evgbal Posted January 9, 2008 Report Share Posted January 9, 2008 Hi!The program loses handles it is visible in the TaskManager of problems after long continuous work. Speed of outflow makes somewhere 1-3 handles in a second. After resources of system come to an end under abnormal condition process svchost.exe comes to the end.How this problem can be solved?Best regals, Evgeniy Link to comment Share on other sites More sharing options...
DreadWingKnight Posted January 9, 2008 Report Share Posted January 9, 2008 Missing: required information: http://forum.utorrent.com/viewtopic.php?id=29748 Link to comment Share on other sites More sharing options...
jewelisheaven Posted January 9, 2008 Report Share Posted January 9, 2008 Have you checked for http://utorrent.com/faq.php#Incompatible_software . . . Also before it closed, you weren't re-checking or hashing a large file were you? File Handles are extensively used during those processes.As far as the tutorial linked, HiJackThis is rather simple. But for Process Explorer to get it to look, and paste what they are looking for you need to: download the zip, unzip the zip, open procexp.exe, Ctrl-L, Ctrl-D, click on utorrent.exe, Ctrl-A to save logfile. After that, copy-paste below Link to comment Share on other sites More sharing options...
Firon Posted January 9, 2008 Report Share Posted January 9, 2008 Sounds to me like you've got a firewall leaking handles. If it was a ut bug, more people would see it. Link to comment Share on other sites More sharing options...
evgbal Posted January 9, 2008 Author Report Share Posted January 9, 2008 To: FironXP Std Firewall disabled and other firewall not used.To: Support1. hijackthis.logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 22:13:05, on 09.01.2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:Q:\WINDOWS\System32\smss.exeQ:\WINDOWS\system32\winlogon.exeQ:\WINDOWS\system32\services.exeQ:\WINDOWS\system32\lsass.exeQ:\WINDOWS\system32\svchost.exeQ:\WINDOWS\System32\svchost.exeQ:\WINDOWS\system32\spoolsv.exeQ:\WINDOWS\Explorer.EXEQ:\Program Files\DrWeb AV-Desk\drwagnui.exeQ:\Program Files\DrWeb AV-Desk\spiderml.exeQ:\PROGRA~1\DRWEBA~1\spiderui.exeQ:\Program Files\Java\jre1.6.0_03\bin\jusched.exeQ:\WINDOWS\system32\drivers\CDAC11BA.EXEQ:\WINDOWS\system32\ctfmon.exeQ:\WINDOWS\system32\cisvc.exeQ:\WINDOWS\system32\inetsrv\inetinfo.exeQ:\Program Files\Total Commander\Totalcmd.exeQ:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEQ:\WINDOWS\system32\tcpsvcs.exeQ:\WINDOWS\System32\snmp.exeQ:\PROGRA~1\DRWEBA~1\spidernt.exeQ:\WINDOWS\system32\mqsvc.exeQ:\WINDOWS\system32\mqtgsvc.exeQ:\Program Files\DrWeb AV-Desk\drwagntd.exeQ:\Program Files\uTorrent\uTorrent.exeQ:\WINDOWS\system32\cidaemon.exeQ:\WINDOWS\system32\cidaemon.exeQ:\Program Files\Internet Explorer\iexplore.exeQ:\Program Files\Internet Explorer\iexplore.exeQ:\PROGRA~1\ICQ6\ICQ.exeQ:\Program Files\Total Commander\Totalcmd.exeQ:\WINDOWS\system32\taskmgr.exeQ:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = СсылкиO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Q:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: TBSB00196 - {1236D836-E9BA-4175-894F-2072A14D5A26} - Q:\Program Files\WebMoney Advisor\wmadvisor.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Q:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO3 - Toolbar: WebMoney Advisor - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - Q:\Program Files\WebMoney Advisor\wmadvisor.dllO4 - HKLM\..\Run: [DrWebAgentUI] "Q:\Program Files\DrWeb AV-Desk\drwagnui.exe"O4 - HKLM\..\Run: [spIDerMail] "Q:\Program Files\DrWeb AV-Desk\spiderml.exe"O4 - HKLM\..\Run: [spIDerNT] Q:\PROGRA~1\DRWEBA~1\spiderui.exe /agentO4 - HKLM\..\Run: [NBKeyScan] "Q:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"O4 - HKLM\..\Run: [NeroFilterCheck] Q:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "Q:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dllO4 - HKCU\..\Run: [CTFMON.EXE] Q:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "Q:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] Q:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] Q:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] Q:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] Q:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Total Commander.lnk = Q:\Program Files\Total Commander\Totalcmd.exeO4 - Startup: vpn.spb.corbina.net.lnk = ?O4 - Startup: µTorrent.lnk = Q:\Program Files\uTorrent\uTorrent.