Windows 7 problem with uTorrent v 2.0.3

[future_freezer]

Hello

I have problem with uTorrent version 2.0.3 on my Windows 7 professional. I use utorrent for some time, but the problem appeared only a few days. When I run the program, after a few minutes the application hangs and it is suspended. It does not help re-install uTorrent or reboot the system. does not help also disables antivirus (I use Panda). When i kill the uTorrent process i still see it on task manager - and i can't disable it.

Please help in solving this problem

[moogly]

Run µT and post logs (Hijackthis and Process Explorer).

Guide: http://forum.utorrent.com/viewtopic.php?id=29748

[future_freezer]

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:40:13, on 2010-08-14

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Program Files\uTorrent\uTorrent.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\freezer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\freezer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\freezer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\freezer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Users\freezer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\freezer\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--

End of file - 5035 bytes

[moogly]

And PE log when µT is running?

[future_freezer]

Process PID CPU Private Bytes Working Set Description Company Name

DPCs n/a 0 K 0 K Deferred Procedure Calls

Interrupts n/a 0 K 0 K Hardware Interrupts

System Idle Process 0 96.23 0 K 24 K

System 4 52 K 2 868 K

smss.exe 384 260 K 812 K

NMSAccessU.exe 1704 588 K 2 156 K

nvvsvc.exe 856 984 K 3 756 K NVIDIA Driver Helper Service, Version 258.96 NVIDIA Corporation

svchost.exe 1812 1 076 K 4 220 K Proces hosta dla usług systemu Windows Microsoft Corporation

wininit.exe 584 1 152 K 3 728 K

csrss.exe 516 1 284 K 3 172 K

alg.exe 2200 1 296 K 4 172 K Usługa bramy warstwy aplikacji Microsoft Corporation

svchost.exe 1452 1 492 K 4 972 K Proces hosta dla usług systemu Windows Microsoft Corporation

lsm.exe 696 1 516 K 3 328 K

csrss.exe 2080 1 540 K 7 220 K

csrss.exe 576 1 696 K 6 344 K

winlogon.exe 4024 1 796 K 5 012 K

nvSCPAPISvr.exe 1764 1 896 K 4 788 K Stereo Vision Control Panel API Server NVIDIA Corporation

taskhost.exe 1748 2 544 K 6 276 K Proces hosta dla zadań systemu Windows Microsoft Corporation

svchost.exe 792 2 824 K 6 840 K Proces hosta dla usług systemu Windows Microsoft Corporation

svchost.exe 896 2 824 K 5 688 K Proces hosta dla usług systemu Windows Microsoft Corporation

lsass.exe 688 3 460 K 8 676 K Local Security Authority Process Microsoft Corporation

nvvsvc.exe 1212 3 560 K 7 948 K

svchost.exe 1020 3 780 K 9 508 K Proces hosta dla usług systemu Windows Microsoft Corporation

svchost.exe 1848 4 188 K 7 208 K Proces hosta dla usług systemu Windows Microsoft Corporation

services.exe 680 4 684 K 7 568 K

HiJackThis.exe 1904 4 700 K 13 532 K

svchost.exe 1184 5 168 K 8 508 K Proces hosta dla usług systemu Windows Microsoft Corporation

PSUNMain.exe 2984 6 048 K 2 148 K Panda Cloud Antivirus Panda Security, S.L.

RtHDVCpl.exe 3024 7 472 K 8 340 K Menedżer Realtek HD Audio Realtek Semiconductor

svchost.exe 1400 11 308 K 12 516 K Proces hosta dla usług systemu Windows Microsoft Corporation

procexp.exe 3528 3.88 13 900 K 31 724 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com

svchost.exe 988 14 652 K 14 324 K Proces hosta dla usług systemu Windows Microsoft Corporation

chrome.exe 2464 14 740 K 22 824 K Google Chrome Google Inc.

svchost.exe 1044 15 620 K 28 616 K Proces hosta dla usług systemu Windows Microsoft Corporation

svchost.exe 1284 16 376 K 19 584 K Proces hosta dla usług systemu Windows Microsoft Corporation

uTorrent.exe 3180 19 028 K 26 308 K

uTorrent.exe 1864 19 456 K 28 108 K

dwm.exe 1448 23 124 K 23 024 K Menedżer okien pulpitu Microsoft Corporation

explorer.exe 2448 30 432 K 45 676 K Eksplorator Windows Microsoft Corporation

chrome.exe 2780 30 632 K 46 320 K Google Chrome Google Inc.

sidebar.exe 2600 33 092 K 26 668 K Gadżety pulpitu systemu Windows Microsoft Corporation

gg.exe 2116 44 324 K 33 112 K Gadu-Gadu - program główny Gadu-Gadu S.A.

