Jump to content

uTorrent memory leak


pirate.jay

Recommended Posts

When using uTorrent, the memory of the uTorrent process keeps increasing until my machine crashes. It also creates a 3 gig page file. I'm using the latest uTorrent version on a clean XP install. My system specs are XP MCE 2005 SP3, Abit AN7 mobo, Athlon XP300, ATI 9800 pro, 1 gig ram.

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:57:14 PM, on 12/27/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe

C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

C:\Program Files\Sophos\AutoUpdate\ALsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe

C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\Gateway\EzTune\DTHtml.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe

C:\Program Files\PeerGuardian2\pg2.exe

C:\Program Files\HostsMan\hm.exe

C:\Program Files\Portrait Displays\Pivot Software\floater.exe

c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe

C:\Program Files\Sophos\AutoUpdate\ALMon.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"

O4 - HKLM\..\Run: [DT GWY] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -GWY

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe

O4 - HKCU\..\Run: [HostsMan] "C:\Program Files\HostsMan\hm.exe" -s

O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228068058796

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228068125093

O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe

O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe

O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe

O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe

--

End of file - 9830 bytes

Process Explorer log:

Process PID CPU Description Company Name

System Idle Process 0 92.31

Interrupts n/a 1.54 Hardware Interrupts

DPCs n/a 1.54 Deferred Procedure Calls

System 4

explorer.exe 2272 Windows Explorer Microsoft Corporation

ehtray.exe 2684 Media Center Tray Applet Microsoft Corporation

NvMixerTray.exe 2820 NVIDIA nForce Mixer Tray Application NVIDIA Corporation

wpCtrl.exe 2840 Pivot Software Support Application Portrait Displays, Inc.

Floater.exe 3876 Pivot Software Support DLL Portrait Displays, Inc.

MSASCui.exe 2856 Windows Defender User Interface Microsoft Corporation

Acrotray.exe 2884 AcroTray Adobe Systems Inc.

jusched.exe 3068 Java Platform SE binary Sun Microsystems, Inc.

ipoint.exe 3096 IPoint.exe Microsoft Corporation

itype.exe 3104 IType.exe Microsoft Corporation

dpupdchk.exe 3956 dpupdchk.exe Microsoft Corporation

UnlockerAssistant.exe 3324

mbamgui.exe 3344 Malwarebytes' Anti-Malware Malwarebytes Corporation

ctfmon.exe 3364 CTF Loader Microsoft Corporation

pg2.exe 3456 PeerGuardian 2 Phoenix Labs

hm.exe 3624 HostsMan abelhadigital.com

ALMon.exe 3976 Component to show AutoUpdate's GUI elements. Sophos Plc

uTorrent.exe 520 3.08 µTorrent BitTorrent, Inc.

taskmgr.exe 2660 Windows TaskManager Microsoft Corporation

procexp.exe 3616 1.54 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

MOM.exe 2868 Catalyst Control Center: Monitoring program Advanced Micro Devices Inc.

CCC.exe 3892 Catalyst Control Centre: Host application ATI Technologies Inc.

dthtml.exe 3008 EzTune Portrait Displays, Inc

HookManager.exe 3440 Context Menu Utility Portrait Displays Inc.

Process: uTorrent.exe Pid: 520

Name Description Company Name Version

UnlockerHook.dll

unicode.nls

locale.nls

sortkey.nls

sorttbls.nls

ctype.nls

uTorrent.exe µTorrent BitTorrent, Inc. 1.08.0001.12639

ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.5512

kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.5512

ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.5512

RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.5512

Secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.5512

COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.5512

msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.5512

GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.5698

USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.5512

SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.5512

comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.2900.5512

SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.5512

WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.5512

WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.5512

IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.5512

oleaut32.dll Microsoft Corporation 5.01.2600.5512

ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.5512

MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.01.2600.5512

rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.01.2600.5507

USERENV.dll Userenv Microsoft Corporation 5.01.2600.5512

netapi32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.5694

shfolder.dll Shell Folder Service Microsoft Corporation 6.00.2900.5512

UxTheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.5512

msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.01.2600.5512

CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0700

COMRes.dll Microsoft Corporation 2001.12.4414.0700

VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.5512

hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.01.2600.5512

DnsApi.dll DNS Client API DLL Microsoft Corporation 5.01.2600.5512

mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.01.2600.5512

wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.5512

Iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.5512

MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.01.2600.5512

ACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation 5.01.2600.5512

adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.01.2600.5512

WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.5512

ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0001

rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.5512

SAMLIB.dll SAM Library DLL Microsoft Corporation 5.01.2600.5512

SETUPAPI.dll Windows Setup API Microsoft Corporation 5.01.2600.5512

xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.01.2600.5512

netshell.dll Network Connections Shell Microsoft Corporation 5.01.2600.5512

credui.dll Credential Manager User Interface Microsoft Corporation 5.01.2600.5512

dot3api.dll 802.3 Autoconfiguration API Microsoft Corporation 5.01.2600.5512

dot3dlg.dll 802.3 UI Helper Microsoft Corporation 5.01.2600.5512

OneX.DLL IEEE 802.1X supplicant library Microsoft Corporation 5.01.2600.5512

WTSAPI32.dll Windows Terminal Server SDK APIs Microsoft Corporation 5.01.2600.5512

WINSTA.dll Winstation Library Microsoft Corporation 5.01.2600.5512

CRYPT32.dll Crypto API32 Microsoft Corporation 5.131.2600.5512

MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.5512

eappcfg.dll Eap Peer Config Microsoft Corporation 5.01.2600.5512

MSVCP60.dll Microsoft ® C++ Runtime Library Microsoft Corporation 6.02.3104.0000

eappprxy.dll Microsoft EAPHost Peer Client DLL Microsoft Corporation 5.01.2600.5512

rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.5512

psapi.dll Process Status Helper Microsoft Corporation 5.01.2600.5512

winphook.dll Pivot Software Support DLL Portrait Displays, Inc. 8.21.0000.0000

Any help is greatly appreciated!

Link to comment
Share on other sites

Did you investigate around Sophos, especially web protection module ?

I see

O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll

A second possibility is your anti-spyware

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...