Crash Dump

[pallaccha]

I have Windows XP SP2 with all last updates and I use only built in firewall.

I use Avast as Antivirus and I often check my pc with Ad-Aware and Spybot but every some ours Utorrent crash but I don't understand the cause.

These are some of last crash dumps:

- http://www.zshare.net/download/6775156ce3ea57/

- http://www.zshare.net/download/67752910d5b285/

- http://www.zshare.net/download/6775305ca1c158/

- http://www.zshare.net/download/6775313102a58e/

- http://www.zshare.net/download/677531858f16aa/

- http://www.zshare.net/download/6775324d3e5bdd/

- http://www.zshare.net/download/6775345196c63d/

- http://www.zshare.net/download/67753525936709/

- http://www.zshare.net/download/6775358778d1fa/

- http://www.zshare.net/download/67753664fb81df/

Help me, please.

[Firon]

Post a HijackThis log and a DLL list from Process Explorer too. http://forum.utorrent.com/viewtopic.php?id=15992#p258238

[pallaccha]

Logfile of HijackThis v1.99.1

Scan saved at 22.55.14, on 22/01/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe

C:\Programmi\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Programmi\Synaptics\SynTP\SynTPLpr.exe

C:\Programmi\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programmi\rnamfler\naomf.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programmi\File comuni\Real\Update_OB\realsched.exe

C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\Microsoft ActiveSync\Wcescomm.exe

C:\Programmi\Messenger\msmsgs.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\Programmi\iRotate\iRotate.exe

C:\Programmi\Webshots\webshots.scr

c:\programmi\rnamfler\radprcmp.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\Cisco Systems\VPN Client\cvpnd.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\WINDOWS\system32\lkcitdl.exe

C:\WINDOWS\system32\lkads.exe

C:\WINDOWS\system32\lktsrv.exe

C:\Programmi\National Instruments\MAX\nimxs.exe

C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nipalsm.exe

C:\WINDOWS\system32\nipalsm.exe

C:\Programmi\National Instruments\Shared\Security\nidmsrv.exe

C:\WINDOWS\system32\nisvcloc.exe

C:\Programmi\National Instruments\Shared\Tagger\tagsrv.exe

C:\WINDOWS\system32\poweroff.exe

C:\Programmi\rnamfler\naofsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\fxssvc.exe

C:\WINDOWS\system32\nipalsm.exe

C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe

C:\Programmi\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\Programmi\Internet Explorer\IEXPLORE.EXE

C:\DOCUME~1\MICHEL~1\IMPOST~1\Temp\Rar$EX00.496\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxycr:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [synTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Zero Configuration] C:\WINDOWS\System32\svchost.exe -k netsvcs

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [wrna3ls] C:\Programmi\rnamfler\naomf.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [smartDefrag] "C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\Wcescomm.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background

O4 - Startup: iRotate.lnk = C:\Programmi\iRotate\iRotate.exe

O4 - Startup: Webshots.lnk = C:\Programmi\Webshots\Launcher.exe

O4 - Global Startup: VPN Client.lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://www.xdrive.com/downloads/std_install/setup.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189282010791

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E4792F3D-760F-4F7D-9612-4DA401D88CF4} - http://www.katasearch.com/extraricerca/ExtraSearch.exe

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = grtn.prv

O17 - HKLM\Software\..\Telephony: DomainName = grtn.prv

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = grtn.prv

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = grtn.prv,servizi.prv,root.prv,grtn,mi.grtn

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = grtn.prv

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = grtn.prv,servizi.prv,root.prv,grtn,mi.grtn

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = grtn.prv,servizi.prv,root.prv,grtn,mi.grtn

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmi\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe

O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\system32\lkads.exe

O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\system32\lktsrv.exe

O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Programmi\National Instruments\MAX\nimxs.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NI-488.2 Enumeration Service (ni488enumsvc) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe

O23 - Service: NI Device Loader (nidevldu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe

O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Programmi\National Instruments\Shared\Security\nidmsrv.exe

O23 - Service: NILM License Manager - Macrovision Corporation - C:\Programmi\National Instruments\Shared\License Manager\Bin\lmgrd.exe

O23 - Service: NI PXI Resource Manager (nipxirmu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe

O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe

O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - C:\Programmi\National Instruments\Shared\Tagger\tagsrv.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe

O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe

O23 - Service: Poweroff - Unknown owner - C:\WINDOWS\system32\poweroff.exe" -service (file missing)

O23 - Service: RdnaoFlSvc - Unknown owner - C:\Programmi\rnamfler\naofsvc.exe

O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Programmi\TightVNC\WinVNC.exe" -service (file missing)

Process Explorer doesn't start. I don't know why.

[Ultima]

http://www.processlibrary.com/directory/files/naomf/243140

rnamfler is (apparently) some kind of internet filtering software... If it installs global hooks, it might be problematic.

Grab Process Explorer from sysinternals.com, run it, select the µTorrent process, press Ctrl+D, then Ctrl+A. Save the .txt file, open it, copy and paste the contents here.

Also, have you disabled avast!'s P2P shield just to be sure it's not interfering?

[Greg Hazel]

Indeed, the dump files all crashed in radhslib.dll. radhslib.dll is a part of the Naomi web filter by Radiant Morning Technologies.

[pallaccha]

Tahk you for all. I'll try to disable Naomi contents-filter.