uTorrent Crashing Almost Daily

[kop48]

Hi,

This is driving both my brother and I nuts - uTorrent (we've both got the latest versions) crashes almost daily. Unfortunately, it's not a straight-forward crash, as the application just stops responding. I've tried to have a look at it with Process Explorer, but only noticed that it was spinning on a thread calling GetIcon, which I suspect is just the thread taking care of the systray icon.

We're both about to tear our hair out, but can't work out what might be causing it. I've looked at the crashes sticky, and neither of us have any of the offending software, and both machines are malware-free.

Any help in pinpointing the problem behind the crash would be IMMENSELY appreciated!

Thank you,

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 11:23:44 AM, on 20/08/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\SOUNDGRAPH\iMON\iMON.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\iiUsage\iiNet Usage.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\explorer.exe
C:\Program Files\MPC HomeCinema\mpc-hc.exe
C:\Program Files\RealVNC\VNC4\vncclipboard.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\kop48\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
O4 - HKLM\..\Run: [iMON] C:\Program Files\SOUNDGRAPH\iMON\iMON.exe /startup
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [iiNet Usage] "C:\Program Files\iiUsage\iiNet Usage.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\kop48\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\kop48\AppData\Roaming\FlashGetBHO\GetUrl.htm
O13 - Gopher Prefix: 
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Yet Another Media Meta Manager (YammmSvc) - Mikinho - C:\Program Files\Yammm\YammmSvc.exe

--
End of file - 5952 bytes

Process    PID    CPU    Description    Company Name
System Idle Process    0    83.49        
 Interrupts    n/a    3.01    Hardware Interrupts    
 DPCs    n/a        Deferred Procedure Calls    
 System    4            
  smss.exe    268            
csrss.exe    396            
wininit.exe    468            
 services.exe    572            
  svchost.exe    716            
   explorer.exe    7848        Windows Explorer    Microsoft Corporation
    mpc-hc.exe    14724        Media Player Classic - Homecinema    mpc-hc@Sourceforge
  svchost.exe    796            
  MsMpEng.exe    848            
  atiesrxx.exe    948            
   atieclxx.exe    2616            
  svchost.exe    1000            
   audiodg.exe    9568            
  svchost.exe    1056            
   dwm.exe    3036    1.50    Desktop Window Manager    Microsoft Corporation
  svchost.exe    1128            
  svchost.exe    1280            
  svchost.exe    1400            
  spoolsv.exe    1520            
  svchost.exe    1548            
  svchost.exe    1672            
  ramaint.exe    1720            
  LogMeIn.exe    1756            
   LMIGuardian.exe    1776            
  TCPSVCS.EXE    1852            
  winvnc4.exe    1932            
   winvnc4.exe    1964    3.01        
    vncclipboard.exe    43512        VNC Server Enterprise Edition Clipboard Helper for Win32    RealVNC Ltd.
  YammmSvc.exe    1952            
  svchost.exe    2544            
  taskhost.exe    3044        Host Process for Windows Tasks    Microsoft Corporation
  SearchIndexer.exe    3960            
  wmpnetwk.exe    4160            
  svchost.exe    22456            
  taskhost.exe    16436            
  mDNSResponder.exe    37304            
  AppleMobileDeviceService.exe    34332            
  iPodService.exe    12716            
 lsass.exe    588            
 lsm.exe    596    2.26        
csrss.exe    476            
winlogon.exe    524            
explorer.exe    3116        Windows Explorer    Microsoft Corporation
 iMON.exe    3240        iMON Manager    SoundGraph, Inc.
 RtHDVCpl.exe    3248        Realtek HD Audio Manager    Realtek Semiconductor
 msseces.exe    3256        Microsoft Security Essentials User Interface    Microsoft Corporation
 ipoint.exe    3264        IPoint.exe    Microsoft Corporation
  dpupdchk.exe    3624        dpupdchk.exe    Microsoft Corporation
 LogMeInSystray.exe    3272        LogMeIn Desktop Application    LogMeIn, Inc.
  LMIGuardian.exe    3420        LMIGuardian    LogMeIn, Inc.
 itype.exe    3284        IType.exe    Microsoft Corporation
 APAgent.exe    3332        AirPort Base Station Agent    Apple Inc.
 NetMeter.exe    3656            
 iiNet Usage.exe    3676        iiNet Usage Analyser    http://martybugs.net
 firefox.exe    11196        Firefox    Mozilla Corporation
 utorrent.exe    43424    3.76    µTorrent    BitTorrent, Inc.
 procexp.exe    2672    3.76    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com
SetPoint.exe    11980        Logitech SetPoint Event Manager (UNICODE)    Logitech, Inc.
 KHALMNPR.exe    10364        Logitech KHAL Main Process    Logitech, Inc.

