Jump to content

uTorrent 1.8.2 and 1.8.3 Beta crashes after hours of working fine.


Recommended Posts

uTorrent version: 1.8.3 Beta (1.8.2 had the same problem, older releases not used on the current configuration)

OS version: Windows XP SP2

System: Fujitsu/Siemens Lifebook E8410

Virus checker: McAfee, WinPatrol

Problem description: After hours of working nicely uTorrent stops working. When the GUI was displayed and another window was on top of it, the part that was covered up is blanked. Restarting the applic is not possible because killing the current service is not possible. I have this problem for half a year now every day and it interferes unattended downloading.

Workaround: Restart the system.

Remark: If you need any assistance with debugging, I would be glad to help. This problem is quit a nuisance...


uTorrent dump file: http://www.zshare.net/download/604025317d164342/

HijackThis logfile: http://www.zshare.net/download/60403195b94014a1/

Process PID CPU Description Company Name

System Idle Process 0 88.24

Interrupts n/a 0.74 Hardware Interrupts

DPCs n/a 1.47 Deferred Procedure Calls

System 4 0.74

smss.exe 744 Windows NT Session Manager Microsoft Corporation

csrss.exe 792 Client Server Runtime Process Microsoft Corporation

winlogon.exe 824 Windows NT Logon Application Microsoft Corporation

services.exe 868 1.47 Services and Controller app Microsoft Corporation

svchost.exe 1048 Generic Host Process for Win32 Services Microsoft Corporation

naPrdMgr.exe 1440 NAI Product Manager McAfee, Inc.

iexplore.exe 3052 Internet Explorer Microsoft Corporation

svchost.exe 1108 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1500 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1612 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1964 Generic Host Process for Win32 Services Microsoft Corporation

spoolsv.exe 508 Spooler SubSystem App Microsoft Corporation

scardsvr.exe 560 Smart Card Resource Management Server Microsoft Corporation

FireSvc.exe 1384 Main HIP Service McAfee, Inc.

Tuner.exe 1424 BMC CM Tuner BMC Software, Inc.

minituner.exe 3576 BMC CM Minituner BMC Software, Inc.

FrameworkService.exe 1560 Framework Service McAfee, Inc.

mcshield.exe 1840 On-Access Scanner service McAfee, Inc.

vstskmgr.exe 1928 Task Manager : scheduling and OAS alerting service Network Associates, Inc.

MDM.EXE 1940 Machine Debug Manager Microsoft Corporation

svchost.exe 212 Generic Host Process for Win32 Services Microsoft Corporation

nvPDsvc.exe 232 NVIDIA Performance Driver Service

nvsvc32.exe 280 NVIDIA Driver Helper Service, Version 156.87 NVIDIA Corporation

svchost.exe 412 Generic Host Process for Win32 Services Microsoft Corporation

vmount2.exe 640 virtual disk mount service VMware, Inc.

vmnat.exe 1412 VMware NAT Service VMware, Inc.

vmnetdhcp.exe 1524 VMware VMnet DHCP service VMware, Inc.

vmware-authd.exe 628 0.74 VMware Authorization Service VMware, Inc.

lsass.exe 888 LSA Shell (Export Version) Microsoft Corporation

explorer.exe 2936 Windows Explorer Microsoft Corporation

SynTPEnh.exe 3064 Synaptics TouchPad Enhancements Synaptics, Inc.

RTHDCPL.EXE 3656 Realtek HD Audio Control Panel Realtek Semiconductor Corp.

FUJ02E3.exe 3680 FUJ02E3 Utility FUJITSU LIMITED

QuickTouch.exe 3692 LifeBook Application Panel / Core FUJITSU LIMITED

BtnHnd.exe 3700 Button handler FUJITSU LIMITED

BtnHndHkb.exe 3824 Button handler KB assistant .

TrayControl.exe 3708 Tray Control NovaStor Corporation

vmware-tray.exe 3816 VMware Tray Process VMware, Inc.

hqtray.exe 3832 VMware Host Network Access Status Tray Application VMware, Inc.

shstat.exe 3844 On-access scanner statistics McAfee, Inc.

UdaterUI.exe 3912 Common User Interface McAfee, Inc.