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = Q:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exeO4 - Global Startup: Adobe Reader Synchronizer.lnk = Q:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exeO8 - Extra context menu item: &Экспорт в Microsoft Excel - res://J:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Q:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Q:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: WebMoney Advisor - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - Q:\Program Files\WebMoney Advisor\wmadvisor.dllO9 - Extra 'Tools' menuitem: WebMoney Advisor - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - Q:\Program Files\WebMoney Advisor\wmadvisor.dllO9 - Extra button: Справочные материалы - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - J:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - Q:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - Q:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - Q:\Program Files\ICQ6\ICQ.exeO9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - Q:\Program Files\ICQ6\ICQ.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Q:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Q:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: q:\windows\system32\nwprovau.dllO15 - Trusted Zone: http://cf-charts.iitech.dkO15 - Trusted Zone: http://www.saxobank.comO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199823989773O17 - HKLM\System\CCS\Services\Tcpip\..\{F078E569-BC5B-4196-9C73-3072631715AA}: NameServer = 195.14.50.1 195.14.50.21O23 - Service: C-DillaCdaC11BA - Macrovision - Q:\WINDOWS\system32\drivers\CDAC11BA.EXEO23 - Service: Dr.Web® AV-Desk Agent (drwagntd) - Doctor Web, Ltd. - Q:\Program Files\DrWeb AV-Desk\drwagntd.exeO23 - Service: Dr.Web® AV-Desk Upgrade Service (drwupgrade) - Doctor Web, Ltd. - Q:\Program Files\DrWeb AV-Desk\0\drwupgrade.exeO23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - Q:\WINDOWS\system32\services.exeO23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - Q:\WINDOWS\system32\imapi.exeO23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация Майкрософт - Q:\WINDOWS\system32\mnmsrvc.exeO23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - Q:\WINDOWS\system32\services.exeO23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - Q:\WINDOWS\system32\sessmgr.exeO23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - Q:\WINDOWS\System32\SCardSvr.exeO23 - Service: Служба SNMP (SNMP) - Корпорация Майкрософт - Q:\WINDOWS\System32\snmp.exeO23 - Service: SpIDer Guard for Windows (SPIDERNT) - Doctor Web, Ltd. - Q:\PROGRA~1\DRWEBA~1\spidernt.exeO23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - Q:\WINDOWS\system32\smlogsvc.exeO23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - Q:\WINDOWS\System32\vssvc.exeO23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - Q:\WINDOWS\system32\wbem\wmiapsrv.exe--End of file - 7682 bytes2. Process Explorer reported:Process PID CPU Description Company NameSystem Idle Process 0 90.29 Interrupts n/a Hardware Interrupts DPCs n/a Deferred Procedure Calls System 4 smss.exe 592 Диспетчер сеанса Windows NT Корпорация Майкрософт csrss.exe 648 Client Server Runtime Process Microsoft Corporation winlogon.exe 672 Программа входа в систему Windows NT Корпорация Майкрософт services.exe 716 0.97 Приложение служб и контроллеров Корпорация Майкрософт svchost.exe 924 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 972 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1076 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1168 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1252 Generic Host Process for Win32 Services Microsoft Corporation spoolsv.exe 1448 Spooler SubSystem App Microsoft Corporation msdtc.exe 1948 MS DTC console program Microsoft Corporation CDAC11BA.EXE 256 Macrovision RTS Service Macrovision cisvc.exe 336 4.85 Content Index service Microsoft Corporation cidaemon.exe 3496 Indexing Service filter daemon Microsoft Corporation cidaemon.exe 3520 Indexing Service filter daemon Microsoft Corporation inetinfo.exe 448 Internet Information Services Корпорация Майкрософт (Microsoft Corp.) MDM.EXE 480 Machine Debug Manager Microsoft Corporation tcpsvcs.exe 1260 TCP/IP Services Application Microsoft Corporation snmp.exe 1360 Служба SNMP Корпорация Майкрософт SPIDERNT.EXE 1544 SpIDer Guard Service Doctor Web, Ltd. wdfmgr.exe 1696 Windows User Mode Driver Manager Microsoft Corporation mqsvc.exe 1896 Message Queuing Service Microsoft Corporation mqtgsvc.exe 2420 Windows NT MSMQ Trigger Service Microsoft Corporation DRWAGNTD.EXE 2612 Dr.Web® AV-Desk Agent Doctor Web, Ltd. alg.exe 2920 Application Layer Gateway Service Microsoft Corporation lsass.exe 728 LSA Shell (Export Version) Microsoft Corporationexplorer.exe 1816 1.94 Проводник Корпорация Майкрософт DRWAGNUI.EXE 2020 Dr.Web® AV-Desk Agent UI Doctor Web, Ltd. SPIDERML.EXE 2032 SpIDer Mail ® for Windows Workstation Doctor Web, Ltd. SPIDERUI.EXE 192 SpIDer Guard UI Agent Doctor Web, Ltd. jusched.exe 220 Java Platform SE binary Sun Microsystems, Inc. ctfmon.exe 280 CTF Loader Microsoft Corporation Totalcmd.exe 456 Total Commander 32 bit international version, file manager replacement for Windows C. Ghisler & Co. procexp.exe 3576 0.97 Sysinternals Process Explorer