utorrent not responding and internet stalls

[meegii13]

when utorrent gets unresponsive all my internet activity stalls (firefox, IM etc.)

hi, I'm running Windows 7, ZoneAlarm Pro version:9.1.507.000 (TrueVector version:9.1.507.000 Driver version:9.1.503.000) and Avira AntiVir version 10.0.0.567

I'm pretty sure this is caused by some malware but anitvirus scans show up clean. So here is Hijackthis log and Processor Explorer log. I could also provide dump file created when utorrent is not responding.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:48:06 PM, on 9/3/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Vidalia Bundle\Tor\tor.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Vidalia Bundle\Polipo\polipo.exe

C:\Windows\system32\conhost.exe

C:\Users\mishel\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\mishel\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\mishel\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\mishel\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\mishel\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\mishel\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\mishel\Desktop\procexp.exe

C:\Users\mishel\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\mishel\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\mishel\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\mishel\AppData\Local\Google\Chrome\Application\chrome.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

C:\Users\mishel\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\mishel\Desktop\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\mishel\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -update plugin

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 6159 bytes

Process Explorer Log

Process PID CPU Private Bytes Working Set Description Company Name

System Idle Process 0 89.70 0 K 24 K

Interrupts n/a 0.76 0 K 0 K Hardware Interrupts

DPCs n/a 0.76 0 K 0 K Deferred Procedure Calls

System 4 0.76 52 K 3,368 K

smss.exe 268 256 K 532 K

csrss.exe 388 1,276 K 2,680 K

conhost.exe 2068 500 K 1,760 K

wininit.exe 444 888 K 2,676 K

services.exe 500 4,532 K 5,692 K

svchost.exe 632 2,812 K 5,740 K Host Process for Windows Services Microsoft Corporation

igfxsrvc.exe 416 1,832 K 4,136 K igfxsrvc Module Intel Corporation

svchost.exe 764 3,160 K 5,172 K Host Process for Windows Services Microsoft Corporation

svchost.exe 864 15,228 K 11,636 K Host Process for Windows Services Microsoft Corporation

svchost.exe 912 0.76 59,092 K 57,324 K Host Process for Windows Services Microsoft Corporation

dwm.exe 1488 40,736 K 18,372 K Desktop Window Manager Microsoft Corporation

svchost.exe 940 20,112 K 22,004 K Host Process for Windows Services Microsoft Corporation

svchost.exe 1092 4,592 K 6,948 K Host Process for Windows Services Microsoft Corporation

svchost.exe 1208 12,212 K 9,988 K Host Process for Windows Services Microsoft Corporation

vsmon.exe 1264 2.28 26,880 K 24,912 K TrueVector Service Check Point Software Technologies LTD

spoolsv.exe 1732 4,856 K 7,168 K Spooler SubSystem App Microsoft Corporation

CNAB4RPK.EXE 288 688 K 2,184 K

sched.exe 1776 4,740 K 1,560 K Antivirus Scheduler Avira GmbH

taskhost.exe 1820 7,192 K 6,520 K Host Process for Windows Tasks Microsoft Corporation

svchost.exe 1848 8,624 K 7,536 K Host Process for Windows Services Microsoft Corporation

avguard.exe 568 95,044 K 14,136 K Antivirus On-Access Service Avira GmbH

avshadow.exe 2060 2,556 K 4,336 K

AppleMobileDeviceService.exe 1016 1,164 K 3,152 K Apple Mobile Device Service Apple Inc.

svchost.exe 1408 1,196 K 3,560 K Host Process for Windows Services Microsoft Corporation

YahooAUService.exe 280 3,216 K 6,308 K AutoUpater Service Module Yahoo! Inc.

