Crashes since 1.7.6 and now with 1.7.7

[blaat]

Having random crashes since 1.7.6.

Sometimes every 24 hours, sometimes 3x in one hour.

Running this on a small server.

Versions before 1.7.6 always worked perfect with uptime of 70+ days.

logs:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:09:34 AM, on 2/16/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\logonui.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\logon.scr

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\rdpclip.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

E:\procexp.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

--

End of file - 3112 bytes

Process PID CPU Description Company Name

System Idle Process 0 77.66

Interrupts n/a Hardware Interrupts

DPCs n/a Deferred Procedure Calls

System 4 1.06

smss.exe 500 Windows NT Session Manager Microsoft Corporation

csrss.exe 604 Client Server Runtime Process Microsoft Corporation

winlogon.exe 628 Windows NT Logon Application Microsoft Corporation

services.exe 672 2.13 Services and Controller app Microsoft Corporation

svchost.exe 864 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 924 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1048 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1148 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1200 Generic Host Process for Win32 Services Microsoft Corporation

spoolsv.exe 1324 Spooler SubSystem App Microsoft Corporation

alg.exe 1872 Application Layer Gateway Service Microsoft Corporation

lsass.exe 684 LSA Shell (Export Version) Microsoft Corporation

logonui.exe 828 Windows Logon UI Microsoft Corporation

logon.scr 576 Logon Screen Saver Microsoft Corporation

csrss.exe 1084 6.38 Client Server Runtime Process Microsoft Corporation

winlogon.exe 1112 Windows NT Logon Application Microsoft Corporation

rdpclip.exe 1436 RDP Clip Monitor Microsoft Corporation

wuauclt.exe 296 Windows Update Automatic Updates Microsoft Corporation

explorer.exe 1464 Windows Explorer Microsoft Corporation

VTTimer.exe 1836 S3 Graphics, Inc.

ctfmon.exe 1644 CTF Loader Microsoft Corporation

procexp.exe 1248 11.70 Sysinternals Process Explorer Sysinternals

uTorrent.exe 520

notepad.exe 984 Notepad Microsoft Corporation

HijackThis.exe 1568 HijackThis Trend Micro Inc.

notepad.exe 1760 Notepad Microsoft Corporation

http://upload2.net/page/download/QtfnIG3C2rlFp3n/8179-utorrent.f403.dmp.html

[jewelisheaven]

Can you edit the process explorer log and provide the actual dll list? You'll need to Ctrl-L, and Ctrl-D .. before copy-pasting the log

What's vttimer?

[blaat]

I guess you only need the used dll's for the utorrent process?

Process PID CPU Description Company Name

System Idle Process 0 88.41

Interrupts n/a Hardware Interrupts

DPCs n/a 2.90 Deferred Procedure Calls

System 4

explorer.exe 1464 Windows Explorer Microsoft Corporation

VTTimer.exe 1836 S3 Graphics, Inc.

ctfmon.exe 1644 CTF Loader Microsoft Corporation

uTorrent.exe 520 2.90

procexp.exe 1088 2.90 Sysinternals Process Explorer Sysinternals

notepad.exe 744 Notepad Microsoft Corporation

Process: uTorrent.exe Pid: 520

Name Description Company Name Version

ACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation 5.01.2600.2180

adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.01.2600.2180

ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.2180

ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0000

CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0312

COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2982

comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.2900.2180

COMRes.dll Microsoft Corporation 2001.12.4414.0258

ctype.nls

DNSAPI.dll DNS Client API DLL Microsoft Corporation 5.01.2600.2938

GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.3159

hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.01.2600.2180

IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.2180

Iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.2912

kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.3119

locale.nls

MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.01.2600.2180

MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.01.2600.3085

msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.01.2600.2180

msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.3085

mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.01.2600.2180

NETAPI32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.2976

ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.2180

ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.2948

oleaut32.dll Microsoft Corporation 5.01.2600.3139

rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.2938

RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.3173

rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.2180

SAMLIB.dll SAM Library DLL Microsoft Corporation 5.01.2600.2180

SETUPAPI.dll Windows Setup API Microsoft Corporation 5.01.2600.2938

SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.3241

SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.2995

sortkey.nls

sorttbls.nls

unicode.nls

USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.3099

uTorrent.exe

UxTheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.2845

VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180

winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 5.01.2600.2180

WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.2180

WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180

WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.2180

wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.2180

VTtimer comes from the via chipset S3 driver.

info: "vttimer.exe is installed alongside the drivers for S3 chipsets and adds increased diagnostics and functionality for these products. This program is a non-essential process, but should not be terminated unless suspected to be causing problems."

[Firon]

Well, try disabling it...

[jewelisheaven]

Am I not mistaken but isn't S3 from back in the day when RAGE cards were around? Yea vttimer and vttrayp are my only leads atm. :/

[blaat]

Running this on those Via epia mini-itx mainboards with everything integrated.

However, I disabled the S3 stuff, but I still have the crashes last day and night.

Only normal windows processes/services are running now.

Have done AV-scans and even rootkit detection tools to check no other stuff is hooked/running.

[Greg Hazel]

Can you upload another dump? That one seems to be truncated .

[blaat]

http://www.zshare.net/download/7784512cdd38f0/

[Greg Hazel]

This indicates heap corruption. Unfortunately where it finds it and where it occured are different. You could run uTorrent with more aggressive heap checking on.

To do that:

Install Debugging Tools for Windows http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx

Start > Programs > Debugging Tools for Windows > Global Flags

Check the boxes "Enable page heap" and "Enable application verifier". Hit "OK". Run uTorrent as normal.

When it crashes send me the new dump, please.

[blaat]

http://www.zshare.net/download/7826554cd76bb8/

[Greg Hazel]

http://www.zshare.net/download/7826554cd76bb8/

Thanks! This is a common stack trace. I would love to know what causes this, but there's also a high probability we solved this in 1.8. How often does it happen?

You could try turning off UPnP, if you can stand it, to see if the problem goes away. If you are very brave, you can try the 1.8 alpha

[blaat]

Well, the crashes are very random.

A few times an hour, or sometimes it runs for a day (like when I installed the ms debug tools, it has been running for almost 20-24 hours.)

I'll try the UPnP option first.

If that doesn't work I'll try the 1.8 alpha