Sysinternals uTorrent.exe 3268 0.97 iexplore.exe 3880 Internet Explorer Microsoft Corporation iexplore.exe 584 Internet Explorer Microsoft Corporation Totalcmd.exe 3472 Total Commander 32 bit international version, file manager replacement for Windows C. Ghisler & Co. cmd.exe 3872 Обработчик команд Windows Корпорация Майкрософт iexplore.exe 620 Internet Explorer Microsoft Corporation taskmgr.exe 1120 Диспетчер задач Windows Корпорация МайкрософтICQ.exe 1276 ICQ Library ICQ, Inc.HijackThis.exe 1932 HijackThis Trend Micro Inc.Process: uTorrent.exe Pid: 3268Name Description Company Name Version<Pagefile Backed> <Pagefile Backed> <Pagefile Backed> <Pagefile Backed> <Pagefile Backed> <Pagefile Backed> <Pagefile Backed> <Pagefile Backed> <Pagefile Backed> <Pagefile Backed> <Pagefile Backed> <Pagefile Backed> <Pagefile Backed> <Pagefile Backed> <Pagefile Backed> <Pagefile Backed> <Pagefile Backed> <Pagefile Backed> <Pagefile Backed> <Pagefile Backed> <Pagefile Backed> <Pagefile Backed> <Pagefile Backed> <Pagefile Backed> <Pagefile Backed> ACTIVEDS.dll Библиотека DLL уровня маршрутизатора AD Корпорация Майкрософт 5.01.2600.2180adsldpc.dll Библиотека DLL поставщика LDAP AD Корпорация Майкрософт 5.01.2600.2180ADVAPI32.dll Расширенная библиотека API Windows 32 Корпорация Майкрософт 5.01.2600.2180ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0000CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0308COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2982comdlg32.dll Библиотека общих диалоговых окон Корпорация Майкрософт 6.00.2900.2180COMRes.dll Корпорация Майкрософт 2001.12.4414.0258ctype.nls DNSAPI.dll DNS Client API DLL Microsoft Corporation 5.01.2600.2938DRWEBSP.DLL Dr.Web Winsock Provider Hook Doctor Web, Ltd. 4.44.0000.11060GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.3159hnetcfg.dll Диспетчер конфигурации домашней сети Корпорация Майкрософт 5.01.2600.2180IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.2180Iphlpapi.dll API модуля поддержки IP Корпорация Майкрософт 5.01.2600.2912kernel32.dll Библиотека клиента Windows NT BASE API Корпорация Майкрософт 5.01.2600.3119locale.nls MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.01.2600.2180MSCTF.dll Библиотека (DLL) MSCTF-сервера Корпорация Майкрософт 5.01.2600.2180msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.01.2600.2180msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.2180mswsock.dll Расширение поставщика службы API Microsoft Windows Sockets 2.0 Корпорация Майкрософт 5.01.2600.2180NETAPI32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.2180ntdll.dll Системная библиотека NT Корпорация Майкрософт 5.01.2600.2180ole32.dll Microsoft OLE для Windows Корпорация Майкрософт 5.01.2600.2726oleaut32.dll Microsoft Corporation 5.01.2600.3139pnrpnsp.dll PNRP Name Space Provider Microsoft Corporation 5.01.2600.2180rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.2938RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.3173rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.2180SAMLIB.dll SAM Library DLL Microsoft Corporation 5.01.2600.2180Secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.2180SETUPAPI.dll Windows Setup API Корпорация Майкрософт 5.01.2600.2180SHELL32.dll Общая библиотека оболочки Windows Корпорация Майкрософт 6.00.2900.3241SHLWAPI.dll Библиотека небольших программ оболочки Корпорация Майкрософт 6.00.2900.3231sortkey.nls sorttbls.nls unicode.nls USER32.dll Библиотека клиента USER API Windows XP Корпорация Майкрософт 5.01.2600.3099uTorrent.exe uxtheme.dll Библиотека тем UxTheme (Microsoft) Корпорация Майкрософт 6.00.2900.2180VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 5.01.2600.2180WLDAP32.dll Win32 LDAP API DLL Корпорация Майкрософт 5.01.2600.2180WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180WS2HELP.dll Модуль поддержки Windows Socket 2.0 для Windows NT Корпорация Майкрософт 5.01.2600.2180wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.21803. No Crash dump4. Task Manager in column "Handles" show 7500 per 1 hour after restart and incrementing this value all time.Windows Task Manager -> View -> Select columns -> "Handle Count"In Grid column "Handles" Link to comment Share on other sites More sharing options...
jewelisheaven Posted January 9, 2008 Report Share Posted January 9, 2008 Would it be possible to tell your AV to not inject itself:relevant line is DRWEBSP.DLL Dr.Web Winsock Provider Hook Doctor Web, Ltd. 4.44.0000.11060 .Also things you may or may not be aware of: you have layered service provider injection: O10 - Unknown file in Winsock LSP: q:\windows\system32\nwprovau.dllAnd I'm amazed you let C-Dilla live on your computer. I guess you let WebMoney advisor help you with your saxobank account so that's OK.See if you can add uTorrent to an exception list for your AV "winsock hook", it's not necessary. Link to comment Share on other sites More sharing options...
