Suddenly redlit - tried everything

[pendragon23]

Using uTorrent 1.7.2, just updated. Router is NetGear RangeMax WNR834M. Modem is Motorola surfboard, comcast cable (I know they throttle).

I've been using uTorrent for months just fine, and suddenly yesterday I was redlit. My housemate uses the same router and tracker as I do, and he is still clever. This makes me think it's specific to my computer, not the ISP or the router.

Right before it broke, I installed Google Desktop, Microsoft .NET framework 2 & 3 (to run TweakGSD), and last.fm. I had to reboot a few times for all the installs. Either it was the rebooting (I usually leave it on, I might have changed something a while back that didn't register until after reboot) or the software itself. I've since uninstalled .NET and Google Desktop to no avail.

When I rebooted I had to re-enter my WEP network key for the router, but everything else was still correct. I found that odd. I also had Internet Gateway show up on my Network Connections for a while; I think it was trying to use my roommate's computer as an access point. I got rid of that by disabling it in Windows Components. I used the network setup wizard to make sure I was connecting to a network hub, not another computer, and rebooted again. No difference.

Here's what I get when I open uTorrent:

[12:14:23] NOTE: Settings file found in directory of executable; using that.

[12:14:27] UPnP: Discovered host: http://192.168.1.1:5432/xml/igdIPDesc.xml

[12:14:27] UPnP: Discovered new device: http://192.168.1.1:5432/upnp/control/WANIPConnection1

[12:14:27] UPnP: Mapped TCP port 64893 -> 192.168.1.155:64893

[12:14:27] UPnP: Getting external IP

[12:14:27] UPnP: Got external IP: 24.18.244.46

The ports are forwarded. Static IP is set. I set up DMZ on 192.168.1.155 for a few minutes and it still wasn't open. Windows firewall has the exceptions added, and I turned it on and off with no difference. The DHCP is set from 192.168.1.1 - .99 so it should be well out of the range (I had a reserved address at .1.3 but that hasn't worked either). I've tried UPnP on and off, DHT on and off. I turned of NOD32's IMON. Is there a firewall that's suddenly appeared that I can't find? Here's my hijackthis log:

Logfile of HijackThis v1.98.2

Scan saved at 12:08:46 PM, on 9/5/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

E:\SoftPerfect Bandwidth Manager\bwmsvc.exe

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

C:\Program Files\Eset\nod32krn.exe

C:\Program Files\Quetec\pctwpasv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\NovaStor\NovaBACKUP\NbkCtrl.exe

C:\Program Files\Eset\nod32kui.exe

C:\PROGRA~1\NovaStor\NOVABA~1\NSENGINE.exe

C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe

C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe

E:\My Music\iTunesHelper.exe

E:\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Quetec\Configuration\SoftAp.exe

C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\Bin\HPOstr05.exe

E:\Last.fm\LastFMHelper.exe

C:\Program Files\Palm\HOTSYNC.EXE

C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\bin\HPOVDX05.EXE

C:\WINDOWS\system32\hpoipm07.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

E:\utorrent\utorrent.exe

C:\Program Files\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\SPYBOT~1\SDHelper.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [ulead Quick-Drop] "E:\Ulead Systems\Ulead Quick-Drop 1.0\Quick-Drop.exe" WINDOWCALL

O4 - HKLM\..\Run: [NovaBackup 7 Tray Control] "C:\Program Files\NovaStor\NovaBACKUP\NbkCtrl.exe"

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe

O4 - HKLM\..\Run: [uSIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe

O4 - HKLM\..\Run: [softAP] C:\Program Files\Quetec\NetCfgWizard.exe /U

O4 - HKLM\..\Run: [QuickTime Task] "E:\Quicktime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "E:\My Music\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [µTorrent] "E:\utorrent\utorrent.exe"

O4 - HKCU\..\Run: [Quetec Manager] "C:\Program Files\Quetec\Configuration\SoftAp.exe" /M

O4 - HKCU\..\Run: [uTorrent] "E:\utorrent\utorrent.exe"

O4 - Startup: HotSync Manager.LNK = C:\Program Files\Palm\HOTSYNC.EXE

O4 - Global Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe

O4 - Global Startup: HP OfficeJet Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\Bin\HPOstr05.exe

O4 - Global Startup: Last.fm Helper.lnk = E:\Last.fm\LastFMHelper.exe

O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\DOWNLO~1\MSOFFI~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Downloads\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Downloads\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\DOWNLO~1\MSOFFI~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .kweb: C:\PROGRA~1\INTERN~1\PLUGINS\NPKWEB32.DLL

O17 - HKLM\System\CCS\Services\Tcpip\..\{0596000D-12DF-431B-B276-2AB4178B78B2}: NameServer = 68.87.69.146,68.87.85.98

O17 - HKLM\System\CS1\Services\Tcpip\..\{0596000D-12DF-431B-B276-2AB4178B78B2}: NameServer = 68.87.69.146,68.87.85.98

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

Please help, I've spent an entire day messing with this now. Let me know if you need more info. THANKS.

[Switeck]

These suggest removed components:

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

You probably need to run a registry cleaner to fix that...or just hope HijackThis! can clean them out.

[pendragon23]

Wow, I used HijackThis! to clean off those files you said... and it works! I'm clever again! Thank you thank you thank you! There are insufficient exclamation points!

!

Now, if I could just figure out why I keep getting an error message that my A: drive is inaccessible while iTunes is playing...

[Switeck]

I think I'd be worrying more about iTunes weirdness than µTorrent at this point...

"Losing" your A: drive (well, access to) is definitely a new one to me!

[pendragon23]

I'm pretty sure it's Spybot S&D that keeps trying to access the A: drive to back things up. Well, more the fool it, because it's not attached. It must be because I just re-enabled it/updated it that it's occurring so often now. It usually just tries during startup and shutdown. Although I didn't know that for a year or two because I had a fixed display CRT and I couldn't read the error message that my BIOS was giving me.

We might have unhooked the A: drive when we were in there installing my extra hard drive. I disabled it in Hardware Configurations, I'll see what happens once I reboot.