Process: utorrent.exe Pid: 43424

Name    Description    Company Name    Version
ADVAPI32.dll    Advanced Windows 32 Base API    Microsoft Corporation    6.1.7600.16385
ATL.DLL    ATL Module for Windows XP (Unicode)    Microsoft Corporation    3.5.2284.0
CLBCatQ.DLL    COM+ Configuration Catalog    Microsoft Corporation    2001.12.8530.16385
COMCTL32.dll    User Experience Controls Library    Microsoft Corporation    6.10.7600.16385
comdlg32.dll    Common Dialogs DLL    Microsoft Corporation    6.1.7600.16385
credssp.dll    Credential Delegation Security Package    Microsoft Corporation    6.1.7600.16385
CRYPT32.dll    Crypto API32    Microsoft Corporation    6.1.7600.16385
CRYPTBASE.dll    Base cryptographic API DLL    Microsoft Corporation    6.1.7600.16385
CRYPTSP.dll    Cryptographic Service Provider API    Microsoft Corporation    6.1.7600.16385
dhcpcsvc.DLL    DHCP Client Service    Microsoft Corporation    6.1.7600.16385
dhcpcsvc6.DLL    DHCPv6 Client    Microsoft Corporation    6.1.7600.16385
DnsApi.dll    DNS Client API DLL    Microsoft Corporation    6.1.7600.16385
dwmapi.dll    Microsoft Desktop Window Manager API    Microsoft Corporation    6.1.7600.16385
FirewallAPI.dll    Windows Firewall API    Microsoft Corporation    6.1.7600.16385
fwpuclnt.dll    FWP/IPsec User-Mode API    Microsoft Corporation    6.1.7600.16385
GDI32.dll    GDI Client DLL    Microsoft Corporation    6.1.7600.16385
GPAPI.dll    Group Policy Client API    Microsoft Corporation    6.1.7600.16385
hnetcfg.dll    Home Networking Configuration Manager    Microsoft Corporation    6.1.7600.16385
hnetcfg.dll.mui    Home Networking Configuration Manager    Microsoft Corporation    6.1.7600.16385
iertutil.dll    Run time utility for Internet Explorer    Microsoft Corporation    8.0.7600.16385
IMM32.DLL    Multi-User Windows IMM32 API Client DLL    Microsoft Corporation    6.1.7600.16385
Iphlpapi.dll    IP Helper API    Microsoft Corporation    6.1.7600.16385
kernel32.dll    Windows NT BASE API Client DLL    Microsoft Corporation    6.1.7600.16481
KERNELBASE.dll    Windows NT BASE API Client DLL    Microsoft Corporation    6.1.7600.16385
KernelBase.dll.mui    Windows NT BASE API Client DLL    Microsoft Corporation    6.1.7600.16385
locale.nls            
LPK.dll    Language Pack    Microsoft Corporation    6.1.7600.16385
mdnsNSP.dll    Bonjour Namespace Provider    Apple Inc.    2.0.2.0
MSASN1.dll    ASN.1 Runtime APIs    Microsoft Corporation    6.1.7600.16415
MSCTF.dll    MSCTF Server DLL    Microsoft Corporation    6.1.7600.16385
msctf.dll.mui    MSCTF Server DLL    Microsoft Corporation    6.1.7600.16385
msvcrt.dll    Windows NT CRT DLL    Microsoft Corporation    7.0.7600.16385
mswsock.dll    Microsoft Windows Sockets 2.0 Service Provider    Microsoft Corporation    6.1.7600.16385
msxml3.dll    MSXML 3.0 SP11    Microsoft Corporation    8.110.7600.16605
msxml3r.dll    XML Resources    Microsoft Corporation    8.110.7600.16385
netshell.dll    Network Connections Shell    Microsoft Corporation    6.1.7600.16385
netutils.dll    Net Win32 API Helpers DLL    Microsoft Corporation    6.1.7600.16385
nlaapi.dll    Network Location Awareness 2    Microsoft Corporation    6.1.7600.16385
npmproxy.dll    Network List Manager Proxy    Microsoft Corporation    6.1.7600.16385
NSI.dll    NSI User-mode interface DLL    Microsoft Corporation    6.1.7600.16385
ntdll.dll    NT Layer DLL    Microsoft Corporation    6.1.7600.16559
ntmarta.dll    Windows NT MARTA provider    Microsoft Corporation    6.1.7600.16385