Ultima Posted January 9, 2008 Report Share Posted January 9, 2008 If the handles count in the task manager includes GDI handles (and IINM, it does), then just FYI, several GDI leaks were fixed in µTorrent 1.8 (currently in alpha testing).If you'd like, you can try the alpha build here. Just as a precautionary step, be sure you back up your settings if you decide to take the plunge. Link to comment Share on other sites More sharing options...
evgbal Posted January 9, 2008 Author Report Share Posted January 9, 2008 I install new µTorrent 1.8 alpha upx.http://download.utorrent.com/beta/utorrent-1.8-alpha-7676.upx.exeno effect May be influences NTFS compressed file system disk Q:\ ?File q:\windows\system32\nwprovau.dll 5.1.2600.3015 (xpsp_sp2_gdr.061013-0145)OS Microsoft® Windows®c-dilla is disabled now Link to comment Share on other sites More sharing options...
jewelisheaven Posted January 10, 2008 Report Share Posted January 10, 2008 If nothing else unexpected shows up for an injected DLL list of the utorrent process in Process Explorer and you are still showing handles increasing, as Ultima said both User and GDI Objects had leaks which were fixed in 1.8. If you are still experiencing them with 1.8 it is most certainly another program still injected. Link to comment Share on other sites More sharing options...
Firon Posted January 10, 2008 Report Share Posted January 10, 2008 I would try uninstalling c-dilla, instead of disabling it.You should find what DRWEBSP.DLL belongs to and remove it. Link to comment Share on other sites More sharing options...
jewelisheaven Posted January 10, 2008 Report Share Posted January 10, 2008 For some reason the antivirus has an addon for "winsock hooking" heh... you ever heard of such a feature? Link to comment Share on other sites More sharing options...
evgbal Posted January 11, 2008 Author Report Share Posted January 11, 2008 Uninstall drweb and have trouble resolved!Thanks all! =)Howto kill monster c-dilla? Link to comment Share on other sites More sharing options...
Firon Posted January 12, 2008 Report Share Posted January 12, 2008 If uninstalling Dr. Web worked, there's no need to remove c-dilla, I guess. Link to comment Share on other sites More sharing options...
Ultima Posted January 13, 2008 Report Share Posted January 13, 2008 Hrm... I wonder if there are any other Dr.Web users out there that can confirm this behavior... Link to comment Share on other sites More sharing options...
Drew42 Posted January 21, 2008 Report Share Posted January 21, 2008 I'm also having this problem with the handles continually climbing. I had Dr.Web installed, but never used it so uninstalled it. Restarted Firefox and uTorrent, still having the same problem. I had this problem with version 1.7.5 and now with 1.7.6 build (7859). Handle count was over 200k after running for around 30 hours.HijackThis:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:12:47 PM, on 1/20/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Program Files\ATI Technologies\ATI.ACE\CLI.EXEC:\WINDOWS\System32\cisvc.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\WINDOWS\system32\cidaemon.exeC:\WINDOWS\system32\SearchIndexer.exeC:\Program Files\AutoGK\AutoGK.exeC:\Program Files\Windows Desktop Search\WindowsSearch.exeC:\Program Files\PeerGuardian2\pg2.exeC:\Program Files\uTorrent\utorrent.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\SearchProtocolHost.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: (no name) - -{7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLLO3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dllO3 - Toolbar: BeInSync - {4F2530BA-8C1D-4A6A-8BA0-74E93ADC9B12} - C:\PROGRA~1\BeInSync\BISShellEx.dllO4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exeO4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exeO8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLLO9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exeO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cabO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162297001306O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162785635640O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://cid-c31d6e21bd734b43.skydrive.live.com/Microsoft.Live.Folders.RichUpload.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = int.callwave.com,callwave.comO17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = int.callwave.com,callwave.comO17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = int.callwave.com,callwave.comO17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = int.callwave.com,callwave.comO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLLO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe--End of file - 9113 bytesProcess ExplorerProcess PID CPU Description Company Name HandlesSystem Idle Process 0 96.92 0 Interrupts n/a Hardware Interrupts 0 DPCs n/a Deferred Procedure Calls 0 System 4 1,987 smss.exe 660 Windows NT Session Manager Microsoft Corporation 21 csrss.exe 724 Client Server Runtime Process Microsoft Corporation 640 winlogon.exe 752 Windows NT Logon Application Microsoft Corporation 1,705 services.exe 804 Services and Controller app Microsoft Corporation 430 ati2evxx.exe 968 ATI External Event Utility EXE Module ATI Technologies Inc. 84 svchost.exe 980 Generic Host Process for Win32 Services Microsoft Corporation 216 