Can't update uTorrent

[RuLLy]

i have a biiig problem. I'm stuck with te 1.8 version with uTorrent, cuz everytime i try to update it, i get a error: the process can't acces file, because another process is using it....or something like that... i checked out task manager and there was only one process using uTorrent ....

i really want a new version, any suggestions ?

[moogly]

Post Hijackthis log please.

Guide: http://forum.utorrent.com/viewtopic.php?id=29748

[RuLLy]

http://datoteka.si/file/1720/hijackthis-log.html

i ran it in the moment i got the error message...

i wont be avalible untill tomorow.....bed time !

[moogly]

The culprit is surely AVG, enable option "append .!ut to incomplete files" in uTorrent (General).

And report here if the error is still here.

[RuLLy]

i still have the same problem...

http://datoteka.si/file/1721/hijackthis-log.html

[moogly]

Can you paste the log in your message, easier to read.

[RuLLy]

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\AVG\avgchsvx.exe

D:\Program Files\AVG\avgrsx.exe

D:\Program Files\AVG\avgcsrvx.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\SOUNDMAN.EXE

D:\WINDOWS\VM_STI.EXE

D:\Program Files\HP\HP Software Update\HPWuSchd2.exe

D:\Program Files\Java\jre6\bin\jusched.exe

D:\PROGRA~1\AVG\avgtray.exe

D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

D:\Program Files\AVG\avgwdsvc.exe

D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

D:\Program Files\Java\jre6\bin\jqs.exe

D:\Program Files\AVG\avgnsx.exe

D:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

D:\WINDOWS\system32\svchost.exe

D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

D:\WINDOWS\system32\HPZipm12.exe

D:\Program Files\Mozilla Firefox\firefox.exe

D:\WINDOWS\system32\msiexec.exe

D:\WINDOWS\system32\wuauclt.exe

D:\DOCUME~1\UPORAB~1\LOCALS~1\Temp\utt100.tmp.exe

D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1060

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\avgssie.dll

O2 - BHO: Windows Live - Pomoc pri vpisu - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [bigDogPath] D:\WINDOWS\VM_STI.EXE Philips SPC315NC Webcam

O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] D:\PROGRA~1\AVG\avgtray.exe

O4 - HKLM\..\RunOnce: [CleanSetup] cmd /C rmdir /S /Q "D:\Documents and Settings\Uporabnik\Local Settings\Temp\nro.tmp\"

O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LightScribe Control Panel] D:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Connection through NVIDIA nForce Networking Controller.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: I&zvoz v Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Raziskovanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{8DE79B1D-B3E1-4771-981E-E8EDCD40D974}: NameServer = 212.18.32.10 212.18.32.12

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\avgwdsvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

--

End of file - 6625 bytes

[moogly]

Can you add Process Explorer log please.

Select utorrent.exe and enable DLL mode (ctrl+d).

Guide: http://forum.utorrent.com/viewtopic.php?id=29748

Sounds like something is injected into uT.

[RuLLy]

is this the right stuff ?

ctfmon.exe 1128 CTF Loader Microsoft Corporation

hpqtra08.exe 1280 HP Digital Imaging Monitor Hewlett-Packard Development Company, L.P.

hpqste08.exe 3164 HP CUE Status Hewlett-Packard Development Company, L.P.

uTorrent.exe 2420 44.62 µTorrent BitTorrent, Inc.

hpqimzone.exe 560 HP Photosmart Premier Hewlett-Packard Development Company, L.P.

firefox.exe 980 1.54 Firefox Mozilla Corporation

AcroRd32.exe 3272 Adobe Reader 8.1 Adobe Systems Incorporated

procexp.exe 1256 3.08 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

Process: uTorrent.exe Pid: 2420

Name Description Company Name Version

ACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation 5.1.2600.5512

adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.1.2600.5512

adsldpc.dll.mui ADs LDAP ponudnik C DLL Microsoft Corporation 5.1.2600.0

ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.1.2600.5755

ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.5.2284.2

CLBCATQ.DLL Microsoft Corporation 2001.12.4414.700

COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.0.2900.5512

comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.0.2900.5512

COMRes.dll Microsoft Corporation 2001.12.4414.700

credui.dll Credential Manager User Interface Microsoft Corporation 5.1.2600.5512

CRYPT32.dll Crypto API32 Microsoft Corporation 5.131.2600.5512

ctype.nls

DNSAPI.dll DNS Client API DLL Microsoft Corporation 5.1.2600.5625

dot3api.dll 802.3 Autoconfiguration API Microsoft Corporation 5.1.2600.5512

dot3dlg.dll 802.3 UI Helper Microsoft Corporation 5.1.2600.5512

eappcfg.dll Eap Peer Config Microsoft Corporation 5.1.2600.5512

eappprxy.dll Microsoft EAPHost Peer Client DLL Microsoft Corporation 5.1.2600.5512

