Jump to content

IRQL problem using uTorrent.


franx2000

Recommended Posts

I have read many posts around internet about this problem. And i have heared different solutions and it´s the firewall that is the problem and so on.

Well, why do i get BSOD IRQL problem when i use uTorrent but not when i download with any other software like Firefox?

Seems like uTorrent is to blame for this to me. It only occurs when i use uTorrent.

I have ZoneAlarm installed. But i did get a BSOD when i had shutdown ZoneAlarm and using uTorrent.

This is a pretty new computer (1 year old) so i doubt there is anything wrong with the hardware. It works very good when i´m not using uTorrent.

Any solutions what might have caused this problem? And how to fix it.

Link to comment
Share on other sites

I'm sure it's zone alarm, but you should probably do some checks too.

First of all, disabling zone-alarm doesn't actually disable it, it only stops notifying you. You need to actually uninstall it.

Secondly if you post HiJackThis and Process Explorer logs that may help us notice other possible suspects, There's a link in my signature to the instructions on how to make those logs.

Link to comment
Share on other sites

Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:15:47, on 2010-09-20

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\CheckPoint\ZAForceField\IswSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Avira\AntiVir Desktop\sched.exe

C:\Program\Avira\AntiVir Desktop\avguard.exe

C:\Program\CodeGear\RAD Studio\6.0\bin\BSQLServer.exe

C:\Program\Cobian Backup 10\cbVSCService.exe

C:\Program\Avira\AntiVir Desktop\avshadow.exe

C:\Program\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program\Avira\AntiVir Desktop\avgnt.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program\WorkTime\worktime.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\Program\CounterPath\X-Lite\x-lite.exe

C:\Program\Windows Live\Messenger\msnmsgr.exe

C:\Program\DAEMON Tools\daemon.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program\CheckPoint\ZAForceField\ForceField.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\sTabLauncher\sTabLauncher.exe

C:\Program\TrueCrypt\TrueCrypt.exe

C:\Program\Mozilla Thunderbird\thunderbird.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program\Hotspot Shield\HssIE\HssIE.dll

O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [iSW] "C:\Program\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"

O4 - HKLM\..\Run: [startCCC] "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program\ATI\ATICustomerCare\ATICustomerCare.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [WorkTime] C:\Program\WorkTime\worktime.exe

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program\Delade filer\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program\Delade filer\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [switchBoard] C:\Program\Delade filer\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [amd_dc_opt] C:\Program\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RoboForm] "C:\Program\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program\CounterPath\X-Lite\x-lite.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sTabLauncher] C:\Program\sTabLauncher\sTabLauncher.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: sTabLauncher.lnk = ?

O8 - Extra context menu item: Anpassa meny - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: Fyll i formulär - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: Logga ut - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComLogoff.html

O8 - Extra context menu item: RF verktygsfält - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program\Delade filer\SourceTec\SWF Catcher\InternetExplorer.htm

O8 - Extra context menu item: Spara formulär - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: Fyll i formulär - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fyll i formulär - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Spara - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Spara formulär - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: Logga ut - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComLogoff.html

O9 - Extra 'Tools' menuitem: Logga ut - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComLogoff.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RF verktygsfält - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program\Delade filer\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program\Delade filer\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1280257889000

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1280280865750

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{AFAF3243-8941-4CDF-B7E5-DFB0AA94869D}: NameServer = 85.194.160.66,194.165.224.165

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: BlackfishSQL - CodeGear - C:\Program\CodeGear\RAD Studio\6.0\bin\BSQLServer.exe

O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - C:\Program\Cobian Backup 10\cbVSCService.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program\Hotspot Shield\bin\openvpnas.exe

O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program\Hotspot Shield\HssWPR\hsssrv.exe

O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program\Hotspot Shield\bin\HssTrayService.EXE

O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program\Hotspot Shield\bin\hsswd.exe

O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program\CheckPoint\ZAForceField\IswSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program\Delade filer\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

O23 - Service: Windows Presentation Foundation Font Cache 4.0.0.0 (WPFFontCache_v0400) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (file missing)

--

End of file - 12153 bytes

Link to comment
Share on other sites

I´m not really comfortable with uninstalling my firewall. ZoneAlarm is also a very good firewall. But i did step one. Uninstall "Forceware network access manager" and started uTorrent. I haven´t started it in days since it crashes my comp. pretty fast. But i managed to download to files at a pretty descent speed. No BSOD so far.

I have used uTorrent for years now with ZoneAlarm and never had any problems. But this "Forceware stuff" i think came with my new computer. And everything has worked good until now. Can it be that the "Forceware stuff" is the real problem?

It works good for now. But i don´t know if it will last.

Link to comment
Share on other sites

No, the Forcewire stuff is only part of the problem.

Zone Alarm has a history of dangerous updates that lock up the computer, have glaring security flaws, or even attempts to install phone-home spyware. They don't quality control their own software well enough -- which is doubly sad because they are one of your first lines of defense against hostiles. :(

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...