Jump to content

Too many connections


plan2

Recommended Posts

Posted

Hello,

uTorrent has in the last days really been acting up. It's been using lots and lots of local network connections that clogs up all other networking in the operating system (win7 pro x64). When this happens other programs reports errors like "Network error: No buffer space available". Exiting uTorrent solves the problem, but that's not really a good solution... :rolleyes:

netstat -ano | find "17044", in cmd, where 17044 was uTorrent's pid gave this output: http://pastebin.com/wZwxXUUD

Quite some connections. :)

What to do, what to do?

Posted

Er, that's odd. It doesn't even make sense that µTorrent would try to listen on so many ports...

What version of µTorrent? What is the executable's hash? What security software?

a) get HijackThis from www.trendmicro.com, run it, view the log, and post the contents here

B) get Process Explorer from www.sysinternals.com, run it, Ctrl+D (to show the lower DLL pane), select the µTorrent process from the list, Ctrl+S (and save the list somewhere you'll find easily -- like the Desktop), then post the contents of the saved process list in the .txt file here

Posted

µTorrent is of version 2.0.2 build 19684.

md5 & sha1 hash:

090fa5f64cfb050b8ffaec7f57c31834 *uTorrent.exe
dfec781877aa86afa941d512c3fc9e95c2b2bdea ?SHA1*uTorrent.exe

I run the preview beta of F-Secure Internet Security 2011. I don't think I ever encountered this problem before I installed it a couple of weeks ago actually. Perhaps I should give uninstalling it a try.

HijackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:36:57, on 2010-07-05
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TrueCrypt\TrueCrypt.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\FeedReader\feedreader.exe
C:\Program Files (x86)\SimpPro\SimpPro.exe
C:\Program Files (x86)\Thunderbird\thunderbird.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\F-Secure\Common\FSM32.EXE
C:\Windows\xystem32\pageant.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\xystem32\putty.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Spotify\spotify.exe
C:\Windows\xystem32\putty.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\F-Secure\NRS\iescript\baselitmus.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\F-Secure\NRS\iescript\baselitmus.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [TrueCrypt] "C:\Program Files (x86)\TrueCrypt\TrueCrypt.exe" /q preferences /a favorites
O4 - HKCU\..\Run: [feedreader.exe] "C:\Program Files (x86)\FeedReader\feedreader.exe"
O4 - HKCU\..\Run: [Simp] C:\Program Files (x86)\SimpPro\SimpPro.exe
O4 - HKCU\..\Run: [Thunderbird] "C:\Program Files (x86)\Thunderbird\thunderbird" -turbo
O4 - Startup: Pageant.lnk = C:\Windows\xystem32\pageant.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BCWipe service (BCWipeSvc) - Jetico, Inc. - C:\Program Files (x86)\BCWipe\BCWipeSvc.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: DynDNS Updater - Dynamic Network Services, Inc. - C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files (x86)\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TrueCrypt System Favorites (TrueCryptSystemFavorites) - TrueCrypt Foundation - C:\Windows\SysWOW64\TrueCrypt.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9400 bytes

Process Explorer:

Process    PID    CPU    Description    Company Name
System Idle Process 0 82.50
Interrupts n/a Hardware Interrupts
DPCs n/a 0.76 Deferred Procedure Calls
System 4
smss.exe 312
csrss.exe 428
wininit.exe 492
csrss.exe 512
winlogon.exe 620
explorer.exe 2724 Windows Explorer Microsoft Corporation
TrueCrypt.exe 3196 TrueCrypt TrueCrypt Foundation
feedreader.exe 3312
SimpPro.exe 3412 Simp Secway
msnmsgr.exe 2640 Windows Live Messenger Microsoft Corporation
thunderbird.exe 3488 Thunderbird Mozilla Messaging
Dropbox.exe 3632 Dropbox
pageant.exe 4092 PuTTY SSH authentication agent Simon Tatham
putty.exe 5212 PuTTY Tray PuTTY
opera.exe 5352 Opera Internet Browser Opera Software
spotify.exe 73616 Spotify Spotify Ltd
putty.exe 93732 PuTTY Tray PuTTY
uTorrent.exe 100736 1.51 µTorrent BitTorrent, Inc.
procexp64 - Copy.exe 112664 12.87 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
AAM Updates Notifier.exe 3280 AAM Updates Notifier Application Adobe Systems Incorporated
jusched.exe 3728 Java(TM) Update Scheduler Sun Microsystems, Inc.
FSM32.EXE 3736 F-Secure Settings and Statistics F-Secure Corporation
fsscoepl_x64.exe 3748 F-Secure Spam Control plug-in for Microsoft Outlook Express® F-Secure Corporation
MOM.exe 3772 Catalyst Control Center: Monitoring program Advanced Micro Devices Inc.
CCC.exe 2876 Catalyst Control Centre: Host application ATI Technologies Inc.