GDI32.dll GDI Client DLL Microsoft Corporation 5.1.2600.5698

hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.1.2600.5512

IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.1.2600.5512

Iphlpapi.dll IP Helper API Microsoft Corporation 5.1.2600.5512

iphlpapi.dll.mui API pomočnika za IP-je Microsoft Corporation 5.1.2600.2

kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.1.2600.5781

kernel32.dll.mui DLL za Windows NT BASE API odjemalec Microsoft Corporation 5.1.2600.0

locale.nls

MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.1.2600.5512

MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 5.1.2600.5875

MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.1.2600.5512

msctf.dll.mui DLL MSCTF strežnika Microsoft Corporation 5.1.2600.0

msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.1.2600.5768

MSVCP60.dll Microsoft ® C++ Runtime Library Microsoft Corporation 6.2.3104.0

msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.2600.5512

mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.1.2600.5625

NETAPI32.dll Net Win32 API DLL Microsoft Corporation 5.1.2600.5694

NETSHELL.dll Network Connections Shell Microsoft Corporation 5.1.2600.5512

ntdll.dll NT Layer DLL Microsoft Corporation 5.1.2600.5755

ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.1.2600.5512

oleaut32.dll Microsoft Corporation 5.1.2600.5512

OneX.DLL IEEE 802.1X supplicant library Microsoft Corporation 5.1.2600.5512

rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.1.2600.5512

RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.1.2600.5795

rtutils.dll Routing Utilities Microsoft Corporation 5.1.2600.5512

SAMLIB.dll SAM Library DLL Microsoft Corporation 5.1.2600.5512

Secur32.dll Security Support Provider Interface Microsoft Corporation 5.1.2600.5834

SETUPAPI.dll Windows Setup API Microsoft Corporation 5.1.2600.5512

setupapi.dll.mui Namestitveni API za Windows Microsoft Corporation 5.1.2600.0

SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.0.2900.5622

shfolder.dll Shell Folder Service Microsoft Corporation 6.0.2900.5512

SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.0.2900.5512

sortkey.nls

sorttbls.nls

unicode.nls

USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.1.2600.5512

uTorrent.exe µTorrent BitTorrent, Inc. 1.8.0.11813

uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.0.2900.5512

VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.1.2600.5512

WINSTA.dll Winstation Library Microsoft Corporation 5.1.2600.5512

WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.1.2600.5512

WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.1.2600.5512

WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.1.2600.5512

wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.1.2600.5512

WTSAPI32.dll Windows Terminal Server SDK APIs Microsoft Corporation 5.1.2600.5512

xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.1.2600.5512

xpsp2res.dll Sporočila servisnega paketa SP 2 Microsoft Corporation 5.1.2600.5512

[moogly]

Yes, it's that.

Anyway it's weird, I see no strange process injected into uT.

You have 2 solutions:

1/ Using freeware Unlocker (http://ccollomb.free.fr/unlocker/) to see which program is using utorrent.exe and try to stop that. Then applying the uT update.

2/ Updating manually uT. Download uT1.8.5 (http://www.utorrent.com/downloads) and replace the old utorrent.exe by the new one in Program Files\uTorrent.

[RuLLy]

if i update manually, will it keep all my download progress ?

[moogly]

Of course. You will see the installer (don't forget to uncheck all the 3 boxes about Ask toolbar if you don't need it) and uT will start with your previous history and settings. Don't forget to renew the rules in your firewall if necessary.

[RuLLy]

tnx, ill do this ..... ur gr8 !

[moogly]

Anyway surely one of your security module is the culprit, you should verify you have excluded utorrent.exe from scanning (Unlocker can help you to identify the program).