Mctray.exe 704 McAfee Security Agent Taskbar Extension McAfee, Inc.

UnlockerAssistant.exe 3952

WinPatrol.exe 4028 WinPatrol System Monitor BillP Studios

rundll32.exe 2088 Run a DLL as an App Microsoft Corporation

ctfmon.exe 2372 CTF Loader Microsoft Corporation

SpeedswitchXP.exe 760 A CPU frequency applet for Windows XP Christian Diefer

Babylon.exe 2648 Babylon Information Tool Babylon Ltd.

utorrent.exe 2656 0.74 µTorrent BitTorrent, Inc.

FireTray.exe 3644 McAfee HIP Tray Application McAfee, Inc.

procexp.exe 720 5.88 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

rundll32.exe 2664 Run a DLL as an App Microsoft Corporation

Process: utorrent.exe Pid: 2656

Name Description Company Name Version

ACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation 5.1.2600.2180

adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.1.2600.2180

ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.1.2600.2180

apphelp.dll Application Compatibility Client Library Microsoft Corporation 5.1.2600.2180

ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.5.2284.0

CAPTLIB.DLL Babylon Information Tool Babylon Ltd.

CLBCATQ.DLL Microsoft Corporation 2001.12.4414.308

COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.0.2900.2982

comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.0.2900.2180

COMRes.dll Microsoft Corporation 2001.12.4414.258

credui.dll Credential Manager User Interface Microsoft Corporation 5.1.2600.2180


DnsApi.dll DNS Client API DLL Microsoft Corporation 5.1.2600.3394

GDI32.dll GDI Client DLL Microsoft Corporation 5.1.2600.3466

hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.1.2600.2180

IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.1.2600.2180

Iphlpapi.dll IP Helper API Microsoft Corporation 5.1.2600.2912

kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.1.2600.3119


mdnsNSP.dll Bonjour Namespace Provider Apple Inc.

MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.1.2600.2180

MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.1.2600.2180

msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.1.2600.2180

msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.2600.2180

mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.1.2600.3394

netapi32.dll Net Win32 API DLL Microsoft Corporation 5.1.2600.3462

NETSHELL.dll Network Connections Shell Microsoft Corporation 5.1.2600.2658

ntdll.dll NT Layer DLL Microsoft Corporation 5.1.2600.2180

NTMARTA.DLL Windows NT MARTA provider Microsoft Corporation 5.1.2600.2180

nview.dll NVIDIA nView Desktop and Window Manager 111.35 NVIDIA Corporation

nvwddi.dll NVIDIA nView Display Driver Interface Lib, Version 156.87 NVIDIA Corporation

NVWRSNL.DLL NVIDIA nView Desktop and Window Manager NVIDIA Corporation

ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.1.2600.2726

oleaut32.dll Microsoft Corporation 5.1.2600.3266

PATROLPRO.DLL WinPatrol Helper DLL BillP Studios

PSAPI.DLL Process Status Helper Microsoft Corporation 5.1.2600.2180

rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.1.2600.2938

RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.1.2600.3173

rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.1.2600.2161

rtutils.dll Routing Utilities Microsoft Corporation 5.1.2600.2180

SAMLIB.dll SAM Library DLL Microsoft Corporation 5.1.2600.2180

Secur32.dll Security Support Provider Interface Microsoft Corporation 5.1.2600.2180

SETUPAPI.dll Windows Setup API Microsoft Corporation 5.1.2600.2180

SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.0.2900.3241

shfolder.dll Shell Folder Service Microsoft Corporation 6.0.2900.2180

SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.0.2900.3268





USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.1.2600.3099

USERENV.dll Userenv Microsoft Corporation 5.1.2600.2180

utorrent.exe µTorrent BitTorrent, Inc.

uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.0.2900.2180

VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.1.2600.2180

WINMM.dll MCI API DLL Microsoft Corporation 5.1.2600.2180

WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.1.2600.2180

WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.1.2600.2180

WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.1.2600.2180

wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.1.2600.2180

xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.1.2600.2180

Link to comment
Share on other sites

I did it for you. Process Explorer is nuked, you have to select utorrent.exe as process, not vmware-authd.exe.