PSANHost.exe 1644 44 348 K 19 600 K Application Host Service Panda Security, S.L.

svchost.exe 3660 66 380 K 24 876 K Proces hosta dla usług systemu Windows Microsoft Corporation

[paintball9]

Try disabling panda antivirus

Also you've got 2 instances of utorrent running. close them both and try again.

[future_freezer]

i can't close both of utorrent instances there is - acces denied msg when i try kill one of them

[moogly]

In PE, you need to select utorrent.exe and enable DLL mode (ctrl+D).

Edit PE log please.

[regietron]

help!!

when i play back an uncompleted movie torrent download. what i see is an existing movie on my system or a movie i had previously deleted. is this normal or will the actual movie show upon completion of the download

[future_freezer]

Process: uTorrent.exe Pid: 3180

Name Description Company Name Version

AcGenral.DLL Windows Compatibility DLL Microsoft Corporation 6.1.7600.16385

AcLayers.dll Windows Compatibility DLL Microsoft Corporation 6.1.7600.16385

AcXtrnal.DLL Windows Compatibility DLL Microsoft Corporation 6.1.7600.16385

ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 6.1.7600.16385

apphelp.dll Biblioteka klienta zgodności aplikacji Microsoft Corporation 6.1.7600.16481

C_1252.NLS

CFGMGR32.dll Configuration Manager DLL Microsoft Corporation 6.1.7600.16385

CLBCatQ.DLL COM+ Configuration Catalog Microsoft Corporation 2001.12.8530.16385

COMCTL32.dll Biblioteka formantów czynności użytkownika Microsoft Corporation 6.10.7600.16385

comdlg32.dll Plik DLL wspólnych okien dialogowych Microsoft Corporation 6.1.7600.16385

CRYPT32.dll Crypto API32 Microsoft Corporation 6.1.7600.16385

CRYPTBASE.dll Base cryptographic API DLL Microsoft Corporation 6.1.7600.16385

CRYPTSP.dll Cryptographic Service Provider API Microsoft Corporation 6.1.7600.16385

DEVOBJ.dll Device Information Set DLL Microsoft Corporation 6.1.7600.16385

dhcpcsvc.DLL Usługa klienta DHCP Microsoft Corporation 6.1.7600.16385

dhcpcsvc6.DLL Klient DHCPv6 Microsoft Corporation 6.1.7600.16385

DnsApi.dll Biblioteka DLL interfejsu API klienta usługi DNS Microsoft Corporation 6.1.7600.16385

dwmapi.dll Interfejs API menedżera okien Microsoft Desktop Window Manager Microsoft Corporation 6.1.7600.16385

FirewallAPI.dll Interfejs API Zapory systemu Windows Microsoft Corporation 6.1.7600.16385

fwpuclnt.dll Interfejs API trybu użytkownika funkcji FWP/IPSec Microsoft Corporation 6.1.7600.16385

GDI32.dll GDI Client DLL Microsoft Corporation 6.1.7600.16385

iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 8.0.7600.16385

IMM32.DLL Multi-User Windows IMM32 API Client DLL Microsoft Corporation 6.1.7600.16385

index.dat

index.dat

index.dat

Iphlpapi.dll IP Helper API Microsoft Corporation 6.1.7600.16385

kernel32.dll Biblioteka DLL klienta Windows NT BASE API Microsoft Corporation 6.1.7600.16481

KERNELBASE.dll Biblioteka DLL klienta Windows NT BASE API Microsoft Corporation 6.1.7600.16385

KernelBase.dll.mui Biblioteka DLL klienta Windows NT BASE API Microsoft Corporation 6.1.7600.16385

locale.nls

LPK.dll Language Pack Microsoft Corporation 6.1.7600.16385

MPR.dll Multiple Provider Router DLL Microsoft Corporation 6.1.7600.16385

MSACM32.dll Filtr audio ACM Microsoft Microsoft Corporation 6.1.7600.16385

MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 6.1.7600.16415

MSCTF.dll Biblioteka DLL serwera MSCTF Microsoft Corporation 6.1.7600.16385

msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.7600.16385

mswsock.dll Microsoft Windows Sockets 2.0 Dostawca usługi Microsoft Corporation 6.1.7600.16385

napinsp.dll Dostawca podkładek nazewnictwa poczty e-mail Microsoft Corporation 6.1.7600.16385