Process: uTorrent.exe Pid: 100736

Name Description Company Name Version
ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 6.1.7600.16385
CLBCatQ.DLL COM+ Configuration Catalog Microsoft Corporation 2001.12.8530.16385
COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.10.7600.16385
comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.1.7600.16385
CRYPTBASE.dll Base cryptographic API DLL Microsoft Corporation 6.1.7600.16385
CRYPTSP.dll Cryptographic Service Provider API Microsoft Corporation 6.1.7600.16385
dhcpcsvc.DLL DHCP Client Service Microsoft Corporation 6.1.7600.16385
dhcpcsvc6.DLL DHCPv6 Client Microsoft Corporation 6.1.7600.16385
DnsApi.dll DNS Client API DLL Microsoft Corporation 6.1.7600.16385
dwmapi.dll Microsoft Desktop Window Manager API Microsoft Corporation 6.1.7600.16385
FirewallAPI.dll Windows Firewall API Microsoft Corporation 6.1.7600.16385
fsgkiapi.dll fsgkiapi F-Secure Corp. 9.80.16221.235
fshook32.dll HIPS user-mode hooking module F-Secure Corporation 3.0.171.0
FSLSP.DLL F-Secure Protocol Scanner LSP F-Secure Corporation 2.1.1110.0
fsscoepl.dll F-Secure Spam Control plug-in for Microsoft Outlook Express® F-Secure Corporation 1.2.7480.0
fwpuclnt.dll FWP/IPsec User-Mode API Microsoft Corporation 6.1.7600.16385
GDI32.dll GDI Client DLL Microsoft Corporation 6.1.7600.16385
IMM32.DLL Multi-User Windows IMM32 API Client DLL Microsoft Corporation 6.1.7600.16385
Iphlpapi.dll IP Helper API Microsoft Corporation 6.1.7600.16385
kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 6.1.7600.16385
KERNELBASE.dll Windows NT BASE API Client DLL Microsoft Corporation 6.1.7600.16385
KernelBase.dll.mui Windows NT BASE API Client DLL Microsoft Corporation 6.1.7600.16385
locale.nls
LPK.dll Language Pack Microsoft Corporation 6.1.7600.16385
mdnsNSP.dll Bonjour Namespace Provider Apple Inc. 2.0.2.0
MSCTF.dll MSCTF Server DLL Microsoft Corporation 6.1.7600.16385
MSVCR80.dll Microsoft® C Runtime Library Microsoft Corporation 8.0.50727.4927
msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.7600.16385
mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 6.1.7600.16385
npmproxy.dll Network List Manager Proxy Microsoft Corporation 6.1.7600.16385
NSI.dll NSI User-mode interface DLL Microsoft Corporation 6.1.7600.16385
ntdll.dll NT Layer DLL Microsoft Corporation 6.1.7600.16559
ntdll.dll NT Layer DLL Microsoft Corporation 6.1.7600.16559
ole32.dll Microsoft OLE for Windows Microsoft Corporation 6.1.7600.16385
oleaut32.dll Microsoft Corporation 6.1.7600.16385
profapi.dll User Profile Basic API Microsoft Corporation 6.1.7600.16385
PrxerDrv.dll Proxifier Winsock Layered Service Provider Initex Software 2.90.0.1
PrxerNsp.dll Proxifier Namespace Service Provider Initex Software 2.90.0.1
PSAPI.DLL Process Status Helper Microsoft Corporation 6.1.7600.16385
rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 6.1.7600.16385
RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 6.1.7600.16385
RpcRtRemote.dll Remote RPC Extension Microsoft Corporation 6.1.7600.16385
rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 6.1.7600.16385
sechost.dll Host for SCM/SDDL/LSA Lookup APIs Microsoft Corporation 6.1.7600.16385
SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.1.7600.16532
shfolder.dll Shell Folder Service Microsoft Corporation 6.1.7600.16385
SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.1.7600.16385
SortDefault.nls
SspiCli.dll Security Support Provider Interface Microsoft Corporation 6.1.7600.16484
StaticCache.dat
USER32.dll Multi-User Windows USER API Client DLL Microsoft Corporation 6.1.7600.16385
USERENV.dll Userenv Microsoft Corporation 6.1.7600.16385
USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.626.7600.16385
uTorrent.exe µTorrent BitTorrent, Inc. 2.0.2.19648
uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.1.7600.16385
VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 6.1.7600.16385
WINNSI.DLL Network Store Information RPC interface Microsoft Corporation 6.1.7600.16385
WinsockHookDLL.dll
wow64.dll Win32 Emulation on NT64 Microsoft Corporation 6.1.7600.16491
wow64cpu.dll AMD64 Wow64 CPU Microsoft Corporation 6.1.7600.16385
wow64win.dll Wow64 Console and Win32 API Logging Microsoft Corporation 6.1.7600.16385
WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 6.1.7600.16385
wship6.dll Winsock2 Helper DLL (TL/IPv6) Microsoft Corporation 6.1.7600.16385
wshtcpip.dll Winsock2 Helper DLL (TL/IPv4) Microsoft Corporation 6.1.7600.16385
vsocklib.dll VSockets Library VMware, Inc. 7.1.0.12623

Posted
fsgkiapi.dll fsgkiapi F-Secure Corp. 9.80.16221.235

fshook32.dll HIPS user-mode hooking module F-Secure Corporation 3.0.171.0

FSLSP.DLL F-Secure Protocol Scanner LSP F-Secure Corporation 2.1.1110.0

fsscoepl.dll F-Secure Spam Control plug-in for Microsoft Outlook Express® F-Secure Corporation 1.2.7480.0

PrxerDrv.dll Proxifier Winsock Layered Service Provider Initex Software 2.90.0.1

PrxerNsp.dll Proxifier Namespace Service Provider Initex Software 2.90.0.1

WinsockHookDLL.dll

vsocklib.dll VSockets Library VMware, Inc. 7.1.0.12623

All these DLL are injected into µT, that sounds really bad. :(

The Proxifier stuff doesn't look good. Try to remove it and check if µT works.

Posted

I uninstalled both F-secure and Proxifier, rebooted, and I haven't had any problems as of yet. I noticed that Opera (the web browser) was listening to lots of ports in a similar manner before I rebooted also. Perhaps this isn't related to µTorrent at all.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...