So repost Process Explorer log please.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:43:58, on 23-5-2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:








C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe

C:\program files\MarimbaProdClient\Castanet Tuner\Tuner.exe

c:\Program Files\McAfee\Common Framework\FrameworkService.exe

c:\Program Files\McAfee\VirusScan\mcshield.exe

c:\Program Files\McAfee\VirusScan\vstskmgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE


C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe



C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe



C:\Program Files\VMware\VMware Workstation\vmware-authd.exe


C:\Program Files\Synaptics\SynTP\SynTPEnh.exe


C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe

C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe

C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe

C:\Program Files\NovaNet-WEB Backup\TrayControl.exe

C:\Program Files\VMware\VMware Workstation\vmware-tray.exe

C:\Program Files\VMware\VMware Workstation\hqtray.exe

C:\Program Files\McAfee\VirusScan\SHSTAT.EXE

C:\Program Files\Fujitsu\BtnHnd\BtnHndHkb.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\WinPatrol\winpatrol.exe

c:\Program Files\McAfee\Common Framework\McTray.exe



C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe

C:\Program Files\Babylon\Babylon.exe

C:\Program Files\uTorrent\utorrent.exe


C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\program files\MarimbaProdClient\Castanet Tuner\lib\minituner.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://compass.oce.net/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://compass.oce.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://compass.oce.net/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Océ-Nederland B,V,

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://infoce.ocenl.nl/ie401set/proxy.pac

O1 - Hosts: nloce004

O1 - Hosts: nloce006

O1 - Hosts: nloce007

O1 - Hosts: service oceservice

O1 - Hosts: laptop

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Resept Certificate Loader - {B40D0B13-9A70-4394-8F21-E2E4AE3A9BC4} - C:\Program Files\Resept\ReseptLoader.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe


O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe

O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe

O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe

O4 - HKLM\..\Run: [NovaNet-WEB Tray Control] C:\Program Files\NovaNet-WEB Backup\TrayControl.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe

O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"

O4 - HKLM\..\Run: [shStatEXE] "c:\Program Files\McAfee\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "c:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [setOceUserForRemoteAccess] C:\Program Files\resept\tools\setoceuser.exe

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\WinPatrol\winpatrol.exe -expressboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [speedswitchXP] C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe

O4 - HKCU\..\Run: [babylon Translator] C:\Program Files\Babylon\Babylon.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"

O4 - HKCU\..\Run: [iCQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'LOCAL SERVICE')


O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')

O4 - Startup: NovaNet-WEB Backup Tray Control.lnk = ?

O4 - Global Startup: McAfee Host Intrusion Prevention Tray.lnk = ?

O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2007\spy.htm

O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2007\spy.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll

O14 - IERESET.INF: START_PAGE_URL=http://compass.oce.net/

O15 - Trusted Zone: http://oce.intellinex-asp.com

O15 - Trusted Zone: http://ocelearner.intellinex-asp.com

O15 - Trusted Zone: http://datadist1.denbosch.nl.oce.net

O15 - Trusted Zone: http://softdist.oce.net

O15 - Trusted Zone: http://softdist-r2.denbosch.nl.oce.net

O15 - Trusted Zone: http://softdist.denbosch.nl.oce.net

O15 - Trusted Zone: *.oce.net

O15 - Trusted Zone: http://infoce.ocenl.nl

O15 - Trusted Zone: http://*.oceservice

O15 - Trusted Zone: http://oce.intellinex-asp.com (HKLM)

O15 - Trusted Zone: http://ocelearner.intellinex-asp.com (HKLM)

O15 - Trusted Zone: http://datadist1.denbosch.nl.oce.net (HKLM)

O15 - Trusted Zone: http://softdist.oce.net (HKLM)

O15 - Trusted Zone: http://softdist-r2.denbosch.nl.oce.net (HKLM)

O15 - Trusted Zone: http://softdist.denbosch.nl.oce.net (HKLM)

O15 - Trusted Zone: *.oce.net (HKLM)

O15 - Trusted Zone: http://infoce.ocenl.nl (HKLM)

O15 - Trusted Zone: http://*.oceservice (HKLM)

