crashes. Here's the dmp link:http://www.mediafire.com/?sharekey=ba5cbe5fa91eebdcab1eab3e9fa335ca7a592b4d41797f3e Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.