svchost.exe 1068 Generic Host Process for Win32 Services Microsoft Corporation 362 MsMpEng.exe 1180 Service Executable Microsoft Corporation 300 svchost.exe 1220 Generic Host Process for Win32 Services Microsoft Corporation 2,259 svchost.exe 1252 Generic Host Process for Win32 Services Microsoft Corporation 105 svchost.exe 1396 Generic Host Process for Win32 Services Microsoft Corporation 121 svchost.exe 1496 Generic Host Process for Win32 Services Microsoft Corporation 287 aswUpdSv.exe 1676 avast! Antivirus updating service ALWIL Software 27 ashServ.exe 1724 avast! antivirus service ALWIL Software 285 spoolsv.exe 1896 Spooler SubSystem App Microsoft Corporation 147 cisvc.exe 1132 Content Index service Microsoft Corporation 227 cidaemon.exe 2480 Indexing Service filter daemon Microsoft Corporation 167 DkService.exe 1164 Diskeeper Service Diskeeper Corporation 322 svchost.exe 2408 Generic Host Process for Win32 Services Microsoft Corporation 122 ashMaiSv.exe 2696 avast! e-Mail Scanner Service ALWIL Software 96 ashWebSv.exe 2768 avast! Web Scanner ALWIL Software 193 alg.exe 3300 Application Layer Gateway Service Microsoft Corporation 108 searchindexer.exe 3020 Microsoft Windows Search Indexer Microsoft Corporation 1,585 lsass.exe 816 LSA Shell (Export Version) Microsoft Corporation 449 ati2evxx.exe 1316 ATI External Event Utility EXE Module ATI Technologies Inc. 103explorer.exe 484 1.54 Windows Explorer Microsoft Corporation 59,641 MSASCui.exe 608 Windows Defender User Interface Microsoft Corporation 532 ashDisp.exe 472 avast! service GUI component ALWIL Software 189 daemon.exe 424 Virtual DAEMON Manager DT Soft Ltd. 374 ctfmon.exe 1332 CTF Loader Microsoft Corporation 198 AutoGK.exe 5736 AVI conversion front-end autogk.net 24,097 WindowsSearch.exe 4988 Windows Desktop Search System Tray Microsoft Corporation 301 pg2.exe 4000 PeerGuardian 2 Methlabs 226 utorrent.exe 3472 214,562 procexp.exe 4964 1.54 Sysinternals Process Explorer Sysinternals 349CLI.exe 928 CLI Application (Command Line Interface) ATI Technologies Inc. 451 CLI.exe 2176 CLI Application (Command Line Interface) ATI Technologies Inc. 300firefox.exe 5460 Firefox Mozilla Corporation 328 WinRAR.exe 500 239Process: utorrent.exe Pid: 3472Name Description Company Name VersionACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation 5.01.2600.2180adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.01.2600.2180ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.2180appHelp.dll Application Compatibility Client Library Microsoft Corporation 5.01.2600.2180ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0000ATL80.DLL ATL Module for Windows (Unicode) Microsoft Corporation 8.00.50727.0042browseui.dll Shell Browser UI Library Microsoft Corporation 6.00.2900.2995CFGMGR32.dll Configuration Manager Forwarder DLL Microsoft Corporation 5.01.2600.2180CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0308COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2982comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.2900.2180COMRes.dll Microsoft Corporation 2001.12.4414.0258CRYPT32.dll Crypto API32 Microsoft Corporation 5.131.2600.2180CRYPTUI.dll Microsoft Trust UI Provider Microsoft Corporation 5.131.2600.2180CSCDLL.dll Offline Network Agent Microsoft Corporation 5.01.2600.2180cscui.dll Client Side Caching UI Microsoft Corporation 5.01.2600.2180ctype.nls davclnt.dll Web DAV Client DLL Microsoft Corporation 5.01.2600.2180DNSAPI.dll DNS Client API DLL Microsoft Corporation 5.01.2600.2938drprov.dll Microsoft Terminal Server Network Provider Microsoft Corporation 5.01.2600.2180fsshext.8.1.0178.00.dll Messenger File Sharing Shell Extensions Microsoft Corporation 8.01.0178.0000GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.3159gdiplus.dll Microsoft GDI+ Microsoft Corporation 5.01.3102.2180GR99D3~1.DLL GrooveSystemServices Module Microsoft Corporation 12.00.4518.1014GRA8E1~1.DLL GrooveShellExtensions Module Microsoft Corporation 12.00.4518.1014GrooveNew.DLL GrooveNew Module Microsoft Corporation 12.00.4518.1014GrooveUtil.DLL GrooveUtil Module Microsoft Corporation 12.00.4518.1014hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.01.2600.2180ieframe.dll Internet Explorer Microsoft Corporation 7.00.6000.16574iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 7.00.6000.16574IMAGEHLP.dll Windows NT Image Helper Microsoft Corporation 5.01.2600.2180IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.2180index.dat index.dat index.dat Iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.2912kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.3119LINKINFO.dll Windows Volume Tracking Microsoft Corporation 5.01.2600.2751locale.nls mdnsNSP.dll Bonjour Namespace Provider Apple Computer, Inc. 1.00.0003.0001MPR.dll Multiple Provider Router DLL Microsoft Corporation 5.01.2600.2180MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.01.2600.2180MpShHook.dll Shell Execution Monitor Microsoft Corporation 1.01.1592.0000MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.2180MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.01.2600.2180msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.01.2600.2180MSGINA.dll Windows NT Logon GINA DLL Microsoft Corporation 5.01.2600.2180MSImg32.dll GDIEXT Client DLL Microsoft Corporation 5.01.2600.2180MSNLNamespaceMgr.dll Windows Desktop Search Namespace Manager