O16 - DPF: {00627E89-A19D-4A2B-938B-059CB7B1B493} (F5 Networks Certificate Checker) - file://c:/Program Files/F5 VPN/F5_TMP/f5certchk.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/

O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://vpn01.oce.com/vdesk/terminal/urxvpn.cab#version=6020,2008,0514,2345

O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://vpn01.oce.com/vdesk/terminal/InstallerControl.cab#version=6020,2008,0514,2345

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-

O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - file://c:/Program Files/F5 VPN/F5_TMP/f5InspectionHost.cab

O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://vpn01.oce.com/vdesk/terminal/urTermProxy.cab#version=6020,2008,0514,2337

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232376181582

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.2) - http://javadl-esd.sun.com/update/1.2.1/jinstall-12-win32.cab

O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://vpn01.oce.com/vdesk/terminal/urxshost.cab#version=6020,2008,0514,2341

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://vpn01.oce.com/vdesk/terminal/urxhost.cab#version=6020,2008,0514,2340

O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - file://c:/Program Files/F5 VPN/F5_TMP/f5syschk.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ocenl.oce.net

O17 - HKLM\Software\..\Telephony: DomainName = ocenl.oce.net

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ocenl.oce.net

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ocenl.oce.net

O23 - Service: McAfee Host Intrusion Prevention Service (enterceptAgent) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: MarimbaProductionClient - BMC Software, Inc. - C:\program files\MarimbaProdClient\Castanet Tuner\Tuner.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - c:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - c:\Program Files\McAfee\VirusScan\mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - c:\Program Files\McAfee\VirusScan\vstskmgr.exe

O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

O23 - Service: Servers Alive (salive) - Woodstone bvba - C:\PROGRA~1\SERVER~1\serversalive.exe

O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe


End of file - 13817 bytes

Link to comment
Share on other sites

OK, so when people paste their logfiles, (I'm assuming for others, I will relay what I do) the helpers who look at them evaluate several things. THey're looking for known bad programs, looking for probabilities of malware, and possibly old versions (of drivers/programs) if known.

For instance in your logfiles I see you have at least a partial install of the Roxio Suite (c/o HJT), which is to be honest not known for working well with uT.

The three programs I mentioned I looked at the PE logfile searched for "Microsoft" in the DLL list, highlighted all (since I use Firefox) and noted non-highlighted lines. Then I use googlefu if I don't know the program or note the program it pertains to and report back possible problems.

I'd actually be able to detect the "direct" cause according to the dump if I read the DMP file but I'm learning something different right now so I leave that to others.

Other questions/problems/concerns?

Link to comment
Share on other sites

You are VERY thorough jewelisheaven! Thank you for your comprehensive answer. However, I still am not sure what is ment with the term 'injected'. Do you mean applications other then from Microsoft?

It took a while before I responded, because I would take the time to execute your proposel. I did and without the three mentioned apps active uTorrent still crashes every day once or more...

Other suggestions?

Link to comment
Share on other sites

OK moogly. So, if I understand you right it does not matter if the mentioned applics are running or not? The related DLL's will still be available on the system. If that's the case I will at least rename the related DLL's. What I do not understand is why uTorrent uses DLL's from completely other kind of applics???

Link to comment
Share on other sites

uTorrent does not use those DLLs. The list shows what DLLs are in uTorrent's memory (think of it as a closet, with other people storing their jackets/coats). If there's no way in the application to set an exception for uTorrent, you need to stop the process, or uninstall its program if the DLL is still in uT to verify the problem with your system. Only when DLLs are unloaded from uTorrent is anything else possible, that is without an analysis of the dumpfile.

Link to comment
Share on other sites

I HAVE FOUND THE PROBLEM: HelpSvc.exe!!! I kind of 'caught it in the act' when I was watching a movie while I had the Task Processor open and the Performance Tab actif. Suddenly the CPU-usage was sky rocketing. I killed HelpSvc.exe and uTorrent is actif for two days know without interruption! This has never happened on my current laptop before!

In the proces of debugging before this event, I have also tried to increase the Priority of uTorrent to High, but that did not help.

I hope uTorrent can be secured for this event in the future, because it looks sensitive for too less remaining CPU time.

Thank you all for the assistance and teaching guys!

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...