ole32.dll    Microsoft OLE for Windows    Microsoft Corporation    6.1.7600.16385
oleaut32.dll        Microsoft Corporation    6.1.7600.16385
profapi.dll    User Profile Basic API    Microsoft Corporation    6.1.7600.16385
rasadhlp.dll    Remote Access AutoDial Helper    Microsoft Corporation    6.1.7600.16385
RPCRT4.dll    Remote Procedure Call Runtime    Microsoft Corporation    6.1.7600.16385
RpcRtRemote.dll    Remote RPC Extension    Microsoft Corporation    6.1.7600.16385
rsaenh.dll    Microsoft Enhanced Cryptographic Provider    Microsoft Corporation    6.1.7600.16385
sechost.dll    Host for SCM/SDDL/LSA Lookup APIs    Microsoft Corporation    6.1.7600.16385
SG_ShellMon.dll    SG_ShellMon dll    SoundGraph, Inc.    7.8.6.407
SHELL32.dll    Windows Shell Common Dll    Microsoft Corporation    6.1.7600.16644
shfolder.dll    Shell Folder Service    Microsoft Corporation    6.1.7600.16385
SHLWAPI.dll    Shell Light-weight Utility Library    Microsoft Corporation    6.1.7600.16385
slc.dll    Software Licensing Client Dll    Microsoft Corporation    6.1.7600.16385
SortDefault.nls            
SSDPAPI.dll    SSDP Client API DLL    Microsoft Corporation    6.1.7600.16385
SspiCli.dll    Security Support Provider Interface    Microsoft Corporation    6.1.7600.16385
StaticCache.dat            
SXS.DLL    Fusion 2.5    Microsoft Corporation    6.1.7600.16385
upnp.dll    UPnP Control Point API    Microsoft Corporation    6.1.7600.16385
urlmon.dll    OLE32 Extensions for Win32    Microsoft Corporation    8.0.7600.16625
urlmon.dll.mui    OLE32 Extensions for Win32    Microsoft Corporation    8.0.7600.16385
USER32.dll    Multi-User Windows USER API Client DLL    Microsoft Corporation    6.1.7600.16385
USERENV.dll    Userenv    Microsoft Corporation    6.1.7600.16385
USP10.dll    Uniscribe Unicode script processor    Microsoft Corporation    1.626.7600.16385
utorrent.exe    µTorrent    BitTorrent, Inc.    2.0.3.20664
uxtheme.dll    Microsoft UxTheme Library    Microsoft Corporation    6.1.7600.16385
VERSION.dll    Version Checking and File Installation Libraries    Microsoft Corporation    6.1.7600.16385
webio.dll    Web Transfer Protocols API    Microsoft Corporation    6.1.7600.16385
WINHTTP.dll    Windows HTTP Services    Microsoft Corporation    6.1.7600.16385
WINNSI.DLL    Network Store Information RPC interface    Microsoft Corporation    6.1.7600.16385
WINSPOOL.DRV    Windows Spooler Driver    Microsoft Corporation    6.1.7600.16385
wkscli.dll    Workstation Service Client DLL    Microsoft Corporation    6.1.7600.16385
WLDAP32.dll    Win32 LDAP API DLL    Microsoft Corporation    6.1.7600.16385
WS2_32.dll    Windows Socket 2.0 32-Bit DLL    Microsoft Corporation    6.1.7600.16385
wship6.dll    Winsock2 Helper DLL (TL/IPv6)    Microsoft Corporation    6.1.7600.16385
wshtcpip.dll    Winsock2 Helper DLL (TL/IPv4)    Microsoft Corporation    6.1.7600.16385

[paintball9]

Try uninstalling/disabling the following

VNC server

Soundgraph

[kop48]

I'll try that when I'm home. Have they been known to cause problems, or do you have a hunch?

Cheers!

[moogly]

SG_ShellMon.dll SG_ShellMon dll SoundGraph, Inc. 7.8.6.407

is injected into µT, possible culprit.

[kop48]

Hmmm I strongly suspect it might be VNC, as that is the only common thing injected into uTorrent on both machines...

Scratch that - Apple's Bonjour is the common thing between them. I've gone and disabled Bonjour on both machines, and removed all DLLs which were hooking into the exe on both machines. I'll give it a couple of days and see if it helps.