utorrent freezes my PC

[Logan]

Ok, my pc freeze (XPsp2) after 4~5min after i open uTorrent, it started to act like that since uTorrent 1.7.6 update and it also occur in v 1.7.7

-----------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 07:18:52, on 4/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Arquivos de programas\cFosSpeed\spd.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Arquivos de programas\cFosSpeed\cFosSpeed.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

D:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [cFosSpeed] C:\Arquivos de programas\cFosSpeed\cFosSpeed.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe -autorun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Inetsrv" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_14] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\help" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_15] cmd.exe /c md "%USERPROFILE%\Configurações locais\Temp" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_18] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_19] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_20] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160013089656

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Arquivos de programas\cFosSpeed\spd.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

--

End of file - 5459 bytes

-------------------------------------------------

Process PID CPU Description Company Name

System Idle Process 0 58.96

Interrupts n/a 0.75 Hardware Interrupts

DPCs n/a Deferred Procedure Calls

System 4 2.99

smss.exe 996 Gerenciador de Sessão do Windows NT Microsoft Corporation

csrss.exe 1052 Client Server Runtime Process Microsoft Corporation

winlogon.exe 1096 Aplicativo de logon do Windows NT Microsoft Corporation

services.exe 1148 0.75 Aplicativo de serviços e controle Microsoft Corporation

ati2evxx.exe 1328 ATI External Event Utility EXE Module ATI Technologies Inc.

svchost.exe 1348 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1456 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1580 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1632 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1836 Generic Host Process for Win32 Services Microsoft Corporation

spoolsv.exe 1944 Spooler SubSystem App Microsoft Corporation

avp.exe 484 Kaspersky Anti-Virus Kaspersky Lab

spd.exe 508 cFosSpeed Service cFos Software GmbH

svchost.exe 696 Generic Host Process for Win32 Services Microsoft Corporation

alg.exe 964 Application Layer Gateway Service Microsoft Corporation

lsass.exe 1160 LSA Shell (Export Version) Microsoft Corporation

ati2evxx.exe 1732 ATI External Event Utility EXE Module ATI Technologies Inc.

explorer.exe 412 Windows Explorer Microsoft Corporation

SOUNDMAN.EXE 1512 Realtek Sound Manager Realtek Semiconductor Corp.

avp.exe 1520 Kaspersky Anti-Virus Kaspersky Lab

cfosspeed.exe 1528 cFosSpeed Window cFos Software GmbH

firefox.exe 2860 Firefox Mozilla Corporation

procexp.exe 468 0.75 Sysinternals Process Explorer Sysinternals

utorrent.exe 2068 35.82

Process: utorrent.exe Pid: 2068

Name Description Company Name Version

ACTIVEDS.dll DLL de camada de roteador ADs Microsoft Corporation 5.01.2600.2180

adsldpc.dll DLL C de provedor ADs LDAP Microsoft Corporation 5.01.2600.2180

ADVAPI32.dll API de base do Windows 32 avançada Microsoft Corporation 5.01.2600.2180

ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0000

CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0308

COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2982

comdlg32.dll DLL de diálogos comuns Microsoft Corporation 6.00.2900.2180

COMRes.dll Microsoft Corporation 2001.12.4414.0258

ctype.nls

DNSAPI.dll DNS Client API DLL Microsoft Corporation 5.01.2600.2938

GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.3159

hnetcfg.dll Gerenciador de configurações de rede doméstica Microsoft Corporation 5.01.2600.2180

Iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.2912

kernel32.dll DLL cliente da API BASE do Windows NT Microsoft Corporation 5.01.2600.3119

locale.nls

MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.01.2600.2180

msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.2180

mswsock.dll Fornecedor de serviços do Microsoft Windows Sockets 2.0 Microsoft Corporation 5.01.2600.2180

NETAPI32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.2976

ntdll.dll DLL de nível do NT Microsoft Corporation 5.01.2600.2180

ole32.dll Microsoft OLE para Windows e Windows NT Microsoft Corporation 5.01.2600.2726

oleaut32.dll Microsoft Corporation 5.01.2600.3139

rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.2938

RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.3173

rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.2180

SAMLIB.dll SAM Library DLL Microsoft Corporation 5.01.2600.2180

Secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.2180

SETUPAPI.dll API de instalação do Windows Microsoft Corporation 5.01.2600.2180

SHELL32.dll DLL comum do Shell do Windows Microsoft Corporation 6.00.2900.3241

SHLWAPI.dll Biblioteca de utilitário abreviado para Shell Microsoft Corporation 6.00.2900.3231

sortkey.nls

sorttbls.nls

unicode.nls

USER32.dll DLL de Cliente API de usuário Windows XP Microsoft Corporation 5.01.2600.3099

utorrent.exe

uxtheme.dll Biblioteca UxTheme Microsoft Microsoft Corporation 6.00.2900.2180

VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180

winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 5.01.2600.2180

WLDAP32.dll DLL da API LDAP Win32 Microsoft Corporation 5.01.2600.2180

WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180

WS2HELP.dll DLL de ajuda do Windows Socket 2.0 para Windows NT Microsoft Corporation 5.01.2600.2180

wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.2180

[jewelisheaven]

Nero Scout can cause problems with file permissions. I don't see anything added to uT's process, so I'm thinking it's CFOS speed... Can you make sure it's configured like in the firewall setup thread http://forum.utorrent.com/viewtopic.php?id=7862 >?

[DreadWingKnight]

I would also potentially suspect Kapersky.

[Logan]

No problem with CFOS speed, i have no firewall

Kaspersky detected this last ut update:

detected: riskware Trojan.generic Running process: C:\Documents and Settings\Administrador\Configurações locais\Temp\utt3.tmp.exe

[jewelisheaven]

Detected what? That's a useless error message . Tell KIS to allow utorrent.exe: If you have to give it the full path to your exe.

[Firon]

Kaspersky is a junky firewall.