plan2 Posted July 4, 2010 Report Posted July 4, 2010 Hello,uTorrent has in the last days really been acting up. It's been using lots and lots of local network connections that clogs up all other networking in the operating system (win7 pro x64). When this happens other programs reports errors like "Network error: No buffer space available". Exiting uTorrent solves the problem, but that's not really a good solution... netstat -ano | find "17044", in cmd, where 17044 was uTorrent's pid gave this output: http://pastebin.com/wZwxXUUDQuite some connections. What to do, what to do?
Ultima Posted July 4, 2010 Report Posted July 4, 2010 Er, that's odd. It doesn't even make sense that µTorrent would try to listen on so many ports...What version of µTorrent? What is the executable's hash? What security software?a) get HijackThis from www.trendmicro.com, run it, view the log, and post the contents here get Process Explorer from www.sysinternals.com, run it, Ctrl+D (to show the lower DLL pane), select the µTorrent process from the list, Ctrl+S (and save the list somewhere you'll find easily -- like the Desktop), then post the contents of the saved process list in the .txt file here
plan2 Posted July 4, 2010 Author Report Posted July 4, 2010 µTorrent is of version 2.0.2 build 19684.md5 & sha1 hash:090fa5f64cfb050b8ffaec7f57c31834 *uTorrent.exedfec781877aa86afa941d512c3fc9e95c2b2bdea ?SHA1*uTorrent.exeI run the preview beta of F-Secure Internet Security 2011. I don't think I ever encountered this problem before I installed it a couple of weeks ago actually. Perhaps I should give uninstalling it a try.HijackThis:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 00:36:57, on 2010-07-05Platform: Windows 7 (WinNT 6.00.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Program Files (x86)\TrueCrypt\TrueCrypt.exeC:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exeC:\Program Files (x86)\FeedReader\feedreader.exeC:\Program Files (x86)\SimpPro\SimpPro.exeC:\Program Files (x86)\Thunderbird\thunderbird.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\F-Secure\Common\FSM32.EXEC:\Windows\xystem32\pageant.exeC:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeC:\Program Files (x86)\Windows Live\Contacts\wlcomm.exeC:\Windows\xystem32\putty.exeC:\Program Files (x86)\Opera\opera.exeC:\Program Files (x86)\Spotify\spotify.exeC:\Windows\xystem32\putty.exeC:\Program Files (x86)\uTorrent\uTorrent.exeC:\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exeO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\F-Secure\NRS\iescript\baselitmus.dllO2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllO3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\F-Secure\NRS\iescript\baselitmus.dllO4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\F-Secure\Common\FSM32.EXE" /splashO4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSWO4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKCU\..\Run: [TrueCrypt] "C:\Program Files (x86)\TrueCrypt\TrueCrypt.exe" /q preferences /a favoritesO4 - HKCU\..\Run: [feedreader.exe] "C:\Program Files (x86)\FeedReader\feedreader.exe"O4 - HKCU\..\Run: [Simp] C:\Program Files (x86)\SimpPro\SimpPro.exeO4 - HKCU\..\Run: [Thunderbird] "C:\Program Files (x86)\Thunderbird\thunderbird" -turboO4 - Startup: Pageant.lnk = C:\Windows\xystem32\pageant.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dllO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: BCWipe service (BCWipeSvc) - Jetico, Inc. - C:\Program Files (x86)\BCWipe\BCWipeSvc.exeO23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exeO23 - Service: DynDNS Updater - Dynamic Network Services, Inc. - C:\Program Files (x86)\DynDNS Updater\DynUpSvc.