Microsoft Corporation 6.00.6000.16431MSVCP80.dll Microsoft® C++ Runtime Library Microsoft Corporation 8.00.50727.1378MSVCR80.dll Microsoft® C Runtime Library Microsoft Corporation 8.00.50727.1378msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.2180mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.01.2600.2180msxml3.dll MSXML 3.0 SP9 Microsoft Corporation 8.90.1101.0000msxml3r.dll XML Resources Microsoft Corporation 8.20.8730.0001NETAPI32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.2976NETRAP.dll Net Remote Admin Protocol DLL Microsoft Corporation 5.01.2600.2180NETUI0.dll NT LM UI Common Code - GUI Classes Microsoft Corporation 5.01.2600.2180NETUI1.dll NT LM UI Common Code - Networking classes Microsoft Corporation 5.01.2600.2180Normaliz.dll Unicode Normalization DLL Microsoft Corporation 6.00.5441.0000ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.2180ntlanman.dll Microsoft® Lan Manager Microsoft Corporation 5.01.2600.2180ntshrui.dll Shell extensions for sharing Microsoft Corporation 5.01.2600.2180ODBC32.dll Microsoft Data Access - ODBC Driver Manager Microsoft Corporation 3.525.1117.0000odbcint.dll Microsoft Data Access - ODBC Resources Microsoft Corporation 3.525.1117.0000ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.2726oleaut32.dll Microsoft Corporation 5.01.2600.3139PortableDeviceApi.dll Windows Portable Device API Components Microsoft Corporation 5.02.5721.5145PSAPI.DLL Process Status Helper Microsoft Corporation 5.01.2600.2180rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.2938RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.3173rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.01.2600.2161rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.2180SAMLIB.dll SAM Library DLL Microsoft Corporation 5.01.2600.2180Secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.2180SETUPAPI.dll Windows Setup API Microsoft Corporation 5.01.2600.2180shdocvw.dll Shell Doc Object and Control Library Microsoft Corporation 6.00.2900.2987SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.3241SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.2995sortkey.nls sorttbls.nls sti.dll Still Image Devices client DLL Microsoft Corporation 5.01.2600.2180unicode.nls urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 7.00.6000.16574USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.3099USERENV.dll Userenv Microsoft Corporation 5.01.2600.2180utorrent.exe uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.2180VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180WININET.dll Internet Extensions for Win32 Microsoft Corporation 7.00.6000.16574winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 5.01.2600.2180WINSTA.dll Winstation Library Microsoft Corporation 5.01.2600.2180WINTRUST.dll Microsoft Trust Verification APIs Microsoft Corporation 5.131.2600.2180WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.2180WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.2180wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.2180xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.01.2600.2180 Link to comment Share on other sites More sharing options...
jewelisheaven Posted January 21, 2008 Report Share Posted January 21, 2008 !!!! OMG we may have an authentic problem of a non-injected uT climbing. Thanks be to Drew42. Now I can't advise further as I have no ruddy clue where to go from here. All those DLLs look to be authentic and from Microsoft, lol.Unfortunately you also have multiple search entries and are using the non-AV portion of Avast as well as Windows Defender. All of which MAY muck with "proper" (as in, I don't have them installed and I don't have problems ) operation of your uT. Link to comment Share on other sites More sharing options...
Firon Posted January 21, 2008 Report Share Posted January 21, 2008 Try removing Avast, just to see... :/ Link to comment Share on other sites More sharing options...
Drew42 Posted January 21, 2008 Report Share Posted January 21, 2008 Uninstalled Avast and rebooted. Still watching the handles climb 1-2/sec. Let me know if you need any further information. Link to comment Share on other sites More sharing options...
jewelisheaven Posted January 21, 2008 Report Share Posted January 21, 2008 Would a new Process Explorer DLL log to verify nothing new be out of the question?? Like I said if you have found some bug, it will take private testing to resolve <3 Thank you for being so understanding and helpful Drew42. To verify you're talking about the "Handles" column in Procexp.exe, not "User Objects" or "GDI Objects" right? Link to comment Share on other sites More sharing options...
Ultima Posted January 21, 2008 Report Share Posted January 21, 2008 C:\WINDOWS\System32\cisvc.exeC:\WINDOWS\system32\cidaemon.exeC:\WINDOWS\system32\SearchIndexer.exeC:\Program Files\Windows Desktop Search\WindowsSearch.exeC:\WINDOWS\system32\SearchProtocolHost.exeJust to knock off possibilities, can you try killing off these search indexing processes and checking if the problem persists? Can you try 1.8 to see if it still has leaks? Finally, if you're referring to just handles in general, try checking GDIView to make sure it's not a GDI leak (which would come in the form of handle counts just increasing for µTorrent in GDIView). Link to comment Share on other sites More sharing options...
