Jump to content

Huge memory usage - memory leak?

Rachidfinge

By Rachidfinge
in Troubleshooting

Recommended Posts

Rachidfinge Newbie

Rachidfinge

Posted
Posted

I'n having huge memory issues with uTorrent 1.8.3. After a few hours (which include completing some downloads and seeding them aferwards), uTorrent uses about all of my physical memory. The physical memory monitor in the Task Manager shows 3.96 GB of my memory 4.00 GB availalable memory is in usage. When I close any app bar uTorrent, naturally the memory usage drops a little, but before too long, it's back to 3.96 GB. Computer performance and responsivess is horrible during this time. For example, firing up Word takes well over 10 seconds instead of the usual 2 to 3.

When I close uTorrent itself, the memory usage drops dramatically: in one case, after closing uTorrent, memory usage is only 760 MB:

utorrentleak.png

('afsluiten' is Dutch for 'to close'; you can see the small drop of memory usage on the left of the graph when I close my mail client and the increased memory usage following it)

Rather than this being caused by a large cache, I'm affraid this is a memory leak. Could anyone shed some more light on this issue? Is it known?

I'm running uTorrent 1.8.3 on Windows 7 Ultimate RC1 x64 with all current patches installed. My PC has 4 GB memory and runs on an Intel C2D @ 2.13 GHz. My two harddrives have multiple gigabytes of free space. The system is connected to the Internet through a 100 mbit connection, so download is set to unlimited and upload to 6 MB/s max. Sometimes, indeed, multiple megabytes per second of seeding is achieved. However, I haven't had this problem with uTorrent before, while I still had this huge download and upload speeds. I have reinstalled uTorrent by moving the executable to my desktop, removing all the files in %appdata%\uTorrent (except for the RSS data file) and then running the executable from the desktop to force the installer to run. It didn't make a difference.

I will try to downgrade to uTorrent 1.8.2 to see if this issue is 1.8.3-specific.

Of course I'm willing to offer more information if needed. Since I'm not sure this is truly a bug, I've posted this topic in the troubleshooting area. If this turns out to be a bug, moderators should feel free to move the topic.

Thank you for reading this; hopefully someone will be able to help.

Link to comment
Share on other sites
Rachidfinge Newbie

Rachidfinge

Posted
  • Author
Posted

Edit: After some 18 hours of testing with 1.8.2, there seem to be no memory hogging issues as I had with 1.8.3 on my system. I'll stick to 1.8.2 for now. Perhaps it is too early too call, but it seems to be fine.

Of course, if someone has a solution for 1.8.3 or wants me to do some additional testing with it, please let me know.

Here is my HijackThis log, requested earlier:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:30:28, on 5-8-2009
Platform: Unknown Windows (WinNT 6.01.3004)
MSIE: Internet Explorer v8.00 (8.00.7100.0000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files (x86)\Backup Manager\BackupTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\DeltaIITray.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Windows\WindowsMobile\WmdHost.exe
C:\Program Files (x86)\Opera 10 Preview\opera.exe
C:\Program Files (x86)\Postbox\postbox.exe
C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Users\Rachid\AppData\Local\Opera\Opera 10 Preview\temporary_downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 169.235.24.232:3124
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files (x86)\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files (x86)\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [BackupTray] C:\Program Files (x86)\Backup Manager\BackupTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\system32\DeltaIITray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Users\Rachid\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: iTunes.lnk = ?
O4 - Startup: Microsoft Office Outlook 2007.lnk = ?
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ontvang alle bestanden door NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Ontvangst door NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddLink.html
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Backup Manager Service Controller - IASO Technology - C:\Program Files (x86)\Backup Manager\BackupSC.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Palm Novacom (NovacomD) - Unknown owner - C:\Program Files (x86)\Palm\SDK\bin\novacom\x86\novacomd.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

Link to comment
Share on other sites
Rachidfinge Newbie

Rachidfinge

Posted
  • Author
Posted

@moogly. Thanks, I will do this shortly, although I must admit I'm sceptical. It's now about 24 hours since installing 1.8.2 and there are no memory issues anymore. I would assume that 1.8.2 and 1.8.3 use the same DLLs, so my correctly functioning 1.8.2 executable should also have been affected by the 'bad' DLL or process - but it clearly isn't. :-)

Link to comment
Share on other sites
LilyMaster Member

LilyMaster

Posted
Posted

Yes, indeed. I have the very same problem. The memory usage clogs to 95% with uT 1.8.3, and frees when closed. I have a guess, that the higher the upload, the faster the memory is used up. When uploading a 7GB file at about 1.2MB/s the memory is fast to be depleted (4GB). And having lower up speed results in slower memory intake. Right now it is ~60% used up while usual is just 25-30%. The upload speed is about 200kB/s...