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exeO23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files (x86)\F-Secure\FWES\Program\fsdfwd.exeO23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\F-Secure\Common\FSMA32.EXEO23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exeO23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exeO23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exeO23 - Service: TrueCrypt System Favorites (TrueCryptSystemFavorites) - TrueCrypt Foundation - C:\Windows\SysWOW64\TrueCrypt.exeO23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exeO23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exeO23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exeO23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exeO23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)--End of file - 9400 bytesProcess Explorer:Process PID CPU Description Company NameSystem Idle Process 0 82.50 Interrupts n/a Hardware Interrupts DPCs n/a 0.76 Deferred Procedure Calls System 4 smss.exe 312 csrss.exe 428 wininit.exe 492 csrss.exe 512 winlogon.exe 620 explorer.exe 2724 Windows Explorer Microsoft Corporation TrueCrypt.exe 3196 TrueCrypt TrueCrypt Foundation feedreader.exe 3312 SimpPro.exe 3412 Simp Secway msnmsgr.exe 2640 Windows Live Messenger Microsoft Corporation thunderbird.exe 3488 Thunderbird Mozilla Messaging Dropbox.exe 3632 Dropbox pageant.exe 4092 PuTTY SSH authentication agent Simon Tatham putty.exe 5212 PuTTY Tray PuTTY opera.exe 5352 Opera Internet Browser Opera Software spotify.exe 73616 Spotify Spotify Ltd putty.exe 93732 PuTTY Tray PuTTY uTorrent.exe 100736 1.51 µTorrent BitTorrent, Inc. procexp64 - Copy.exe 112664 12.87 Sysinternals Process Explorer Sysinternals - www.sysinternals.comAAM Updates Notifier.exe 3280 AAM Updates Notifier Application Adobe Systems Incorporatedjusched.exe 3728 Java(TM) Update Scheduler Sun Microsystems, Inc.FSM32.EXE 3736 F-Secure Settings and Statistics F-Secure Corporation fsscoepl_x64.exe 3748 F-Secure Spam Control plug-in for Microsoft Outlook Express® F-Secure CorporationMOM.exe 3772 Catalyst Control Center: Monitoring program Advanced Micro Devices Inc. CCC.exe 2876 Catalyst Control Centre: Host application ATI Technologies Inc.Process: uTorrent.exe Pid: 100736Name Description Company Name VersionADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 6.1.7600.16385CLBCatQ.DLL COM+ Configuration Catalog Microsoft Corporation 2001.12.8530.16385COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.10.7600.16385comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.1.7600.16385CRYPTBASE.dll Base cryptographic API DLL Microsoft Corporation 6.1.7600.16385CRYPTSP.dll Cryptographic Service Provider API Microsoft Corporation 6.1.7600.16385dhcpcsvc.DLL DHCP Client Service Microsoft Corporation 6.1.7600.16385dhcpcsvc6.DLL DHCPv6 Client Microsoft Corporation 6.1.7600.16385DnsApi.dll DNS Client API DLL Microsoft Corporation 6.1.7600.16385dwmapi.dll Microsoft Desktop Window Manager API Microsoft Corporation 6.1.7600.16385FirewallAPI.dll Windows Firewall API Microsoft Corporation 6.1.7600.16385fsgkiapi.dll fsgkiapi F-Secure Corp. 9.80.16221.235fshook32.dll HIPS user-mode hooking module F-Secure Corporation 3.0.171.0FSLSP.DLL F-Secure Protocol Scanner LSP F-Secure Corporation 2.1.1110.0fsscoepl.dll F-Secure Spam Control plug-in for Microsoft Outlook Express® F-Secure Corporation 1.2.7480.0fwpuclnt.dll FWP/IPsec User-Mode API Microsoft Corporation 6.1.7600.16385GDI32.dll GDI Client DLL Microsoft Corporation 6.1.7600.16385IMM32.DLL Multi-User Windows IMM32 API Client DLL Microsoft Corporation 6.1.7600.16385Iphlpapi.dll IP Helper API Microsoft Corporation 6.1.7600.16385kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 6.1.7600.16385KERNELBASE.dll Windows NT BASE API Client DLL Microsoft Corporation 6.1.7600.16385KernelBase.dll.mui Windows NT BASE API Client DLL Microsoft Corporation 6.1.7600.16385locale.nls LPK.dll Language Pack Microsoft Corporation 6.1.7600.16385mdnsNSP.dll Bonjour Namespace