Drew42 Posted January 21, 2008 Report Share Posted January 21, 2008 Yes, the Handles column in Procexp.exe or Windows Taskmanager. User Objects = 59 and GDI = 123. Handles is currently over 11k and has been running for around 90 minutes.Killed off one by one:C:\WINDOWS\System32\cisvc.exeC:\WINDOWS\system32\cidaemon.exeC:\WINDOWS\system32\SearchIndexer.exeC:\Program Files\Windows Desktop Search\WindowsSearch.exeC:\WINDOWS\system32\SearchProtocolHost.exeNo change after each.After upgrading to 1.8, here's the results:Handles continue to climb. Over 1k in 7 minutes. User Objects = 73 and GDI Objects =129.Don't know if this helps, but in PE's Handle window, the Handle that repeats thousands of times is this:You're welcome. I don't mind helping out.Here's a fresh PE:Process PID CPU Description Company Name Handles Start Time USER Objects GDI ObjectsSystem Idle Process 0 90.77 0 n/a 0 0 Interrupts n/a Hardware Interrupts 0 n/a 0 0 DPCs n/a Deferred Procedure Calls 0 n/a 0 0 System 4 1,019 n/a 0 0 smss.exe 668 Windows NT Session Manager Microsoft Corporation 21 10:02:41 PM 1/20/2008 0 0 csrss.exe 732 3.08 Client Server Runtime Process Microsoft Corporation 563 10:02:45 PM 1/20/2008 58 61 winlogon.exe 760 Windows NT Logon Application Microsoft Corporation 606 10:02:47 PM 1/20/2008 14 46 services.exe 812 1.54 Services and Controller app Microsoft Corporation 299 10:02:48 PM 1/20/2008 2 4 ati2evxx.exe 976 ATI External Event Utility EXE Module ATI Technologies Inc. 84 10:02:48 PM 1/20/2008 6 11 svchost.exe 988 Generic Host Process for Win32 Services Microsoft Corporation 216 10:02:48 PM 1/20/2008 1 4 svchost.exe 1076 Generic Host Process for Win32 Services Microsoft Corporation 301 10:02:48 PM 1/20/2008 1 4 MsMpEng.exe 1188 Service Executable Microsoft Corporation 288 10:02:49 PM 1/20/2008 1 4 svchost.exe 1228 Generic Host Process for Win32 Services Microsoft Corporation 1,761 10:02:49 PM 1/20/2008 36 11 svchost.exe 1264 Generic Host Process for Win32 Services Microsoft Corporation 105 10:02:49 PM 1/20/2008 1 4 svchost.exe 1448 Generic Host Process for Win32 Services Microsoft Corporation 100 10:02:50 PM 1/20/2008 1 4 svchost.exe 1556 Generic Host Process for Win32 Services Microsoft Corporation 229 10:02:50 PM 1/20/2008 1 4 spoolsv.exe 1676 Spooler SubSystem App Microsoft Corporation 148 10:02:50 PM 1/20/2008 5 4 svchost.exe 1920 Generic Host Process for Win32 Services Microsoft Corporation 123 10:03:24 PM 1/20/2008 2 4 alg.exe 3112 Application Layer Gateway Service Microsoft Corporation 100 10:03:48 PM 1/20/2008 2 4 DkService.exe 3616 1.54 Diskeeper Service Diskeeper Corporation 293 11:37:21 PM 1/20/2008 9 9 svchost.exe 2164 Generic Host Process for Win32 Services Microsoft Corporation 92 11:41:07 PM 1/20/2008 1 4 lsass.exe 824 LSA Shell (Export Version) Microsoft Corporation 367 10:02:48 PM 1/20/2008 2 6 ati2evxx.exe 1324 ATI External Event Utility EXE Module ATI Technologies Inc. 102 10:02:49 PM 1/20/2008 5 11explorer.exe 2032 Windows Explorer Microsoft Corporation 3,661 10:02:58 PM 1/20/2008 277 415 MSASCui.exe 332 Windows Defender User Interface Microsoft Corporation 330 10:03:00 PM 1/20/2008 98 107 daemon.exe 384 Virtual DAEMON Manager DT Soft Ltd. 63 10:03:00 PM 1/20/2008 6 17 pg2.exe 524 PeerGuardian 2 Methlabs 117 10:03:00 PM 1/20/2008 107 58 ctfmon.exe 564 CTF Loader Microsoft Corporation 122 10:03:00 PM 1/20/2008 47 99 firefox.exe 3652 Firefox Mozilla Corporation 768 10:09:10 PM 1/20/2008 160 270 PowerDVD.exe 2880 PowerDVD CyberLink Corp. 568 10:42:20 PM 1/20/2008 84 250 taskmgr.exe 176 Windows TaskManager Microsoft Corporation 163 11:30:19 PM 1/20/2008 130 120 SnagIt32.exe 324 SnagIt 8 TechSmith Corporation 378 11:52:34 PM 1/20/2008 302 612 TscHelp.exe 2824 TechSmith HTML Help Helper TechSmith Corporation 47 11:52:36 PM 1/20/2008 6 11 SnagPriv.exe 2820 SnagIt RPC Helper TechSmith Corporation 38 11:52:37 PM 1/20/2008 2 4 procexp.exe 172 1.54 Sysinternals Process Explorer Sysinternals 338 11:57:18 PM 1/20/2008 175 300CLI.exe 376 CLI Application (Command Line Interface) ATI Technologies Inc. 442 10:03:00 PM 1/20/2008 17 28 CLI.exe 3896 CLI Application (Command Line Interface) ATI Technologies Inc. 298 10:03:53 PM 1/20/2008 6 8utorrent.exe 1936 1.54 µTorrent BitTorrent, Inc. 2,331 11:40:56 PM 1/20/2008 74 131Process: utorrent.exe Pid: 1936Name Description Company Name VersionACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation 5.01.2600.2180adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.01.2600.2180ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.2180ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0000BISDlgs.dll