Panarchy Posted December 20, 2008 Report Share Posted December 20, 2008 HiµTorrent crashes on me! Had it minimized in the taskbar for a while, then left the comp, came back and µTorrent was gone!Opened it from the start menu... and could tell that it wasn't just boss-keyed (no DL or UL).Please help!Thanks in advance,PanarchyPS: µTorrent 1.8.1 with XP Pro 32-bit Link to comment Share on other sites More sharing options...
moogly Posted December 20, 2008 Report Share Posted December 20, 2008 Hi.Post HJT & PE logs. copy/paste them here to see what is injected in uT.Tutorial: http://forum.utorrent.com/viewtopic.php?id=29748DONT FORGET to select utorrent.exe and enable DLL mode (ctrl+d) in PE. Link to comment Share on other sites More sharing options...
Panarchy Posted December 20, 2008 Author Report Share Posted December 20, 2008 HijackThis!: http://www.mediafire.com/?ygmzzocmldrProcessDump: http://www.mediafire.com/?umzmzmqtrtrThere is no .dmp file...Please help fix this.Thanks in advance,PanarchyPS: Woh, HijackThis! Haven't used that in ages!!! Link to comment Share on other sites More sharing options...
moogly Posted December 20, 2008 Report Share Posted December 20, 2008 Please copy & paste logs in your post, helpers are lazy to download and open logs. Anyway it's more easy to read and help you. I do it for you.PE log seems to be good.You have ESET as AV. I know there is a bug with IMON module, already reported on uT boards. Do you have it and, if yes, can you disable it and look at if uT is continuing to crash.Then I see you are using VMware. Maybe it can be a source of pbms with uT.http://forum.utorrent.com/viewtopic.php?id=43026Do uT crashes appear when you are using this software ?***************************************************************Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:58:33 AM, on 21/12/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\Program Files\VMware\VMware Workstation\vmware-tray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeC:\Program Files\Java\jre6\bin\jqs.exeD:\VMWare Converter\vmware-ufad.exeC:\WINDOWS\system32\vmnat.exeC:\WINDOWS\system32\vmnetdhcp.exeC:\Program Files\VMware\VMware Workstation\vmware-authd.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitserviceO4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dllO9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dllO9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dllO9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dllO10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dllO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228482419890O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228485232578O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exeO23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: VMware Converter Service (ufad-p2v) - VMware, Inc. - D:\VMWare Converter\vmware-ufad.exeO23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exeO23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exeO23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exeO23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe--End of file - 6025 bytesProcess PID CPU Description Company NameSystem Idle Process 0 95.38 Interrupts n/a Hardware Interrupts DPCs n/a Deferred Procedure Calls System 4 smss.exe 720 Windows NT Session Manager Microsoft Corporation csrss.exe 776 Client Server Runtime Process Microsoft Corporation winlogon.exe 800 Windows NT Logon Application Microsoft Corporation services.exe 844 Services and Controller app Microsoft Corporation svchost.exe 1036 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1084 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1732 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1952 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 164 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 220 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 248 Generic Host Process for Win32 Services Microsoft Corporation spoolsv.exe 532 Spooler SubSystem App Microsoft Corporation ekrn.exe 436 Eset Service ESET jqs.exe 544 Java Quick Starter Service Sun Microsystems, Inc. vmware-ufad.exe 1272 VMware Host Process for Ufa Services VMware, Inc. vmnat.exe 1660 VMware NAT Service VMware, Inc. vmnetdhcp.exe 1912 VMware VMnet DHCP service VMware, Inc. vmware-authd.exe 2000 VMware Authorization Service VMware, Inc. alg.exe 2980 Application Layer Gateway Service Microsoft Corporation svchost.exe 3436 Generic Host Process for Win32 Services Microsoft Corporation lsass.exe 856 LSA Shell (Export Version) Microsoft Corporationexplorer.exe 1228 Windows Explorer Microsoft Corporation egui.exe 1460 Eset GUI ESET vmware-tray.exe 1472 VMware Tray Process VMware, Inc. ctfmon.exe 1480 CTF Loader Microsoft Corporation uTorrent.exe 1296 µTorrent BitTorrent, Inc. firefox.exe 2644 3.08 Firefox Mozilla Corporation IZArc.exe 440 IZArc Archiver