Have Win7 RC Build 7201 x64. Here's my ProcessExplorer and HijackThis logs:

Process    PID    CPU    Description    Private Bytes    Virtual Size    Working Set
System Idle Process    0    91.05        0 K    0 K    24 K
 Interrupts    n/a    0.75    Hardware Interrupts    0 K    0 K    0 K
 DPCs    n/a    1.49    Deferred Procedure Calls    0 K    0 K    0 K
 System    4    1.49        116 K    5,244 K    1,548 K
  smss.exe    272        Windows Session Manager    444 K    5,056 K    1,040 K
csrss.exe    400        Client Server Runtime Process    1,836 K    44,236 K    3,704 K
csrss.exe    472        Client Server Runtime Process    2,380 K    149,356 K    9,020 K
wininit.exe    484        Windows Start-Up Application    1,656 K    45,324 K    4,324 K
 services.exe    532        Services and Controller app    5,320 K    39,048 K    8,904 K
  svchost.exe    724        Host Process for Windows Services    4,100 K    41,932 K    8,652 K
  nvvsvc.exe    808        NVIDIA Driver Helper Service, Version 185.81    1,316 K    39,644 K    3,548 K
   nvvsvc.exe    1036        NVIDIA Driver Helper Service, Version 185.81    2,860 K    84,100 K    7,584 K
  svchost.exe    848        Host Process for Windows Services    3,604 K    34,652 K    7,188 K
  svchost.exe    928        Host Process for Windows Services    17,772 K    84,012 K    17,992 K
  svchost.exe    980        Host Process for Windows Services    93,020 K    193,620 K    99,144 K
   dwm.exe    1764    1.49    Desktop Window Manager    29,764 K    161,152 K    30,604 K
  svchost.exe    252        Host Process for Windows Services    20,088 K    146,324 K    34,368 K
   taskeng.exe    2276        Task Scheduler Engine    2,228 K    53,440 K    6,164 K
  svchost.exe    864        Host Process for Windows Services    6,316 K    46,452 K    10,908 K
  svchost.exe    1076        Host Process for Windows Services    13,388 K    100,236 K    14,804 K
  spoolsv.exe    1260        Spooler SubSystem App    7,716 K    85,224 K    13,156 K
  sched.exe    1304        Antivirus Scheduler    4,364 K    57,936 K    1,232 K
  svchost.exe    1324        Host Process for Windows Services    7,840 K    53,892 K    8,300 K
  avguard.exe    1428        Antivirus On-Access Service    62,868 K    124,964 K    11,800 K
  OSPPSVC.EXE    1516        Microsoft Office Software Protection Platform Service    2,260 K    34,416 K    9,944 K
  taskhost.exe    1656        Host Process for Windows Tasks    8,232 K    77,156 K    9,796 K
  PnkBstrA.exe    1924            1,156 K    44,632 K    3,884 K
  svchost.exe    1984        Host Process for Windows Services    1,820 K    29,880 K    5,172 K
  TeamViewer_Service.exe    2024        TeamViewer Service    2,004 K    66,956 K    5,676 K
   TeamViewer.exe    2320        TeamViewer Remote Control Application    8,012 K    103,592 K    16,800 K
  svchost.exe    1048        Host Process for Windows Services    888 K    13,068 K    2,404 K
  svchost.exe    2196        Host Process for Windows Services    1,628 K    30,208 K    4,848 K
  svchost.exe    2472        Host Process for Windows Services    4,420 K    37,948 K    7,400 K
  SearchIndexer.exe    496        Microsoft Windows Search Indexer    40,340 K    156,984 K    25,432 K
   SearchProtocolHost.exe    4064        Microsoft Windows Search Protocol Host    3,260 K    54,096 K    7,764 K
   SearchFilterHost.exe    1544        Microsoft Windows Search Filter Host    2,104 K    32,916 K    5,504 K
  wmpnetwk.exe    756        Windows Media Player Network Sharing Service    4,496 K    91,876 K    2,700 K
 lsass.exe    548        Local Security Authority Process    3,988 K    39,372 K    10,080 K
 lsm.exe    560        Local Session Manager Service    2,428 K    18,244 K    4,004 K
winlogon.exe    648        Windows Logon Application    2,928 K    53,680 K    6,904 K
explorer.exe    1792    0.75    Windows Explorer    36,300 K    320,624 K    61,376 K
 RAVCpl64.exe    2120        HD Audio Control Panel    8,588 K    102,068 K    10,552 K
  RtkBtMnt.exe    2640        Realtek HD Audio Data Rerouter    1,756 K    56,096 K    4,908 K
 SynTPEnh.exe    2292        Synaptics TouchPad Enhancements    3,660 K    97,240 K    11,592 K
  SynTPHelper.exe    2464        Synaptics Pointing Device Helper    1,208 K    40,168 K    3,084 K
 MalUpdaterPortable.exe    2776        Mal Updater 2.5    24,080 K    116,288 K    29,444 K
 MagicDisc.exe    2960        MagicISO Virtual CD/DVD Manager    3,024 K    76,848 K    7,720 K
 Rainmeter.exe    1724    1.49        8,492 K    103,280 K    15,596 K
 Skype.exe    2084        Skype     62,228 K    256,344 K    83,552 K
 ObjectDock.exe    2564        ObjectDock Plus    28,896 K    174,096 K    26,836 K
  Dock64.exe    2876        Dock64    1,576 K    52,376 K    4,624 K
  utorrent.exe    3920        µTorrent    30,068 K    202,584 K    39,400 K
  procexp.exe    3380        Sysinternals Process Explorer    1,800 K    67,736 K    5,212 K
   procexp64.exe    1332    1.49    Sysinternals Process Explorer    23,716 K    203,472 K    39,088 K
 firefox.exe    2796        Firefox    220,512 K    486,908 K    240,692 K
 TOTALCMD.EXE    2608        Total Commander 32 bit    8,576 K    144,908 K    16,676 K
 winamp.exe    2032        Winamp    43,592 K    159,000 K    50,964 K
avgnt.exe    2868        Antivirus System Tray Tool    3,820 K    90,976 K    2,500 K
GoogleCrashHandler.exe    2928        Google Installer    2,092 K    71,396 K    1,380 K
HijackThis.exe    1680        HijackThis    7,580 K    105,516 K    17,220 K
 notepad.exe    1992        Notepad    9,296 K    125,556 K    20,140 K

