Utorrent and Nod32 crashing PC

[sa3atsky]

Im running Winxp sp3, using Utorrent ver. 1.8.4 and Nod32 Ver.4. I have already unchecked Utorrent from Nod32 IMON.. When I'm running uTorrent and downloading files, nod32's "ekrn.exe" process suddenly goes up, Utorrent becomes unresponsive as well as everything else and I have to hard reset my PC.

Heres my Hijack log:

-------------------------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:55:51, on 23/08/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16850)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\WINDOWS\system32\kxmixer.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Ad Muncher\AdMunch.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\Samurize\Client.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Yztoolbar\YzToolBar.exe

C:\Program Files\SpeedFan\speedfan.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Hotspot Shield\bin\openvpnas.exe

C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\SiI4726\SiI 4726 Manager\SiI4726.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Opera\opera.exe

C:\Documents and Settings\Sa3atsky\Desktop\Drivers\Essentials\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [kX Mixer] C:\WINDOWS\system32\kxmixer.exe --startup

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe

O4 - Startup: Samurize.lnk = C:\Program Files\Samurize\Client.exe

O4 - Startup: Shortcut to YzToolBar.lnk = C:\Program Files\Yztoolbar\YzToolBar.exe

O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{26E4D759-04F2-44E6-99C5-0468CC63AEF9}: NameServer = 217.17.233.49,193.188.97.193

O17 - HKLM\System\CS1\Services\Tcpip\..\{26E4D759-04F2-44E6-99C5-0468CC63AEF9}: NameServer = 217.17.233.49,193.188.97.193

O17 - HKLM\System\CS2\Services\Tcpip\..\{26E4D759-04F2-44E6-99C5-0468CC63AEF9}: NameServer = 217.17.233.49,193.188.97.193

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe

O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe

O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe

O23 - Service: SiI 4726 Manager - Unknown owner - C:\Program Files\SiI4726\SiI 4726 Manager\SiI4726.exe

O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

O24 - Desktop Component 0: (no name) - C:\Custom\Desktop\2nd\crestock-924844-1680x1050.jpg

O24 - Desktop Component 1: (no name) - C:\Custom\Desktop\2nd\Vuela_con_ella__by_EseLoKo.jpg

O24 - Desktop Component 2: (no name) - C:\Custom\Desktop\2nd\smokey_colors_by_cozmicboy.jpg

O24 - Desktop Component 3: (no name) - C:\Custom\Desktop\2nd\A_Blackbelt_In_Breakups_by_j3concepts.png

O24 - Desktop Component 4: (no name) - C:\Custom\Desktop\2nd\Lunar_Strain_by_Lunar_strain.jpg

O24 - Desktop Component 5: (no name) - C:\Custom\Desktop\00235_thebluemarble_1920x1200.jpg

O24 - Desktop Component 6: (no name) - C:\Custom\Desktop\2nd\Darkside_of_the_Moon_by_davidambler.png

--

End of file - 8023 bytes

-------------------------------------------------------------------------------------------------------------------------------------------

Process explorer:

-------------------------------------------------------------------------------------------------------------------------------------------

Process PID CPU Description Company Name

System Idle Process 0 80.38

Interrupts n/a Hardware Interrupts

DPCs n/a Deferred Procedure Calls

System 4 3.46

smss.exe 1260 Windows NT Session Manager Microsoft Corporation

csrss.exe 1324 Client Server Runtime Process Microsoft Corporation

winlogon.exe 1356 Windows NT Logon Application Microsoft Corporation

services.exe 1400 Services and Controller app Microsoft Corporation

ati2evxx.exe 1608 ATI External Event Utility EXE Module ATI Technologies Inc.

