Unkillable Utorrent

[FazFantastic]

Hi,

like an unkillable zombie, I cannot shut down utorrent. Even when I turn my PC off/on, UT comes back on (and the box 'start UT when windows starts' is not checked). This has only been happening for the last few days (before that, clicking the X in UT shut it down in a few seconds).

Having read what seems like every post on this subject, I have tried:

Disabling IPv6 (though that disconnected me from the net)

net.disable_incoming_ipv6 has been true & false

Unchecking both UPnP & NAT-PMP

I ran Process Explorer and 'killed' the Utorrent.exe process

'Énding the task' in Task Manager removes the icon from TM, but doesn't close UT

I don't have ZoneAlarm & I've turned my (Windows) firewall off and on

I even prayed.

Here's the HijackThis dump:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:30:14 AM, on 12/04/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16930)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=92&bd=Presario&pf=cndt

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=92&bd=Presario&pf=cndt

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=92&bd=Presario&pf=cndt

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\softonic\1.5.11.5\bh\softonic.dll

O3 - Toolbar: Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\softonic\1.5.11.5\softonicTlbr.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll

O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

I'm running a 32 bit version of Win 7 (ver 6.1) and Trend Micro.

Any suggestions??

Many thanks, FF

[DreadWingKnight]

Process explorer process list with the dll list for the utorrent.exe process please.

[FazFantastic]

Ta, DWW.

Is this what you're after...?

Process PID CPU Private Bytes Working Set Description Company Name

System Idle Process 0 87.48 0 K 24 K

System 4 0.83 64 K 1,264 K

Interrupts n/a 0.96 0 K 0 K Hardware Interrupts and DPCs

smss.exe 272 264 K 96 K

csrss.exe 416 < 0.01 2,508 K 1,668 K

conhost.exe 2416 < 0.01 1,000 K 532 K

conhost.exe 2444 < 0.01 556 K 280 K

wininit.exe 472 904 K 200 K

services.exe 520 4,592 K 3,700 K

svchost.exe 700 3,004 K 2,732 K Host Process for Windows Services Microsoft Corporation

igfxsrvc.exe 2744 1,656 K 2,172 K igfxsrvc Module Intel Corporation

dllhost.exe 2332 1,168 K 4,288 K COM Surrogate Microsoft Corporation

svchost.exe 776 3,424 K 4,088 K Host Process for Windows Services Microsoft Corporation

svchost.exe 872 0.04 16,952 K 9,580 K Host Process for Windows Services Microsoft Corporation

audiodg.exe 3544 16,704 K 15,420 K

svchost.exe 904 < 0.01 60,456 K 56,216 K Host Process for Windows Services Microsoft Corporation

dwm.exe 716 1.65 38,396 K 43,484 K Desktop Window Manager Microsoft Corporation

WUDFHost.exe 4068 1,628 K 648 K

svchost.exe 940 0.03 18,332 K 15,000 K Host Process for Windows Services Microsoft Corporation

wuauclt.exe 2276 1,396 K 1,056 K Windows Update Microsoft Corporation

svchost.exe 1080 < 0.01 7,236 K 7,020 K Host Process for Windows Services Microsoft Corporation

svchost.exe 1172 < 0.01 15,520 K 5,736 K Host Process for Windows Services Microsoft Corporation

spoolsv.exe 1296 4,828 K 2,872 K Spooler SubSystem App Microsoft Corporation

svchost.exe 1356 0.01 10,256 K 5,804 K Host Process for Windows Services Microsoft Corporation

coreServiceShell.exe 1452 0.98 150,860 K 34,452 K Trend Micro Anti-Malware Solution Platform Trend Micro Inc.

uiWatchDog.exe 1580 0.02 816 K 188 K

coreFrameworkHost.exe 2436 5,248 K 308 K

armsvc.exe 1540 820 K 212 K Adobe Acrobat Update Service Adobe Systems Incorporated

svchost.exe 1572 < 0.01 5,488 K 4,644 K Host Process for Windows Services Microsoft Corporation