Process: utorrent.exe Pid: 3920

Name    Description    Version
{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000005.db        
{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000005e.db        
{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db        
ADVAPI32.dll    Advanced Windows 32 Base API    6.01.7201.0000
apphelp.dll    Application Compatibility Client Library    6.01.7201.0000
ATL.DLL    ATL Module for Windows XP (Unicode)    3.05.2284.0000
ATL90.DLL    ATL Module for Windows (Unicode)    9.00.30729.4148
AUTHZ.dll    Authorization Framework    6.01.7201.0000
CFGMGR32.dll    Configuration Manager DLL    6.01.7201.0000
CLBCatQ.DLL    COM+ Configuration Catalog    2001.12.8131.0000
COMCTL32.dll    User Experience Controls Library    6.10.7201.0000
comdlg32.dll    Common Dialogs DLL    6.01.7201.0000
comsvcs.dll    COM+ Services    2001.12.8131.0000
credssp.dll    Credential Delegation Security Package    6.01.7201.0000
CRYPT32.dll    Crypto API32    6.01.7201.0000
CRYPTBASE.dll    Base cryptographic API DLL    6.01.7201.0000
CRYPTSP.dll    Cryptographic Service Provider API    6.01.7201.0000
cscapi.dll    Offline Files Win32 API    6.01.7201.0000
cversions.2.db        
cversions.2.db        
cversions.2.db        
DEVOBJ.dll    Device Information Set DLL    6.01.7201.0000
dhcpcsvc.DLL    DHCP Client Service    6.01.7201.0000
dhcpcsvc6.DLL    DHCPv6 Client    6.01.7201.0000
DnsApi.dll    DNS Client API DLL    6.01.7201.0000
DockShellHook.dll        
dwmapi.dll    Microsoft Desktop Window Manager API    6.01.7201.0000
EhStorShell.dll    Windows Enhanced Storage Shell Extension DLL    6.01.7201.0000
FirewallAPI.dll    Windows Firewall API    6.01.7201.0000
fwpuclnt.dll    FWP/IPsec User-Mode API    6.01.7201.0000
GDI32.dll    GDI Client DLL    6.01.7201.0000
GPAPI.dll    Group Policy Client API    6.01.7201.0000
GROOVEEX.DLL    Microsoft SharePoint Workspace Extensions    14.00.4006.1008
GrooveIntlResource.dll    Microsoft SharePoint Workspace Intl Resource Module    14.00.4006.1008
hnetcfg.dll    Home Networking Configuration Manager    6.01.7201.0000
hnetcfg.dll.mui    Home Networking Configuration Manager    6.01.7201.0000
iertutil.dll    Run time utility for Internet Explorer    8.00.7201.0000
IMM32.DLL    Multi-User Windows IMM32 API Client DLL    6.01.7201.0000
index.dat        
index.dat        
index.dat        
index.dat        
Iphlpapi.dll    IP Helper API    6.01.7201.0000
kernel32.dll    Windows NT BASE API Client DLL    6.01.7201.0000
KERNELBASE.dll    Windows NT BASE API Client DLL    6.01.7201.0000
KernelBase.dll.mui    Windows NT BASE API Client DLL    6.01.7201.0000
locale.nls        
LPK.dll    Language Pack    6.01.7201.0000
MSASN1.dll    ASN.1 Runtime APIs    6.01.7201.0000
MSCTF.dll    MSCTF Server DLL    6.01.7201.0000
msctf.dll.mui    MSCTF Server DLL    6.01.7201.0000
MSVCP90.dll    Microsoft® C++ Runtime Library    9.00.30729.4926
MSVCR90.dll    Microsoft® C Runtime Library    9.00.30729.4926
msvcrt.dll    Windows NT CRT DLL    7.00.7201.0000
mswsock.dll    Microsoft Windows Sockets 2.0 Service Provider    6.01.7201.0000
msxml3.dll    MSXML 3.0 SP11    8.110.7201.0000
msxml3r.dll    XML Resources    8.110.7201.0000
netshell.dll    Network Connections Shell    6.01.7201.0000