NLAapi.dll Network Location Awareness 2 Microsoft Corporation 6.1.7600.16385

Normaliz.dll Unicode Normalization DLL Microsoft Corporation 6.1.7600.16385

npmproxy.dll Network List Manager Proxy Microsoft Corporation 6.1.7600.16385

NSI.dll NSI User-mode interface DLL Microsoft Corporation 6.1.7600.16385

ntdll.dll Biblioteka NT Layer DLL Microsoft Corporation 6.1.7600.16559

ntmarta.dll Windows NT - dostawca MARTA Microsoft Corporation 6.1.7600.16385

ole32.dll Microsoft OLE for Windows Microsoft Corporation 6.1.7600.16385

OLEAUT32.dll Microsoft Corporation 6.1.7600.16385

pnrpnsp.dll Dostawca obszaru nazw PNRP Microsoft Corporation 6.1.7600.16385

profapi.dll User Profile Basic API Microsoft Corporation 6.1.7600.16385

rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 6.1.7600.16385

RASAPI32.dll Remote Access API Microsoft Corporation 6.1.7600.16385

rasman.dll Remote Access Connection Manager Microsoft Corporation 6.1.7600.16385

RPCRT4.dll Czas wykonania zdalnego wywoływania procedury Microsoft Corporation 6.1.7600.16385

RpcRtRemote.dll Remote RPC Extension Microsoft Corporation 6.1.7600.16385

rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 6.1.7600.16385

rtutils.dll Routing Utilities Microsoft Corporation 6.1.7600.16617

samcli.dll Security Accounts Manager Client DLL Microsoft Corporation 6.1.7600.16385

sechost.dll Host for SCM/SDDL/LSA Lookup APIs Microsoft Corporation 6.1.7600.16385

sensapi.dll SENS Connectivity API DLL Microsoft Corporation 6.1.7600.16385

SETUPAPI.dll Interfejs API Instalatora systemu Windows Microsoft Corporation 6.1.7600.16385

sfc.dll Windows File Protection Microsoft Corporation 6.1.7600.16385

sfc_os.DLL Windows File Protection Microsoft Corporation 6.1.7600.16385

SHELL32.dll Wspólna biblioteka DLL Powłoki systemu Windows Microsoft Corporation 6.1.7600.16644

shfolder.dll Shell Folder Service Microsoft Corporation 6.1.7600.16385

SHLWAPI.dll Biblioteka dodatkowych narzędzi powłoki Microsoft Corporation 6.1.7600.16385

SHUNIMPL.DLL Windows Shell Obsolete APIs Microsoft Corporation 6.1.7600.16385

SortDefault.nls

SortServer2003Compat.dll Sort Version Server 2003 Microsoft Corporation 6.1.7600.16385

SortServer2003Compat.nls

SspiCli.dll Security Support Provider Interface Microsoft Corporation 6.1.7600.16385

StaticCache.dat

urlmon.dll Rozszerzenia OLE32 dla Win32 Microsoft Corporation 8.0.7600.16625

USER32.dll Współużytkowana biblioteka DLL klienta Windows USER API Microsoft Corporation 6.1.7600.16385

USERENV.dll Userenv Microsoft Corporation 6.1.7600.16385

USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.626.7600.16385

uTorrent.exe µTorrent BitTorrent, Inc. 2.0.3.20664

UxTheme.dll Biblioteka Microsoft UxTheme Microsoft Corporation 6.1.7600.16385

VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 6.1.7600.16385

wininet.dll Rozszerzenia internetowe Win32 Microsoft Corporation 8.0.7600.16625

WINMM.dll MCI API DLL Microsoft Corporation 6.1.7600.16385

WINNSI.DLL Network Store Information RPC interface Microsoft Corporation 6.1.7600.16385

winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 6.1.7600.16385

WINSPOOL.DRV Windows Spooler Driver Microsoft Corporation 6.1.7600.16385

WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 6.1.7600.16385

WS2_32.dll Biblioteka DLL 32-bitowej wersji usługi Windows Socket 2.0 Microsoft Corporation 6.1.7600.16385

wship6.dll Biblioteka DLL pomocy usługi Winsock2 (TL/IPv6) Microsoft Corporation 6.1.7600.16385

wshtcpip.dll Biblioteka DLL pomocy usługi Winsock2 (TL/IPv4) Microsoft Corporation 6.1.7600.16385

[moogly]

Nothing nasty seems to be injected into µT...

Did you try to run µT with Panda AV uninstalled? (you can run MSE temporarily)

And do you know what did you install/update these last days before the issue?

[future_freezer]

I uinstall Panda then instal avg and now i will try how it works.

[paintball9]

if you install avg right after it may just recreate the problem, try without an av first, and then you can install one and configure the proper rules for it if that fixed it.

[future_freezer]

OK I uninstalled Panda and installed AVG the problem is solved now uTorrent works

[moogly]

Yep, Panda is known here to cause some issues with µT.

Maybe Panda has some settings to exclude utorrent.exe and not block p2p traffic (disabling IP Flood Detection e.g. or something like that).