IZSoftware procexp.exe 3100 1.54 Sysinternals Process Explorer Sysinternals - www.sysinternals.comHijackThis.exe 2084 HijackThis Trend Micro Inc. notepad.exe 2972 Notepad2 Process: uTorrent.exe Pid: 1296Name Description Company Name VersionACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation 5.01.2600.5512adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.01.2600.5512ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.5512appHelp.dll Application Compatibility Client Library Microsoft Corporation 5.01.2600.5512ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0001ATL80.DLL ATL Module for Windows (Unicode) Microsoft Corporation 8.00.50727.0762CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0700COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.5512comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.2900.5512COMRes.dll Microsoft Corporation 2001.12.4414.0700credui.dll Credential Manager User Interface Microsoft Corporation 5.01.2600.5512CRYPT32.dll Crypto API32 Microsoft Corporation 5.131.2600.5512ctype.nls DnsApi.dll DNS Client API DLL Microsoft Corporation 5.01.2600.5512dot3api.dll 802.3 Autoconfiguration API Microsoft Corporation 5.01.2600.5512dot3dlg.dll 802.3 UI Helper Microsoft Corporation 5.01.2600.5512eappcfg.dll Eap Peer Config Microsoft Corporation 5.01.2600.5512eappprxy.dll Microsoft EAPHost Peer Client DLL Microsoft Corporation 5.01.2600.5512GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.5698GrooveNew.DLL GrooveNew Module Microsoft Corporation 12.00.6211.1000GrooveShellExtensions.dll GrooveShellExtensions Module Microsoft Corporation 12.00.6211.1000GrooveUtil.DLL GrooveUtil Module Microsoft Corporation 12.00.6211.1000hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.01.2600.5512ieframe.dll Internet Explorer Microsoft Corporation 7.00.6000.16762ieframe.dll.mui Internet Explorer Microsoft Corporation 7.00.6000.16414iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 7.00.6000.16762IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.5512Iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.5512kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.5512locale.nls MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.01.2600.5512MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.5512MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.01.2600.5512msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.01.2600.5512MSImg32.dll GDIEXT Client DLL Microsoft Corporation 5.01.2600.5512MSVCP60.dll Microsoft ® C++ Runtime Library Microsoft Corporation 6.02.3104.0000MSVCR80.dll Microsoft® C Runtime Library Microsoft Corporation 8.00.50727.1433msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.5512mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.01.2600.5512netapi32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.5694NETSHELL.dll Network Connections Shell Microsoft Corporation 5.01.2600.5512Normaliz.dll Unicode Normalization DLL Microsoft Corporation 6.00.5441.0000ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.5512ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.5512oleaut32.dll Microsoft Corporation 5.01.2600.5512OneX.DLL IEEE 802.1X supplicant library Microsoft Corporation 5.01.2600.5512PSAPI.DLL Process Status Helper Microsoft Corporation 5.01.2600.5512rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.5512RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.5512rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.01.2600.5507rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.5512SAMLIB.dll SAM Library DLL Microsoft Corporation 5.01.2600.5512Secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.5512SETUPAPI.dll Windows Setup API Microsoft Corporation 5.01.2600.5512SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.5512shfolder.dll Shell Folder Service Microsoft Corporation 6.00.2900.5512SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.5512sortkey.nls sorttbls.nls unicode.nls urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 7.00.6000.16762USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.5512USERENV.dll Userenv Microsoft Corporation 5.01.2600.5512uTorrent.exe µTorrent BitTorrent, Inc. 1.08.0001.12639uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.5512VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.5512WININET.dll Internet Extensions for Win32 Microsoft Corporation 7.00.6000.16762WINSTA.dll Winstation Library Microsoft Corporation 5.01.2600.5512WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.5512WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.5512WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.5512wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.5512WTSAPI32.dll Windows Terminal Server SDK APIs Microsoft Corporation 5.01.2600.5512xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.01.2600.5512 Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.