netutils.dll    Net Win32 API Helpers DLL    6.01.7201.0000
nlaapi.dll    Network Location Awareness 2    6.01.7201.0000
Normaliz.dll    Unicode Normalization DLL    6.01.7201.0000
npmproxy.dll    Network List Manager Proxy    6.01.7201.0000
NSI.dll    NSI User-mode interface DLL    6.01.7201.0000
ntdll.dll    NT Layer DLL    6.01.7201.0000
ntdll.dll    NT Layer DLL    6.01.7201.0000
ntmarta.dll    Windows NT MARTA provider    6.01.7201.0000
ntshrui.dll    Shell extensions for sharing    6.01.7201.0000
ole32.dll    Microsoft OLE for Windows    6.01.7201.0000
oleaut32.dll        6.01.7201.0000
peerdist.dll    BranchCache Client Library    6.01.7201.0000
profapi.dll    User Profile Basic API    6.01.7201.0000
PROPSYS.dll    Microsoft Property System    7.00.7201.0000
propsys.dll.mui    Microsoft Property System    7.00.7201.0000
psapi.dll    Process Status Helper    6.01.7201.0000
rasadhlp.dll    Remote Access AutoDial Helper    6.01.7201.0000
RPCRT4.dll    Remote Procedure Call Runtime    6.01.7201.0000
RpcRtRemote.dll    Remote RPC Extension    6.01.7201.0000
rsaenh.dll    Microsoft Enhanced Cryptographic Provider    6.01.7201.0000
sechost.dll    Host for SCM/SDDL/LSA Lookup APIs    6.01.7201.0000
SETUPAPI.dll    Windows Setup API    6.01.7201.0000
setupapi.dll.mui    Windows Setup API    6.01.7201.0000
SHELL32.dll    Windows Shell Common Dll    6.01.7201.0000
shfolder.dll    Shell Folder Service    6.01.7201.0000
SHLWAPI.dll    Shell Light-weight Utility Library    6.01.7201.0000
slc.dll    Software Licensing Client Dll    6.01.7201.0000
SortDefault.nls        
srvcli.dll    Server Service Client DLL    6.01.7201.0000
SSDPAPI.dll    SSDP Client API DLL    6.01.7201.0000
SspiCli.dll    Security Support Provider Interface    6.01.7201.0000
StaticCache.dat        
SXS.DLL    Fusion 2.5    6.01.7201.0000
tiptsf.dll    Tablet PC Input Panel Text Services Framework    6.01.7201.0000
upnp.dll    UPnP Control Point API    6.01.7201.0000
urlmon.dll    OLE32 Extensions for Win32    8.00.7201.0000
urlmon.dll.mui    OLE32 Extensions for Win32    8.00.7201.0000
USER32.dll    Multi-User Windows USER API Client DLL    6.01.7201.0000
user32.dll.mui    Multi-User Windows USER API Client DLL    6.01.7201.0000
USERENV.dll    Userenv    6.01.7201.0000
USP10.dll    Uniscribe Unicode script processor    1.626.7201.0000
utorrent.exe    µTorrent    1.08.0003.15772
uxtheme.dll    Microsoft UxTheme Library    6.01.7201.0000
VERSION.dll    Version Checking and File Installation Libraries    6.01.7201.0000
webio.dll    Web Transfer Protocols API    6.01.7201.0000
WindowsCodecs.dll    Microsoft Windows Codecs Library    6.01.7201.0000
WINHTTP.dll    Windows HTTP Services    6.01.7201.0000
WININET.dll    Internet Extensions for Win32    8.00.7201.0000
WINNSI.DLL    Network Store Information RPC interface    6.01.7201.0000
wkscli.dll    Workstation Service Client DLL    6.01.7201.0000
WLDAP32.dll    Win32 LDAP API DLL    6.01.7201.0000
wow64.dll    Win32 Emulation on NT64    6.01.7201.0000
wow64cpu.dll    AMD64 Wow64 CPU     6.01.7201.0000
wow64win.dll    Wow64 Console and Win32 API Logging    6.01.7201.0000
WS2_32.dll    Windows Socket 2.0 32-Bit DLL    6.01.7201.0000
wship6.dll    Winsock2 Helper DLL (TL/IPv6)    6.01.7201.0000
wshtcpip.dll    Winsock2 Helper DLL (TL/IPv4)    6.01.7201.0000

