pallaccha Posted January 22, 2008 Report Share Posted January 22, 2008 I have Windows XP SP2 with all last updates and I use only built in firewall.I use Avast as Antivirus and I often check my pc with Ad-Aware and Spybot but every some ours Utorrent crash but I don't understand the cause.These are some of last crash dumps:- http://www.zshare.net/download/6775156ce3ea57/- http://www.zshare.net/download/67752910d5b285/- http://www.zshare.net/download/6775305ca1c158/- http://www.zshare.net/download/6775313102a58e/- http://www.zshare.net/download/677531858f16aa/- http://www.zshare.net/download/6775324d3e5bdd/- http://www.zshare.net/download/6775345196c63d/- http://www.zshare.net/download/67753525936709/- http://www.zshare.net/download/6775358778d1fa/- http://www.zshare.net/download/67753664fb81df/Help me, please. Link to comment Share on other sites More sharing options...
Firon Posted January 22, 2008 Report Share Posted January 22, 2008 Post a HijackThis log and a DLL list from Process Explorer too. http://forum.utorrent.com/viewtopic.php?id=15992#p258238 Link to comment Share on other sites More sharing options...
pallaccha Posted January 22, 2008 Author Report Share Posted January 22, 2008 Logfile of HijackThis v1.99.1Scan saved at 22.55.14, on 22/01/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Programmi\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Programmi\Alwil Software\Avast4\aswUpdSv.exeC:\Programmi\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\SCardSvr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\SOUNDMAN.EXEC:\Programmi\Synaptics\SynTP\SynTPLpr.exeC:\Programmi\Synaptics\SynTP\SynTPEnh.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Programmi\rnamfler\naomf.exeC:\WINDOWS\system32\rundll32.exeC:\Programmi\File comuni\Real\Update_OB\realsched.exeC:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exeC:\WINDOWS\system32\ctfmon.exeC:\Programmi\Microsoft ActiveSync\Wcescomm.exeC:\Programmi\Messenger\msmsgs.exeC:\PROGRA~1\MICROS~3\rapimgr.exeC:\Programmi\iRotate\iRotate.exeC:\Programmi\Webshots\webshots.scrc:\programmi\rnamfler\radprcmp.exeC:\WINDOWS\system32\svchost.exeC:\Programmi\Cisco Systems\VPN Client\cvpnd.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\WINDOWS\system32\lkcitdl.exeC:\WINDOWS\system32\lkads.exeC:\WINDOWS\system32\lktsrv.exeC:\Programmi\National Instruments\MAX\nimxs.exeC:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exeC:\WINDOWS\system32\nipalsm.exeC:\WINDOWS\system32\nipalsm.exeC:\Programmi\National Instruments\Shared\Security\nidmsrv.exeC:\WINDOWS\system32\nisvcloc.exeC:\Programmi\National Instruments\Shared\Tagger\tagsrv.exeC:\WINDOWS\system32\poweroff.exeC:\Programmi\rnamfler\naofsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\fxssvc.exeC:\WINDOWS\system32\nipalsm.exeC:\Programmi\Alwil Software\Avast4\ashMaiSv.exeC:\Programmi\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\System32\alg.exeC:\Programmi\Internet Explorer\IEXPLORE.EXEC:\DOCUME~1\MICHEL~1\IMPOST~1\Temp\Rar$EX00.496\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBRR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBRR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.itR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBRR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxycr:8080R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = CollegamentiO2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [synTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exeO4 - HKLM\..\Run: [synTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [Zero Configuration] C:\WINDOWS\System32\svchost.exe -k netsvcsO4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exeO4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [wrna3ls] C:\Programmi\rnamfler\naomf.exeO4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exeO4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"O4 - HKLM\..\Run: [smartDefrag] "C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUpO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\Wcescomm.exe"O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /backgroundO4 - Startup: iRotate.lnk = C:\Programmi\iRotate\iRotate.exeO4 - Startup: Webshots.lnk = C:\Programmi\Webshots\Launcher.exeO4 - Global Startup: VPN Client.lnk = ?O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dllO9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exeO11 - Options group: [iNTERNATIONAL] International*O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://www.xdrive.com/downloads/std_install/setup.exeO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189282010791O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO16 - DPF: {E4792F3D-760F-4F7D-9612-4DA401D88CF4} - http://www.katasearch.com/extraricerca/ExtraSearch.exeO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = grtn.prvO17 - HKLM\Software\..\Telephony: DomainName = grtn.prvO17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = grtn.prvO17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = grtn.prv,servizi.prv,root.prv,grtn,mi.grtnO17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = grtn.prvO17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = grtn.prv,servizi.prv,root.prv,grtn,mi.grtnO17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = grtn.prv,servizi.prv,root.prv,grtn,mi.grtnO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmi\Cisco Systems\VPN Client\cvpnd.exeO23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exeO23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\system32\lkads.exeO23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\system32\lktsrv.exeO23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Programmi\National Instruments\MAX\nimxs.exeO23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exeO23 - Service: NI-488.2 Enumeration Service (ni488enumsvc) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exeO23 - Service: NI Device Loader (nidevldu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exeO23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Programmi\National Instruments\Shared\Security\nidmsrv.exeO23 - Service: NILM License Manager - Macrovision Corporation - C:\Programmi\National Instruments\Shared\License Manager\Bin\lmgrd.exeO23 - Service: NI PXI Resource Manager (nipxirmu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exeO23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exeO23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - C:\Programmi\National Instruments\Shared\Tagger\tagsrv.exeO23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exeO23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exeO23 - Service: Poweroff - Unknown owner - C:\WINDOWS\system32\poweroff.exe" -service (file missing)O23 - Service: RdnaoFlSvc - Unknown owner - C:\Programmi\rnamfler\naofsvc.exeO23 - Service: VNC Server (winvnc) - Unknown owner - C:\Programmi\TightVNC\WinVNC.exe" -service (file missing)Process Explorer doesn't start. I don't know why. Link to comment Share on other sites More sharing options...
Ultima Posted January 22, 2008 Report Share Posted January 22, 2008 http://www.processlibrary.com/directory/files/naomf/243140rnamfler is (apparently) some kind of internet filtering software... If it installs global hooks, it might be problematic. Grab Process Explorer from sysinternals.com, run it, select the µTorrent process, press Ctrl+D, then Ctrl+A. Save the .txt file, open it, copy and paste the contents here.Also, have you disabled avast!'s P2P shield just to be sure it's not interfering? Link to comment Share on other sites More sharing options...
Greg Hazel Posted January 23, 2008 Report Share Posted January 23, 2008 Indeed, the dump files all crashed in radhslib.dll. radhslib.dll is a part of the Naomi web filter by Radiant Morning Technologies. Link to comment Share on other sites More sharing options...
pallaccha Posted January 23, 2008 Author Report Share Posted January 23, 2008 Tahk you for all. I'll try to disable Naomi contents-filter. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.