SearchIndexer.exe 3400 31,172 K 14,996 K Microsoft Windows Search Indexer Microsoft Corporation

svchost.exe 3724 1,464 K 3,752 K Host Process for Windows Services Microsoft Corporation

svchost.exe 3764 1,360 K 3,784 K Host Process for Windows Services Microsoft Corporation

svchost.exe 1044 1,472 K 4,344 K Host Process for Windows Services Microsoft Corporation

lsass.exe 516 3,160 K 6,264 K Local Security Authority Process Microsoft Corporation

lsm.exe 524 1,300 K 2,576 K

csrss.exe 452 2,324 K 13,108 K

conhost.exe 3004 696 K 2,208 K Console Window Host Microsoft Corporation

conhost.exe 3056 696 K 2,192 K Console Window Host Microsoft Corporation

winlogon.exe 744 1,676 K 3,344 K

explorer.exe 1512 29,404 K 36,364 K Windows Explorer Microsoft Corporation

avgnt.exe 2008 5,176 K 3,364 K Antivirus System Tray Tool Avira GmbH

GrooveMonitor.exe 2028 2,824 K 6,704 K GrooveMonitor Utility Microsoft Corporation

zlclient.exe 2040 18,684 K 4,104 K ZoneAlarm Client Check Point Software Technologies LTD

igfxtray.exe 1332 1,212 K 3,592 K igfxTray Module Intel Corporation

hkcmd.exe 876 1,368 K 3,656 K hkcmd Module Intel Corporation

igfxpers.exe 2052 1,220 K 4,004 K persistence Module Intel Corporation

sidebar.exe 2268 16,652 K 29,180 K Windows Desktop Gadgets Microsoft Corporation

vidalia.exe 2400 23,396 K 23,832 K Vidalia vidalia-project.net

tor.exe 2988 15,424 K 20,000 K

polipo.exe 3048 1,180 K 2,828 K

uTorrent.exe 2460 3.04 14,472 K 18,036 K µTorrent BitTorrent, Inc.

chrome.exe 5952 34,552 K 50,896 K Google Chrome Google Inc.

chrome.exe 3124 41,764 K 50,964 K Google Chrome Google Inc.

chrome.exe 6044 0.76 10,176 K 15,900 K Google Chrome Google Inc.

chrome.exe 5168 15,764 K 21,272 K Google Chrome Google Inc.

chrome.exe 3032 10,304 K 15,976 K Google Chrome Google Inc.

chrome.exe 3096 10,096 K 16,004 K Google Chrome Google Inc.

procexp.exe 1032 1.52 14,788 K 27,668 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com

Ymsgr_tray.exe 5908 19,020 K 6,976 K Yahoo! Messenger Tray Yahoo! Inc.

Process: uTorrent.exe Pid: 2460

Name Description Company Name Version

ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 6.1.7600.16385

CLBCatQ.DLL COM+ Configuration Catalog Microsoft Corporation 2001.12.8530.16385

COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.10.7600.16385

comctl32.dll.mui User Experience Controls Library Microsoft Corporation 6.10.7600.16385

comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.1.7600.16385

CRYPTBASE.dll Base cryptographic API DLL Microsoft Corporation 6.1.7600.16385

CRYPTSP.dll Cryptographic Service Provider API Microsoft Corporation 6.1.7600.16385

dhcpcsvc.DLL DHCP Client Service Microsoft Corporation 6.1.7600.16385

dhcpcsvc6.DLL DHCPv6 Client Microsoft Corporation 6.1.7600.16385

DnsApi.dll DNS Client API DLL Microsoft Corporation 6.1.7600.16385

DUser.dll Windows DirectUser Engine Microsoft Corporation 6.1.7600.16385

duser.dll.mui Windows DirectUser Engine Microsoft Corporation 6.1.7600.16385

dwmapi.dll Microsoft Desktop Window Manager API Microsoft Corporation 6.1.7600.16385

FirewallAPI.dll Windows Firewall API Microsoft Corporation 6.1.7600.16385

fwpuclnt.dll FWP/IPsec User-Mode API Microsoft Corporation 6.1.7600.16385

GDI32.dll GDI Client DLL Microsoft Corporation 6.1.7600.16385

imageres.dll Windows Image Resource Microsoft Corporation 6.1.7600.16385

IMM32.DLL Multi-User Windows IMM32 API Client DLL Microsoft Corporation 6.1.7600.16385