LSSrvc.exe 1624 872 K 232 K LightScribe Service Hewlett-Packard Company

svchost.exe 1736 < 0.01 4,984 K 1,840 K Host Process for Windows Services Microsoft Corporation

taskhost.exe 2092 7,424 K 3,872 K Host Process for Windows Tasks Microsoft Corporation

SearchIndexer.exe 3520 < 0.01 29,916 K 8,752 K Microsoft Windows Search Indexer Microsoft Corporation

SearchProtocolHost.exe 3264 < 0.01 1,932 K 6,492 K

SearchFilterHost.exe 688 1,640 K 4,628 K

wmpnetwk.exe 3664 < 0.01 5,124 K 5,708 K Windows Media Player Network Sharing Service Microsoft Corporation

svchost.exe 3640 0.01 76,272 K 15,028 K Host Process for Windows Services Microsoft Corporation

svchost.exe 2544 1,728 K 1,908 K Host Process for Windows Services Microsoft Corporation

OSPPSVC.EXE 664 2,476 K 9,204 K

lsass.exe 532 3,080 K 3,232 K Local Security Authority Process Microsoft Corporation

lsm.exe 540 1,348 K 1,240 K

csrss.exe 504 0.19 4,756 K 7,140 K

winlogon.exe 608 1,944 K 1,676 K

explorer.exe 1760 0.10 66,484 K 51,124 K Windows Explorer Microsoft Corporation

hkcmd.exe 2648 1,404 K 1,024 K hkcmd Module Intel Corporation

igfxpers.exe 2656 1,152 K 1,720 K persistence Module Intel Corporation

firefox.exe 1692 0.11 118,548 K 126,824 K Firefox Mozilla Corporation

plugin-container.exe 2944 22,240 K 23,796 K Plugin Container for Firefox Mozilla Corporation

procexp.exe 3888 6.68 17,232 K 38,112 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com

uTorrent.exe 536 0.90 59,816 K 58,224 K µTorrent BitTorrent, Inc.

notepad.exe 1776 1,144 K 8,932 K Notepad Microsoft Corporation

Process: uTorrent.exe Pid: 536

Name Description Company Name Version

advapi32.dll Advanced Windows 32 Base API Microsoft Corporation 6.1.7600.16385

apisetschema.dll ApiSet Schema DLL Microsoft Corporation 6.1.7600.16385

atl.dll ATL Module for Windows XP (Unicode) Microsoft Corporation 3.5.2284.0

bcrypt.dll Windows Cryptographic Primitives Library Microsoft Corporation 6.1.7600.16385

bcryptprimitives.dll Windows Cryptographic Primitives Library Microsoft Corporation 6.1.7600.16385

cfgmgr32.dll Configuration Manager DLL Microsoft Corporation 6.1.7600.16385

clbcatq.dll COM+ Configuration Catalog Microsoft Corporation 2001.12.8530.16385

comctl32.dll User Experience Controls Library Microsoft Corporation 6.10.7600.16661

comctl32.dll.mui User Experience Controls Library Microsoft Corporation 6.10.7600.16385

comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.1.7600.16385

credssp.dll Credential Delegation Security Package Microsoft Corporation 6.1.7600.16385

crypt32.dll Crypto API32 Microsoft Corporation 6.1.7600.16385

cryptbase.dll Base cryptographic API DLL Microsoft Corporation 6.1.7600.16385

cryptsp.dll Cryptographic Service Provider API Microsoft Corporation 6.1.7600.16385

devobj.dll Device Information Set DLL Microsoft Corporation 6.1.7600.16385

dhcpcsvc.dll DHCP Client Service Microsoft Corporation 6.1.7600.16385

dhcpcsvc6.dll DHCPv6 Client Microsoft Corporation 6.1.7600.16385

dnsapi.dll DNS Client API DLL Microsoft Corporation 6.1.7600.16772

duser.dll Windows DirectUser Engine Microsoft Corporation 6.1.7600.16385

duser.dll.mui Windows DirectUser Engine Microsoft Corporation 6.1.7600.16385

dwmapi.dll Microsoft Desktop Window Manager API Microsoft Corporation 6.1.7600.16385

