Kumiss Posted May 30, 2008 Report Share Posted May 30, 2008 First off, I have looked at other threads with 100% problems. Unfortunatly i cant seem to find a fix. So...Prob Desc:Usually when i open up uTorrent (Version 1.7.7) the icon appears instantly and files get checked and downloads start. This was the case this morning. However, later on i had to force a restart on my comp, since then uTorrent will use 100% cpu when loading, which is OK becuase once it fully loads it drops back down to 1%. Becuase of the restart the files need to be checked, which happens at low CPU usage. however once the first file is checked it begins to download. then uTorrent will use 100% cpu and then become unresponsive. Rather annoying.HJT Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:41:36, on 30/05/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\WINDOWS\System32\smss.exeC:\WINDOWS\WINDOWS\system32\winlogon.exeC:\WINDOWS\WINDOWS\system32\services.exeC:\WINDOWS\WINDOWS\system32\lsass.exeC:\WINDOWS\WINDOWS\system32\svchost.exeC:\WINDOWS\WINDOWS\System32\svchost.exeC:\WINDOWS\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeC:\WINDOWS\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\WINDOWS\system32\IoctlSvc.exeC:\WINDOWS\WINDOWS\system32\svchost.exeC:\WINDOWS\WINDOWS\Explorer.EXEC:\Program Files\Be Punctual\BePun.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\WINDOWS\system32\ctfmon.exeC:\Program Files\Microsoft\RATTV3\RATT.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Be Punctual.lnk = C:\Program Files\Be Punctual\BePun.exeO4 - Global Startup: RATT.lnk = C:\Program Files\Microsoft\RATTV3\RATT.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exeO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exeO9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exeO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\windows\system32\securenet.dllO10 - Unknown file in Winsock LSP: c:\windows\windows\system32\securenet.dllO10 - Unknown file in Winsock LSP: c:\windows\windows\system32\securenet.dllO16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206827521968O17 - HKLM\System\CCS\Services\Tcpip\..\{AB660195-80FA-459A-82D3-02929670C767}: NameServer = 192.168.4.254O17 - HKLM\System\CCS\Services\Tcpip\..\{B95FE8E0-6E5C-4712-A125-B46BE6044103}: NameServer = 192.168.1.255O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exeO23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exeO23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exeO23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeO23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exeO23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\WINDOWS\system32\nvsvc32.exeO23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\WINDOWS\system32\IoctlSvc.exe--End of file - 6438 bytesUsing procexp I can see that the problem is at start address uTorrent.exe+0x1751bthe rest of the threads looks like:|___TID___|________Start_Address__________||__2756___|_____uTorrent.exe+0x1751b______||__2312___|_____uTorrent.exe+0x84530______||___344___|_____uTorrent.exe+0xe6a8_______||__3764___|_____uTorrent.exe+0xfb90_______||__1344___|___kernal32.dll!CreateThread+0x22||__2736___|___kernal32.dll!CreateThread+0x22|So, what's next?Thanks for your time. Link to comment Share on other sites More sharing options...
DreadWingKnight Posted May 30, 2008 Report Share Posted May 30, 2008 post a process explorer process list with injected dlls for the utorrent.exe process please (even though I suspect CA's antivirus is running amok again). Link to comment Share on other sites More sharing options...
Kumiss Posted May 30, 2008 Author Report Share Posted May 30, 2008 Is that wat u wanted?edit: this is with me killing all CA processes that i'm aware of (problem still occurs tho ) Link to comment Share on other sites More sharing options...
DreadWingKnight Posted May 30, 2008 Report Share Posted May 30, 2008 http://forum.utorrent.com/viewtopic.php?pid=258238#p258238Although I suspect whatever's hooking in securenet.dll into the process may be the cause.Another thing that could be happening is that your hard drive lapsed into PIO mode. Link to comment Share on other sites More sharing options...
Kumiss Posted May 30, 2008 Author Report Share Posted May 30, 2008 Just ran a quick script that put my HDD into DMA mode, all appears to be good in the world of uTorrent....For now at least! Link to comment Share on other sites More sharing options...
jewelisheaven Posted May 31, 2008 Report Share Posted May 31, 2008 Yeah ... for now... if Windows is telling the hard drive to continually into PIO mode you really should look up and buy a new hard drive to prepare for drive failure. They're not that expensive these days, and... you can NEVER have too much storage space, lol Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.