Iphlpapi.dll IP Helper API Microsoft Corporation 6.1.7600.16385

kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 6.1.7600.16481

KERNELBASE.dll Windows NT BASE API Client DLL Microsoft Corporation 6.1.7600.16385

KernelBase.dll.mui Windows NT BASE API Client DLL Microsoft Corporation 6.1.7600.16385

locale.nls

LPK.dll Language Pack Microsoft Corporation 6.1.7600.16385

mdnsNSP.dll Bonjour Namespace Provider Apple Inc. 2.0.2.0

MSCTF.dll MSCTF Server DLL Microsoft Corporation 6.1.7600.16385

msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.7600.16385

mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 6.1.7600.16385

npmproxy.dll Network List Manager Proxy Microsoft Corporation 6.1.7600.16385

NSI.dll NSI User-mode interface DLL Microsoft Corporation 6.1.7600.16385

ntdll.dll NT Layer DLL Microsoft Corporation 6.1.7600.16385

ole32.dll Microsoft OLE for Windows Microsoft Corporation 6.1.7600.16385

oleaut32.dll Microsoft Corporation 6.1.7600.16385

profapi.dll User Profile Basic API Microsoft Corporation 6.1.7600.16385

psapi.dll Process Status Helper Microsoft Corporation 6.1.7600.16385

rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 6.1.7600.16385

RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 6.1.7600.16385

RpcRtRemote.dll Remote RPC Extension Microsoft Corporation 6.1.7600.16385

rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 6.1.7600.16385

sechost.dll Host for SCM/SDDL/LSA Lookup APIs Microsoft Corporation 6.1.7600.16385

SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.1.7600.16644

shfolder.dll Shell Folder Service Microsoft Corporation 6.1.7600.16385

SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.1.7600.16385

SortDefault.nls

SspiCli.dll Security Support Provider Interface Microsoft Corporation 6.1.7600.16385

StaticCache.dat

USER32.dll Multi-User Windows USER API Client DLL Microsoft Corporation 6.1.7600.16385

USERENV.dll Userenv Microsoft Corporation 6.1.7600.16385

USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.626.7600.16385

uTorrent.exe µTorrent BitTorrent, Inc. 2.0.4.21586

uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.1.7600.16385

VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 6.1.7600.16385

WINNSI.DLL Network Store Information RPC interface Microsoft Corporation 6.1.7600.16385

WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 6.1.7600.16385

wship6.dll Winsock2 Helper DLL (TL/IPv6) Microsoft Corporation 6.1.7600.16385

wshtcpip.dll Winsock2 Helper DLL (TL/IPv4) Microsoft Corporation 6.1.7600.16385

[Switeck]

I don't trust ZoneAlarm Pro...been TOO many people burned by problems with that software, some of which was intentionally hostile by the company that makes it.

[meegii13]

So what should I do now?

[paintball9]

Tor probably doesn't help the situation. You can't block any one specific port when using tor. Not to mention that we don't support the use of tor here. If you want help with that go to their site.

Try not using Tor. If it's setup right it should start working.

[moogly]

And use conservative settings.

http://forum.utorrent.com/viewtopic.php?id=58404

Anyway ZA is very known to cause bad issues with µT (and p2p traffic in general), especially under Vista/7. So you can remove it this overrated FW and install a better one like Comodo.

[Switeck]

Even Windows firewall is FAR more reliable than Zone Alarm, though it may not support all the features you want.

[meegii13]

Ok I just uninstalled ZoneAlarm and installed Comodo Firewall (according to the software firewall configuration guide).

Could anyone analyze my log please?

[moogly]

Which log?

[paintball9]

Tor is the only suspicious item on that log beside ZA which you've now removed. Has it not improved?