Provider Apple Inc. 2.0.2.0MSCTF.dll MSCTF Server DLL Microsoft Corporation 6.1.7600.16385MSVCR80.dll Microsoft® C Runtime Library Microsoft Corporation 8.0.50727.4927msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.7600.16385mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 6.1.7600.16385npmproxy.dll Network List Manager Proxy Microsoft Corporation 6.1.7600.16385NSI.dll NSI User-mode interface DLL Microsoft Corporation 6.1.7600.16385ntdll.dll NT Layer DLL Microsoft Corporation 6.1.7600.16559ntdll.dll NT Layer DLL Microsoft Corporation 6.1.7600.16559ole32.dll Microsoft OLE for Windows Microsoft Corporation 6.1.7600.16385oleaut32.dll Microsoft Corporation 6.1.7600.16385profapi.dll User Profile Basic API Microsoft Corporation 6.1.7600.16385PrxerDrv.dll Proxifier Winsock Layered Service Provider Initex Software 2.90.0.1PrxerNsp.dll Proxifier Namespace Service Provider Initex Software 2.90.0.1PSAPI.DLL Process Status Helper Microsoft Corporation 6.1.7600.16385rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 6.1.7600.16385RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 6.1.7600.16385RpcRtRemote.dll Remote RPC Extension Microsoft Corporation 6.1.7600.16385rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 6.1.7600.16385sechost.dll Host for SCM/SDDL/LSA Lookup APIs Microsoft Corporation 6.1.7600.16385SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.1.7600.16532shfolder.dll Shell Folder Service Microsoft Corporation 6.1.7600.16385SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.1.7600.16385SortDefault.nls SspiCli.dll Security Support Provider Interface Microsoft Corporation 6.1.7600.16484StaticCache.dat USER32.dll Multi-User Windows USER API Client DLL Microsoft Corporation 6.1.7600.16385USERENV.dll Userenv Microsoft Corporation 6.1.7600.16385USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.626.7600.16385uTorrent.exe µTorrent BitTorrent, Inc. 2.0.2.19648uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.1.7600.16385VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 6.1.7600.16385WINNSI.DLL Network Store Information RPC interface Microsoft Corporation 6.1.7600.16385WinsockHookDLL.dll wow64.dll Win32 Emulation on NT64 Microsoft Corporation 6.1.7600.16491wow64cpu.dll AMD64 Wow64 CPU Microsoft Corporation 6.1.7600.16385wow64win.dll Wow64 Console and Win32 API Logging Microsoft Corporation 6.1.7600.16385WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 6.1.7600.16385wship6.dll Winsock2 Helper DLL (TL/IPv6) Microsoft Corporation 6.1.7600.16385wshtcpip.dll Winsock2 Helper DLL (TL/IPv4) Microsoft Corporation 6.1.7600.16385vsocklib.dll VSockets Library VMware, Inc. 7.1.0.12623
moogly Posted July 4, 2010 Report Posted July 4, 2010 fsgkiapi.dll fsgkiapi F-Secure Corp. 9.80.16221.235fshook32.dll HIPS user-mode hooking module F-Secure Corporation 3.0.171.0FSLSP.DLL F-Secure Protocol Scanner LSP F-Secure Corporation 2.1.1110.0fsscoepl.dll F-Secure Spam Control plug-in for Microsoft Outlook Express® F-Secure Corporation 1.2.7480.0PrxerDrv.dll Proxifier Winsock Layered Service Provider Initex Software 2.90.0.1PrxerNsp.dll Proxifier Namespace Service Provider Initex Software 2.90.0.1WinsockHookDLL.dll vsocklib.dll VSockets Library VMware, Inc. 7.1.0.12623All these DLL are injected into µT, that sounds really bad. The Proxifier stuff doesn't look good. Try to remove it and check if µT works.
DreadWingKnight Posted July 4, 2010 Report Posted July 4, 2010 F-secure has some issues in there as well actually.
plan2 Posted July 5, 2010 Author Report Posted July 5, 2010 I uninstalled both F-secure and Proxifier, rebooted, and I haven't had any problems as of yet. I noticed that Opera (the web browser) was listening to lots of ports in a similar manner before I rebooted also. Perhaps this isn't related to µTorrent at all.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.