BeInSync Dialogs BeInSync 3.01.0057.0000BISGuiEngine.dll BeInSync GUI Engine BeInSync 3.01.0057.0000BISShellEx.dll BeInSync Shell Extenstion BeInSync 3.01.0057.0000CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0308COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2982comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.2900.2180COMRes.dll Microsoft Corporation 2001.12.4414.0258credui.dll Credential Manager User Interface Microsoft Corporation 5.01.2600.2180CRYPT32.dll Crypto API32 Microsoft Corporation 5.131.2600.2180ctype.nls DNSAPI.dll DNS Client API DLL Microsoft Corporation 5.01.2600.2938DPACE.dll ACE 5.03.0000.0000DPLib.dll BeInSync Library Dll BeInSync 3.01.0057.0000DPUtils.dll BeInSync Utilities Dll BeInSync 3.01.0057.0000DPzlib1.dll zlib data compression library 1.02.0002.0000GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.3159hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.01.2600.2180iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 7.00.6000.16574IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.2180Iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.2912kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.3119locale.nls log4cpp.dll Log library for C++ DLL Bastiaan Bakker, LifeLine Networks bv 0.03.0002.0001mdnsNSP.dll Bonjour Namespace Provider Apple Computer, Inc. 1.00.0003.0001MFC71ENU.DLL MFC Language Specific Resources Microsoft Corporation 7.10.3077.0000MFC71U.DLL MFCDLL Shared Library - Retail Version Microsoft Corporation 7.10.3077.0000MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.01.2600.2180MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.2180MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.01.2600.2180msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.01.2600.2180MSIMG32.dll GDIEXT Client DLL Microsoft Corporation 5.01.2600.2180MSVCP71.dll Microsoft® C++ Runtime Library Microsoft Corporation 7.10.3077.0000MSVCR71.dll Microsoft® C Runtime Library Microsoft Corporation 7.10.3052.0004msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.2180mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.01.2600.2180NETAPI32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.2976netshell.dll Network Connections Shell Microsoft Corporation 5.01.2600.2180Normaliz.dll Unicode Normalization DLL Microsoft Corporation 6.00.5441.0000ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.2180ODBC32.dll Microsoft Data Access - ODBC Driver Manager Microsoft Corporation 3.525.1117.0000odbcbcp.dll Microsoft BCP for ODBC Microsoft Corporation 2000.85.1117.0000ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.2726oleaut32.dll Microsoft Corporation 5.01.2600.3139pdh.dll Windows Performance Data Helper DLL Microsoft Corporation 5.01.2600.2180psapi.dll Process Status Helper Microsoft Corporation 5.01.2600.2180rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.2938RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.3173rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.2180SAMLIB.dll SAM Library DLL Microsoft Corporation 5.01.2600.2180SensApi.dll SENS Connectivity API DLL Microsoft Corporation 5.01.2600.2180SETUPAPI.dll Windows Setup API Microsoft Corporation 5.01.2600.2180SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.3241shfolder.dll Shell Folder Service Microsoft Corporation 6.00.2900.2180SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.2995sortkey.nls sorttbls.nls unicode.nls USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.3099uTorrent.exe µTorrent BitTorrent, Inc. 1.08.0000.7928uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.2180VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180WINHTTP.dll Windows HTTP Services Microsoft Corporation 5.01.2600.2180WININET.dll Internet Extensions for Win32 Microsoft Corporation 7.00.6000.16574winmm.dll MCI API DLL Microsoft Corporation 5.01.2600.2180winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 5.01.2600.2180WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.2180WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.2180wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.2180xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.01.2600.2180 Link to comment Share on other sites More sharing options...
Ultima Posted January 21, 2008 Report Share Posted January 21, 2008 That bit of information about which handle is repeating looks useful to me. I'll bug the devs about it. Thanks Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.