Xtrag8 Posted April 20, 2011 Report Share Posted April 20, 2011 First post hereWhen I updated from 2.2.x to 3.0 Alpha I have a memory leak occurring where the utorrent process size reaches over a gig in less than a day.My usual applications for Firewall and AV software that I use are Comodo Firewall and Avast Antivirus + Peerblock.I have tried uninstalling both AV and FW and unloaded Peerblock,The memory leak still occurredI have also uninstalled utorrent and deleted: %APPDATA%\utorrent and then re-installed the appPlease see below for the Hijack This Log and Process Explorer LogAny help would be very much appreciated =)__________________________________________________________________________________-----------------------------------------------------------------------------------------------------------------------------------Hijack This Log-----------------------------------------------------------------------------------------------------------------------------------__________________________________________________________________________________Logfile of Trend Micro HijackThis v2.0.4Scan saved at 9:45:16 PM, on 18/04/2011Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v9.00 (9.00.8112.16421)Boot mode: NormalRunning processes:C:\Program Files (x86)\TPG LeechOmeter\TPG LeechOmeter.exeC:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exeC:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exeC:\Program Files (x86)\uTorrent\uTorrent.exeC:\Users\Adam Saunders\Downloads\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.overclockers.com.au/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.microsoft.com/search?nil_profile=ie&ref_code=ms&q=%sR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exeO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLLO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLLO2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllO4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /sO4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exeO4 - HKCU\..\Run: [TPG] C:\Program Files (x86)\TPG LeechOmeter\TPG LeechOmeter.exeO4 - HKCU\..\Run: [NetBalancer] C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exeO4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZEDO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htmO8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htmO8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htmO8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO15 - Trusted IP range: http://127.0.0.1O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cabO16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://www.optusevolvessl.com.au/dana-cached/sc/JuniperSetupClient.cabO18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLO20 - AppInit_DLLs: O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXEO23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXEO23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing)O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exeO23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exeO23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exeO23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exeO23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exeO23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exeO23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exeO23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-20001 (WMSVC) - Unknown owner - C:\Windows\system32\inetsrv\wmsvc.exe (file missing)--End of file - 13568 bytes__________________________________________________________________________________-----------------------------------------------------------------------------------------------------------------------------------Process Explorer Log-----------------------------------------------------------------------------------------------------------------------------------__________________________________________________________________________________Process PID CPU Private Bytes Working Set DescriptionInterrupts n/a 0.35 0 K 0 K Hardware Interrupts and DPCsPnkBstrA.exe 2960 < 0.01 1,988 K 5,032 K PnkBstrB.exe 2984 0.02 3,040 K 5,092 K System 4 0.07 176 K 1,060 K System Idle