Utorrent crashing all the time

[Zozomontana]

hi.. i got a big problem with utorrent.. every time i download something or start utorrent then it crashes(frezzes) and i need to reboot the comp...

ex.. i start utorrent and it starts to download for 5sek then the hole thing crashes and stop to respond and all the downloads stops.. if i wanna restart utorrent then i have to reboot hole comp to do that... its really pissing me off.. anyone who knows the problem?

[DreadWingKnight]

Post a hijackthis log and process explorer process list with DLL list for the utorrent.exe process.

[Zozomontana]

((((((((((((Post a hijackthis log and process explorer process list with DLL list for the utorrent.exe process.))))))))))))))))))

WHAT?

[DreadWingKnight]

http://forum.utorrent.com/viewtopic.php?id=15992#p258238

[Switeck]

1st link in my signature tells how to do that.

2nd link gives example settings to use in uTorrent based on your max upload speed.

Hopefully the 3rd link doesn't apply to your problems...

[GTHK]

You could atleast try Google/forum search.

a) get HijackThis from trendsecure.com, run it, view the log, and post the contents here

get Process Explorer from sysinternals.com, run it, Ctrl+D (to show the lower DLL pane), select the µTorrent process from the list, Ctrl+S (and save the list somewhere you'll find easily -- like the Desktop), then post the contents of the saved process list in the .txt file here

[Zozomontana]

hijackthis log after scanning

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:55:10, on 2008-07-07

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Program\Norman\Npm\Bin\Elogsvc.exe

C:\Program\Norman\Ngs\bin\NPROSEC.EXE

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program\Norman\Npm\Bin\Zanda.exe

C:\Program\Norman\npm\bin\nvoy.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Norman\npf\bin\npfsvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program\Norman\Npm\bin\NVCSCHED.EXE

C:\Program\Norman\Npm\bin\NJEEVES.EXE

C:\Program\Norman\nse\bin\NSESVC.EXE

C:\WINDOWS\System32\alg.exe

C:\Program\Norman\Nvc\bin\nvcoas.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program\Norman\Npm\Bin\ZLH.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program\Norman\Nvc\Bin\Nip.exe

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Norman\Nvc\Bin\cclaw.exe

C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\Program\Logitech\SetPoint\SetPoint.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program\Delade filer\Logishrd\KHAL2\KHALMNPR.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program\uTorrent\uTorrent.exe

C:\Program\Windows Live\Messenger\usnsvc.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {C6EA321D-EE5F-4ED5-B1FF-3A87F9D81ABF} - C:\WINDOWS\system32\iifecdBQ.dll (file missing)

O4 - HKLM\..\Run: [uIUCU] C:\DOCUME~1\Josef\LOKALA~1\Temp\UIUCU.EXE -CLEAN_UP -S

O4 - HKLM\..\Run: [startCCC] "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTDVDDET] C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvger.dll,startup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Policies\Explorer\Run: [{00AAC206-0E07-1053-0707-06110304002e}] "C:\Program\Delade filer\{00AAC206-0E07-1053-0707-06110304002e}\Update.exe" te-110-12-0000073

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Registration Assassin's Creed.LNK = D:\Spel\Assassins creed\Register\RegistrationReminder.exe

O4 - Startup: Registration Brothers In Arms EiB.LNK = D:\Spel\BrothersInArmsEiB\game\Support\Register\RegistrationReminder.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O20 - Winlogon Notify: iifecdBQ - iifecdBQ.dll (file missing)

O20 - Winlogon Notify: winkve32 - C:\WINDOWS\SYSTEM32\winkve32.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program\Norman\Npm\Bin\Elogsvc.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program\Delade filer\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: Norman NJeeves - Norman ASA - C:\Program\Norman\Npm\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Norman ASA - C:\Program\Norman\Npm\Bin\Zanda.exe

O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Program\Norman\npf\bin\npfsvc32.exe

O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Program\Norman\Ngs\bin\NPROSEC.EXE

O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program\Norman\nse\bin\NSESVC.EXE

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program\Norman\Npm\bin\NVCSCHED.EXE

O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Program\Norman\npm\bin\nvoy.exe

--

End of file - 7868 bytes

[DreadWingKnight]

You have Malware on your system AND have a high possibility of a broken Norman.