FirewallAPI.dll Windows Firewall API Microsoft Corporation 6.1.7600.16385

FWPUCLNT.DLL FWP/IPsec User-Mode API Microsoft Corporation 6.1.7600.16385

gdi32.dll GDI Client DLL Microsoft Corporation 6.1.7600.16385

gpapi.dll Group Policy Client API Microsoft Corporation 6.1.7600.16385

hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 6.1.7600.16385

iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 8.0.7600.16930

imageres.dll Windows Image Resource Microsoft Corporation 6.1.7600.16385

imm32.dll Multi-User Windows IMM32 API Client DLL Microsoft Corporation 6.1.7600.16385

index.dat

index.dat

index.dat

IPHLPAPI.DLL IP Helper API Microsoft Corporation 6.1.7600.16385

kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 6.1.7600.16850

KernelBase.dll Windows NT BASE API Client DLL Microsoft Corporation 6.1.7600.16850

KernelBase.dll.mui Windows NT BASE API Client DLL Microsoft Corporation 6.1.7600.16385

locale.nls

lpk.dll Language Pack Microsoft Corporation 6.1.7600.16385

msasn1.dll ASN.1 Runtime APIs Microsoft Corporation 6.1.7600.16415

msctf.dll MSCTF Server DLL Microsoft Corporation 6.1.7600.16385

msimg32.dll GDIEXT Client DLL Microsoft Corporation 6.1.7600.16385

msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.7600.16930

mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 6.1.7600.16385

msxml3.dll MSXML 3.0 SP11 Microsoft Corporation 8.110.7600.16605

msxml3r.dll XML Resources Microsoft Corporation 8.110.7600.16385

ncrypt.dll Windows cryptographic library Microsoft Corporation 6.1.7600.16385

netshell.dll Network Connections Shell Microsoft Corporation 6.1.7600.16385

netutils.dll Net Win32 API Helpers DLL Microsoft Corporation 6.1.7600.16385

nlaapi.dll Network Location Awareness 2 Microsoft Corporation 6.1.7600.16385

npmproxy.dll Network List Manager Proxy Microsoft Corporation 6.1.7600.16385

nsi.dll NSI User-mode interface DLL Microsoft Corporation 6.1.7600.16385

ntdll.dll NT Layer DLL Microsoft Corporation 6.1.7600.16915

ntmarta.dll Windows NT MARTA provider Microsoft Corporation 6.1.7600.16385

ole32.dll Microsoft OLE for Windows Microsoft Corporation 6.1.7600.16624

oleaut32.dll Microsoft Corporation 6.1.7600.16872

profapi.dll User Profile Basic API Microsoft Corporation 6.1.7600.16385

psapi.dll Process Status Helper Microsoft Corporation 6.1.7600.16385

R00000000000d.clb

rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 6.1.7600.16385

rpcrt4.dll Remote Procedure Call Runtime Microsoft Corporation 6.1.7600.16385

RpcRtRemote.dll Remote RPC Extension Microsoft Corporation 6.1.7600.16385

rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 6.1.7600.16385

sechost.dll Host for SCM/SDDL/LSA Lookup APIs Microsoft Corporation 6.1.7600.16385

secur32.dll Security Support Provider Interface Microsoft Corporation 6.1.7600.16915

setupapi.dll Windows Setup API Microsoft Corporation 6.1.7600.16385

shell32.dll Windows Shell Common Dll Microsoft Corporation 6.1.7600.16644

shlwapi.dll Shell Light-weight Utility Library Microsoft Corporation 6.1.7600.16385

slc.dll Software Licensing Client Dll Microsoft Corporation 6.1.7600.16385

SortDefault.nls

ssdpapi.dll SSDP Client API DLL Microsoft Corporation 6.1.7600.16385

sspicli.dll Security Support Provider Interface Microsoft Corporation 6.1.7600.16915