Process 0 99.01 0 K 24 K MOM.exe 2748 < 0.01 39,984 K 6,120 K Catalyst Control Center: Monitoring programatieclxx.exe 1396 2,616 K 6,648 K AMD External Events Client Moduleatiesrxx.exe 116 1,712 K 4,360 K AMD External Events Service ModuleAppleMobileDeviceService.exe 1964 < 0.01 2,916 K 8,136 K MobileDeviceServiceCCC.exe 2744 < 0.01 108,204 K 22,316 K Catalyst Control Center: Host applicationuTorrent.exe 1356 0.05 321,392 K 330,052 K µTorrentVCDDaemon.exe 2704 1,540 K 5,328 K Virtual CloneDrive Daemonaudiodg.exe 4396 14,664 K 15,536 K Windows Audio Device Graph Isolation csrss.exe 492 < 0.01 2,180 K 4,304 K Client Server Runtime Processcsrss.exe 572 0.02 3,632 K 8,212 K Client Server Runtime Processdllhost.exe 4792 2,852 K 7,412 K COM Surrogatedwm.exe 1848 0.03 34,768 K 36,584 K Desktop Window Managerexplorer.exe 1872 0.01 79,224 K 102,132 K Windows Explorerinetinfo.exe 2144 12,100 K 18,916 K Internet Information Serviceslsass.exe 684 5,924 K 13,856 K Local Security Authority Processlsm.exe 692 2,612 K 4,292 K Local Session Manager ServiceMsMpEng.exe 968 0.02 167,948 K 81,412 K Antimalware Service Executablemsseces.exe 2268 6,416 K 14,716 K Microsoft Security Client User InterfaceNisSrv.exe 4124 8,464 K 3,448 K Microsoft Network Inspection SystemPresentationFontCache.exe 4760 26,772 K 17,804 K PresentationFontCache.exeSearchFilterHost.exe 5636 2,680 K 6,524 K Microsoft Windows Search Filter HostSearchIndexer.exe 4172 < 0.01 87,732 K 85,228 K Microsoft Windows Search IndexerSearchProtocolHost.exe 4968 < 0.01 3,464 K 7,660 K Microsoft Windows Search Protocol Hostservices.exe 676 6,192 K 12,296 K Services and Controller appsmss.exe 304 564 K 1,220 K Windows Session Managerspoolsv.exe 1528 < 0.01 8,180 K 14,200 K Spooler SubSystem Appsvchost.exe 804 4,868 K 9,972 K Host Process for Windows Servicessvchost.exe 880 5,208 K 9,080 K Host Process for Windows Servicessvchost.exe 356 0.01 22,020 K 24,548 K Host Process for Windows Servicessvchost.exe 512 < 0.01 322,524 K 333,372 K Host Process for Windows Servicessvchost.exe 708 < 0.01 30,188 K 43,568 K Host Process for Windows Servicessvchost.exe 1140 < 0.01 11,576 K 18,300 K Host Process for Windows Servicessvchost.exe 1248 0.01 15,784 K 17,396 K Host Process for Windows Servicessvchost.exe 1572 < 0.01 11,112 K 14,776 K Host Process for Windows Servicessvchost.exe 1928 4,692 K 9,208 K Host Process for Windows Servicessvchost.exe 2096 < 0.01 9,312 K 22,972 K Host Process for Windows Servicessvchost.exe 2124 < 0.01 5,464 K 10,092 K Host Process for Windows Servicessvchost.exe 3068 1,964 K 5,448 K Host Process for Windows Servicessvchost.exe 3104 6,800 K 10,300 K Host Process for Windows Servicessvchost.exe 4296 2,376 K 5,920 K Host Process for Windows Servicessvchost.exe 348 6,604 K 13,092 K Host Process for Windows Servicestaskhost.exe 1744 8,884 K 11,304 K Host Process for Windows Taskstaskhost.exe 3496 7,244 K 10,628 K Host Process for Windows Taskstaskmgr.exe 1348 0.03 3,416 K 11,084 K Windows Task Managerwininit.exe 580 1,816 K 4,660 K Windows Start-Up Applicationwinlogon.exe 616 2,976 K 6,992 K Windows Logon ApplicationWLIDSVC.EXE 3128 6,824 K 15,828 K Microsoft® Windows Live ID ServiceWLIDSVCM.EXE 3524 1,456 K 3,312 K Microsoft® Windows Live ID Service MonitorWmiPrvSE.exe 5444 2,816 K 6,464 K WMI Provider Hostwmpnetwk.exe 4692 < 0.01 6,564 K 7,224 K Windows Media Player Network Sharing ServiceXBoxStat.exe 2220 < 0.01 2,784 K 6,660 K XBoxStat.exeE_S40RPB.EXE 2024 1,452 K 3,384 K EPSON Status Monitor 3E_S40STB.EXE 1960 1,616 K 3,832 K EPSON Status Monitor 3TPG LeechOmeter.exe 2292 0.02 8,976 K 20,952 K Usage Meter for TPG Internet usersprocexp.exe 5396 2,068 K 6,368 K Sysinternals Process Explorerprocexp64.exe 4104 0.29 30,612 K 49,968 K Sysinternals Process ExplorerHijackThis.exe 3116 < 0.01 16,784 K 30,996 K HijackThisvmnat.exe 2664 < 0.01 2,384 K 5,424 K VMware NAT Servicevmnetdhcp.exe 3592 1,320 K 3,960 K VMware VMnet DHCP servicevmware-authd.exe 3256 6,620 K 11,312 K VMware Authorization Servicevmware-tray.exe 2724 1,436 K 4,764 K VMware Tray Processvmware-usbarbitrator.exe 1388 < 0.01 2,508 K 5,460 K VMware USB Arbitration Service Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.