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:22:27, on 8/8/2009
Platform: Unknown Windows (WinNT 6.01.3105)
MSIE: Internet Explorer v8.00 (8.00.7201.0000)
Boot mode: Normal

Running processes:
E:\Program Files\MAL Updater 2\MalUpdaterPortable.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Users\LilyMaster\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
E:\Program Files\Skype\Phone\Skype.exe
E:\Program Files\ObjectDock\ObjectDock.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
E:\Program Files\TC UP\TOTALCMD.EXE
E:\Program Files\uTorrent\utorrent.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
E:\Program Files\Process Explorer\procexp.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat

\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin

\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Google Update] "C:\Users\LilyMaster\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Mal Updater 2] E:\Program Files\MAL Updater 2\MalUpdaterPortable.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O4 - Startup: Rainmeter - Shortcut.lnk = E:\Program Files\Rainmeter\Rainmeter.exe
O4 - Startup: Skype - Shortcut.lnk = E:\Program Files\Skype\Phone\Skype.exe
O4 - Startup: Stardock ObjectDock.lnk = E:\Program Files\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office

\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft 

Office\Office14\ONBttnIE.dll
O9 - Extra button: Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office

\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft 

Office\Office14\ONBttnIELinkedNotes.dll
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - 

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft 

Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir 

Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared

\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared

\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file 

missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Office Software Protection Platform (osppsvc) - Unknown owner - C:\Windows\system32\OSPPSVC.EXE (file 

missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe 

(file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files 

(x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file 

missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file 

missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file 

missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file 

missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer

\Version4\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe 

(file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file 

missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file 

missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem

\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files 

(x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8221 bytes

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...