StaticCache.dat

sxs.dll Fusion 2.5 Microsoft Corporation 6.1.7600.16385

upnp.dll UPnP Control Point API Microsoft Corporation 6.1.7600.16385

urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 8.0.7600.16930

user32.dll Multi-User Windows USER API Client DLL Microsoft Corporation 6.1.7600.16385

userenv.dll Userenv Microsoft Corporation 6.1.7600.16385

usp10.dll Uniscribe Unicode script processor Microsoft Corporation 1.626.7600.16385

uTorrent.exe µTorrent BitTorrent, Inc. 3.1.2.26773

uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.1.7600.16385

version.dll Version Checking and File Installation Libraries Microsoft Corporation 6.1.7600.16385

webio.dll Web Transfer Protocols API Microsoft Corporation 6.1.7600.16915

winhttp.dll Windows HTTP Services Microsoft Corporation 6.1.7600.16385

wininet.dll Internet Extensions for Win32 Microsoft Corporation 8.0.7600.16930

winnsi.dll Network Store Information RPC interface Microsoft Corporation 6.1.7600.16385

wintrust.dll Microsoft Trust Verification APIs Microsoft Corporation 6.1.7600.16493

wkscli.dll Workstation Service Client DLL Microsoft Corporation 6.1.7600.16385

Wldap32.dll Win32 LDAP API DLL Microsoft Corporation 6.1.7600.16385

ws2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 6.1.7600.16385

wship6.dll Winsock2 Helper DLL (TL/IPv6) Microsoft Corporation 6.1.7600.16385

WSHTCPIP.DLL Winsock2 Helper DLL (TL/IPv4) Microsoft Corporation 6.1.7600.16385

Also, in Process Explorer I searched for a 'handle or DLL substring', searching the word 'torrent'. The results (which I don't seem to be able to save) came back with two utorrent.exe processes with a 'type' of 'mutant' (most of the other types where DLL or Thread). The names of these two mutants where:

\Sessions\1\BaseNamedObjects\uTorrent4823DF041B09; and

\Sessions\1\BaseNamedObjects\uTorrenntShareMutex4823DF041B09.

Cheers, FF

[DreadWingKnight]

What is the size of your settings.dat file in %appdata%\utorrent ?

[FazFantastic]

First up, apologies for not getting your name right, DWK.

And it's 32kb.

[DreadWingKnight]

How many torrents do you normally have loaded?

Do you have any advanced settings in the preferences changed away from their defaults?

[FazFantastic]

Yeah, I should have said as I did read that too many torrents can be a problem. I did have a few, but now have only one downloading, 6 queued to download and 14 seeding (those that took me ages to download or are my personal favorites that are worth sharing!).

I did have a bunch of non default settings -- tweaks gleaned from this very forum -- but I made them several months ago. Still, I returned every setting to default (none of the settings/values now have an asterisk).

[mcaspi]

Check "start UT when windows starts", apply, uncheck "start UT when windows starts", apply, reboot and see if it runs on startup.

[FazFantastic]

Unbelievable. The computer seized on re-booting and I had to go thru some Windows fix options and voila, UT opens and shuts like a dream. Brilliant suggestion (though I think the fixes may have had something to do with the solution!!).

On a related topic: I 'removed' a lot of torrents from UT and would like them back, so I can keep seeding them. The downloaded files are still in the same place. Any suggestions?? Ta.

[mcaspi]

If you have the .torrent files click "Add Torrent" and add them. If not you'll have to download again these small files.

[FazFantastic]

Cool, ta. And thanks to you, DWK.