[Zozomontana]

from the process explorer

Process PID CPU Description Company Name

System Idle Process 0 92.31

Interrupts n/a Hardware Interrupts

DPCs n/a 3.08 Deferred Procedure Calls

System 4 1.54

smss.exe 656 Sessionshanteraren i Windows NT Microsoft Corporation

csrss.exe 724 Client Server Runtime Process Microsoft Corporation

winlogon.exe 756 Inloggningsprogram för Windows NT Microsoft Corporation

services.exe 804 Tjänst- och styrenhetsprogram Microsoft Corporation

elogsvc.exe 972 Norman eLogger service Norman ASA

nprosec.exe 984 Norman Security service Norman ASA

ati2evxx.exe 1004 ATI External Event Utility EXE Module ATI Technologies Inc.

svchost.exe 1016 Generic Host Process for Win32 Services Microsoft Corporation

CAPABI~1.EXE 3280 Capability Manager Teleca Software Solutions AB

Generic.exe 3400 Generic Device Management Executable. Teleca Software Solutions

epmworker.exe 3824 CAPI_Worker Module Sony Ericsson Mobile Communications AB

svchost.exe 1100 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1240 Generic Host Process for Win32 Services Microsoft Corporation

wuauclt.exe 2072 Windows Update Automatic Updates Microsoft Corporation

Zanda.exe 1360 Norman Zanda service Norman ASA

nvoy.exe 1400 Nvoy Norman ASA

svchost.exe 1492 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1580 Generic Host Process for Win32 Services Microsoft Corporation

npfsvc32.exe 1592 NPF Background Service Norman ASA

spoolsv.exe 1760 Spooler SubSystem App Microsoft Corporation

CTSVCCDA.EXE 196 Creative Service for CDROM Access Creative Technology Ltd

nvcsched.exe 640 NVC Scheduler Norman ASA

Njeeves.exe 644 NJeeves Norman ASA

Nsesvc.exe 1220 Norman Scanner Engine Service Norman ASA

alg.exe 1500 Application Layer Gateway Service Microsoft Corporation

Nvcoas.exe 1968 NVC OnAccess virus scanner Norman ASA

svchost.exe 2476 Generic Host Process for Win32 Services Microsoft Corporation

usnsvc.exe 2776 Messenger Sharing USN Journal Reader Service Microsoft Corporation

lsass.exe 816 LSA Shell (Export Version) Microsoft Corporation

ati2evxx.exe 1300 ATI External Event Utility EXE Module ATI Technologies Inc.

explorer.exe 236 Utforskaren Microsoft Corporation

CTSysVol.exe 1048 CTSysVol.exe Creative Technology Ltd

CTDVDDET.exe 1572 CTDVDDET Creative Technology Ltd

CTHELPER.EXE 2092 CtHelper Application Creative Technology Ltd

Zlh.exe 2176 Norman ZLH Norman ASA

Nip.exe 2600 NVC Internet Protection Norman ASA

APPLIC~1.EXE 2692 Application Launcher Sony Ericsson Mobile Communications AB

ctfmon.exe 3044 CTF Loader Microsoft Corporation

SetPoint.exe 3420 Logitech SetPoint Event Manager (UNICODE) Logitech, Inc.

KHALMNPR.exe 3888 Logitech KHAL Main Process Logitech, Inc.

uTorrent.exe 1324

iexplore.exe 3932 Internet Explorer Microsoft Corporation

iexplore.exe 2404 Internet Explorer Microsoft Corporation

WinRAR.exe 1940

procexp.exe 1244 3.08 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

MOM.exe 2112 Catalyst Control Center: Monitoring program Advanced Micro Devices Inc.

CCC.exe 3564 Catalyst Control Centre: Host application ATI Technologies Inc.

CClaw.exe 3108 CClaw Norman ASA

npfuser.exe 2332 NPF User Interface Norman ASA

Process: uTorrent.exe Pid: 1324

Name Description Company Name Version

ACTIVEDS.dll DLL-fil för Active Directory Router Layer Microsoft Corporation 5.01.2600.2180

adsldpc.dll ADs LDAP-provider C DLL Microsoft Corporation 5.01.2600.2180

ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.2180

ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0000

CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0308

COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2982

comdlg32.dll DLL-fil med vanliga dialogrutor Microsoft Corporation 6.00.2900.2180

COMRes.dll Microsoft Corporation 2001.12.4414.0258

ctagent.dll ctagent Creative Technology Ltd 1.00.0000.0008

ctype.nls

DNSAPI.dll DNS Client API DLL Microsoft Corporation 5.01.2600.3316

GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.3316

hnetcfg.dll Hanteraren för konfiguration av hemnätverk Microsoft Corporation 5.01.2600.2180

IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.2180

Iphlpapi.dll API för IP Helper Microsoft Corporation 5.01.2600.2912

kernel32.dll Klient-DLL för Windows NT BASE API Microsoft Corporation 5.01.2600.3119

lgscroll.dll Logitech Scroll Enabler (UNICODE) Logitech, Inc. 4.40.0088.0000

locale.nls

MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.01.2600.2180

MSCTF.dll DLL-fil för MSCTF-servern Microsoft Corporation 5.01.2600.3319

msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.01.2600.2180

MSVCP80.dll Microsoft® C++ Runtime Library Microsoft Corporation 8.00.50727.1433

MSVCR80.dll Microsoft® C Runtime Library Microsoft Corporation 8.00.50727.1433

msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.2180

mswsock.dll Tjänstprovider för Microsoft Windows Sockets 2.0 Microsoft Corporation 5.01.2600.2180

NETAPI32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.2976

Niphk.dll NVC Internet Protection Norman ASA 7.10.0000.0001

nrplib.dll NrpLib dll Norman ASA 7.00.0009.0000

ntdll.dll DLL-fil för NT Layer Microsoft Corporation 5.01.2600.2180

NTMARTA.DLL Windows NT MARTA-provider Microsoft Corporation 5.01.2600.2180

ole32.dll Microsoft OLE för Windows Microsoft Corporation 5.01.2600.2726

OLEAUT32.dll Microsoft Corporation 5.01.2600.3266

rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.2938

RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.3173

rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.2180

SAMLIB.dll SAM Library DLL Microsoft Corporation 5.01.2600.2180

Secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.2180

SETUPAPI.dll API för installationsprogrammet för Windows Microsoft Corporation 5.01.2600.2180

SHELL32.dll DLL-fil för Windows-gränssnittet Microsoft Corporation 6.00.2900.3241

SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.3268

sortkey.nls

sorttbls.nls

unicode.nls

USER32.dll Klient-DLL-fil för Windows XP Microsoft Corporation 5.01.2600.3099

uTorrent.exe

uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.2180

VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180

winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 5.01.2600.2180

WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.2180

WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180

WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.2180

wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.2180

WSOCK32.dll 32-bitars DLL-fil för Windows Socket Microsoft Corporation 5.01.2600.2180

[DreadWingKnight]

Yup, still leans towards broken norman and/or malware.

[Zozomontana]

i really dont know what the problem is.. ive done everything u have told me to do.. or just the process explorer and the hijackthing

[DreadWingKnight]

O20 - Winlogon Notify: iifecdBQ - iifecdBQ.dll (file missing)

O20 - Winlogon Notify: winkve32 - C:\WINDOWS\SYSTEM32\winkve32.dll

Malware

Niphk.dll NVC Internet Protection Norman ASA 7.10.0000.0001

nrplib.dll NrpLib dll Norman ASA 7.00.0009.0000

Norman being injected in the uTorrent process causing crashes.

[Switeck]

If you don't know what these are, you should probably remove them...quickly!:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {C6EA321D-EE5F-4ED5-B1FF-3A87F9D81ABF} - C:\WINDOWS\system32\iifecdBQ.dll (file missing)

O20 - Winlogon Notify: iifecdBQ - iifecdBQ.dll (file missing)

O20 - Winlogon Notify: winkve32 - C:\WINDOWS\SYSTEM32\winkve32.dll

It's also usually a bad sign for exe's to be running from your user profile folder/s:

O4 - HKLM\..\Run: [uIUCU] C:\DOCUME~1\Josef\LOKALA~1\Temp\UIUCU.EXE -CLEAN_UP -S

[Zozomontana]

how do i remove them.. where do i first find them? and how do i remove them

and what should i do for that malvare and norman thing

[Switeck]

Boot into safe mode and delete the hostile files in question.

Re-run HijackThis! and delete the entries associated with the hostile files.

Reboot, run HijackThis! again and make sure the hostile files are gone.

[Zozomontana]

how do i delete the hostiles files??? and how do i know if there are any entreis associated with the hostile files?

have in mind that i dont know very much about these things... so all you could say would really help me out... and if u can plzz explain in step by step

[Switeck]

Ugh...find someone local who's a little better with this stuff to step you through it.

It's hard enough doing stuff like this on my own computer when I'm at the keyboard.

Better antivirus/antispyware software could probably remove the hostile software automatically.

...As it seems all Norman's good for is crashing uTorrent!

[Zozomontana]

so the best thing is to uninstall the shit and get another anti vrus

[Switeck]

Yeah, Avast and SpyBot Seek and Destroy are 2 popular (for here!) programs for removing hostile software. ...Though I can't say they're terribly fast.

[Firon]

Reinstalling Windows is easier when it comes to cleaning out malware. :b

But try out AVG or NOD32, might help in cleaning your system up.