svchost.exe 1628 Generic Host Process for Win32 Services Microsoft Corporation

wmiprvse.exe 3256 WMI Microsoft Corporation

wlcomm.exe 716 Windows Live Communications Platform Microsoft Corporation

svchost.exe 1696 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1824 Generic Host Process for Win32 Services Microsoft Corporation

wuauclt.exe 4008 Windows Update Automatic Updates Microsoft Corporation

svchost.exe 2036 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 240 Generic Host Process for Win32 Services Microsoft Corporation

spoolsv.exe 532 Spooler SubSystem App Microsoft Corporation

svchost.exe 764 Generic Host Process for Win32 Services Microsoft Corporation

schedul2.exe 860 Acronis Scheduler 2 Acronis

ekrn.exe 928 ESET Service ESET

openvpnas.exe 1084

hsssrv.exe 1140 Hotspot Shield Helper Service AnchorFree Inc.

PnkBstrA.exe 1172

PnkBstrB.exe 1232

SiI4726.exe 2232

rundll32.exe 2564 Run a DLL as an App Microsoft Corporation

alg.exe 3368 Application Layer Gateway Service Microsoft Corporation

lsass.exe 1412 LSA Shell (Export Version) Microsoft Corporation

ati2evxx.exe 356 ATI External Event Utility EXE Module ATI Technologies Inc.

explorer.exe 952 Windows Explorer Microsoft Corporation

ctfmon.exe 1048 CTF Loader Microsoft Corporation

TrueImageMonitor.exe 1148 Acronis True Image Monitor Acronis

kxmixer.exe 1184 kX mixer Eugene Gavrilov

TimounterMonitor.exe 1192 Monitor for Acronis True Image Backup Archive Explorer Acronis

schedhlp.exe 1212 Acronis Scheduler Helper Acronis

AdMunch.exe 1284 Ad Muncher Murray Hurps Corp Pty Ltd

egui.exe 1304 ESET GUI ESET

daemon.exe 1480 DAEMON Tools Lite DT Soft Ltd

RocketDock.exe 1644

opera.exe 2120 Opera Internet Browser Opera Software

HiJackThis.exe 3916 HijackThis Trend Micro Inc.

msnmsgr.exe 2256 Windows Live Messenger Microsoft Corporation

uTorrent.exe 3120 13.08 µTorrent BitTorrent, Inc.

Client.exe 1744 3.08 Samurize.com

YzToolBar.exe 1788 ToolBar icon can be changed. Y'z@Home

speedfan.exe 744 Almico Software (www.almico.com)

notepad.exe 3764 Notepad Microsoft Corporation

foobar2000.exe 3572 foobar2000 Application

procexp.exe 1484 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

EM_EXEC.EXE 212 Logitech Events Handler Application Logitech Inc.

MOM.exe 1748 Catalyst Control Center: Monitoring program Advanced Micro Devices Inc.

CCC.exe 1024 Catalyst Control Centre: Host application ATI Technologies Inc.

Process: uTorrent.exe Pid: 3120

Name Description Company Name Version

ACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation 5.1.2600.5512

adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.1.2600.5512

ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.1.2600.5755

AM30400.dll Ad Muncher Hook DLL Murray Hurps Corp Pty Ltd 4.72.0.30400

ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.5.2284.1

CLBCATQ.DLL Microsoft Corporation 2001.12.4414.700

COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.0.2900.5512

comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.0.2900.5512

COMRes.dll Microsoft Corporation 2001.12.4414.700

credui.dll Credential Manager User Interface Microsoft Corporation 5.1.2600.5512

CRYPT32.dll Crypto API32 Microsoft Corporation 5.131.2600.5512

ctype.nls

DnsApi.dll DNS Client API DLL Microsoft Corporation 5.1.2600.5625

dot3api.dll 802.3 Autoconfiguration API Microsoft Corporation 5.1.2600.5512

dot3dlg.dll 802.3 UI Helper Microsoft Corporation 5.1.2600.5512

eappcfg.dll Eap Peer Config Microsoft Corporation 5.1.2600.5512

eappprxy.dll Microsoft EAPHost Peer Client DLL Microsoft Corporation 5.1.2600.5512

GDI32.dll GDI Client DLL Microsoft Corporation 5.1.2600.5698

hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.1.2600.5512

IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.1.2600.5512

Iphlpapi.dll IP Helper API Microsoft Corporation 5.1.2600.5512

iprepair.dll IconPackager Repair Module Stardock.net, Inc 3.1.0.0

kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.1.2600.5781

LgMsgHk.dll Logitech Message Hook Library Logitech Inc. 1.1.0.0

LgWndHk.dll Logitech Call Window Hook Library Logitech Inc. 9.79.25.1

locale.nls

MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.1.2600.5512

MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 5.1.2600.5512

MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.1.2600.5512

msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.1.2600.5768

MSVCP60.dll Microsoft ® C++ Runtime Library Microsoft Corporation 6.2.3104.0

msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.2600.5512

mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.1.2600.5625

netapi32.dll Net Win32 API DLL Microsoft Corporation 5.1.2600.5694

NETSHELL.dll Network Connections Shell Microsoft Corporation 5.1.2600.5512

ntdll.dll NT Layer DLL Microsoft Corporation 5.1.2600.5755

ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.1.2600.5512

oleaut32.dll Microsoft Corporation 5.1.2600.5512

OneX.DLL IEEE 802.1X supplicant library Microsoft Corporation 5.1.2600.5512

PSAPI.DLL Process Status Helper Microsoft Corporation 5.1.2600.5512

rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.1.2600.5512

RocketDock.dll

RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.1.2600.5795

rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.1.2600.5507

rtutils.dll Routing Utilities Microsoft Corporation 5.1.2600.5512

SAMLIB.dll SAM Library DLL Microsoft Corporation 5.1.2600.5512

Secur32.dll Security Support Provider Interface Microsoft Corporation 5.1.2600.5753

SETUPAPI.dll Windows Setup API Microsoft Corporation 5.1.2600.5512

SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.0.2900.5622

shfolder.dll Shell Folder Service Microsoft Corporation 6.0.2900.5512

SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.0.2900.5512

sortkey.nls

sorttbls.nls

unicode.nls

USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.1.2600.5512

USERENV.dll Userenv Microsoft Corporation 5.1.2600.5512

uTorrent.exe µTorrent BitTorrent, Inc. 1.8.4.16150

uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.0.2900.5512

VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.1.2600.5512

WINSTA.dll Winstation Library Microsoft Corporation 5.1.2600.5512

WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.1.2600.5512

WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.1.2600.5512

WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.1.2600.5512

wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.1.2600.5512

WTSAPI32.dll Windows Terminal Server SDK APIs Microsoft Corporation 5.1.2600.5512

xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.1.2600.5512

YzToolBar.dll Y'z ToolBar DLL 1.3.0.0

-------------------------------------------------------------------------------------------------------------------------------------------

Utorrent Dump File:

http://www.easy-share.com/1907457778/15772-utorrent.fc5d.dmp

thanks - edited

[moogly]

When uT is running, you have to select utorrent.exe and enable DLL mode (ctrl+d) in Process Explorer.

Edit your log please.

[Switeck]

These are the non-Microsoft DLLs I see from Process Explorer:

AM30400.dll Ad Muncher Hook DLL Murray Hurps Corp Pty Ltd 4.72.0.30400

iprepair.dll IconPackager Repair Module Stardock.net, Inc 3.1.0.0

LgMsgHk.dll Logitech Message Hook Library Logitech Inc. 1.1.0.0

LgWndHk.dll Logitech Call Window Hook Library Logitech Inc. 9.79.25.1

YzToolBar.dll Y'z ToolBar DLL 1.3.0.0

Logitech is unlikely to be a problem...but the other 3 might be.

[GTHK]

Whole computer becomes unresponsive just before NOD32's process acts up? Update NOD32. If that doesn't help, try uninstalling NOD32 temporarily.