uTorrent 1.8.1 Crashes Win2k3 Server

[netRAT]

Hi, I have 1.8.1 running on Server 2003 (fresh install) and keep getting crashes, almost daily.

I have no idea why this is happening and have also eliminated all possible causes mentioned in the 'Having Crashes' sticky.

I have a few dmps in my uTorrent directory, is it kosher to upload and post them here for someone to inspect?

Thanks,

netRAT.

[Ultima]

Sure, uploading them should be fine.

As well...

a) get HijackThis from trendsecure.com, run it, view the log, and post the contents here

get Process Explorer from sysinternals.com, run it, Ctrl+D (to show the lower DLL pane), select the µTorrent process from the list, Ctrl+S (and save the list somewhere you'll find easily -- like the Desktop), then post the contents of the saved process list in the .txt file here

[GTHK]

Zip/rar/7zip them first, it's easier to work with that way. Might help, might not. Expect to provide PE w/ DLL list and HJT logs if it fails: http://forum.utorrent.com/viewtopic.php?id=29748

[netRAT]

Ok, here goes:

HiJackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:32:48 PM, on 25/11/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\cFosSpeed\spd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\rserver30\RServer3.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Dfsr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Acronis\TrueImageEchoEnterpriseServer\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageEchoEnterpriseServer\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Process Lasso\processlasso.exe
C:\Program Files\Process Lasso\processgovernor.exe
C:\WINDOWS\system32\rserver30\FamItrfc.Exe
C:\WINDOWS\system32\rserver30\FamItrf2.Exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://sis.com/
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageEchoEnterpriseServer\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageEchoEnterpriseServer\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ProcessSupervisorGUI] C:\Program Files\Process Lasso\processlasso.exe
O4 - HKLM\..\Run: [ProcessGovernor] C:\Program Files\Process Lasso\processgovernor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226393240437
O20 - AppInit_DLLs: C:\WINDOWS\system32\rserver30\newtstop.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe

--
End of file - 6244 bytes

PE Log:

Process    PID    CPU    Description    Company Name
System Idle Process    0    89.39        
 Interrupts    n/a        Hardware Interrupts    
 DPCs    n/a        Deferred Procedure Calls    
 System    4            
  smss.exe    428        Windows NT Session Manager    Microsoft Corporation
   csrss.exe    476        Client Server Runtime Process    Microsoft Corporation
   winlogon.exe    508        Windows NT Logon Application    Microsoft Corporation
    services.exe    556    1.52    Services and Controller app    Microsoft Corporation
     svchost.exe    800        Generic Host Process for Win32 Services    Microsoft Corporation
      wmiprvse.exe    2544        WMI    Microsoft Corporation
      wmiprvse.exe    3272        WMI    Microsoft Corporation
     svchost.exe    872        Generic Host Process for Win32 Services    Microsoft Corporation
     svchost.exe    928        Generic Host Process for Win32 Services    Microsoft Corporation
     svchost.exe    964        Generic Host Process for Win32 Services    Microsoft Corporation
     svchost.exe    1000        Generic Host Process for Win32 Services    Microsoft Corporation
     spoolsv.exe    1160        Spooler SubSystem App    Microsoft Corporation
     msdtc.exe    1184        MS DTCconsole program    Microsoft Corporation
     dllhost.exe    1312        COM Surrogate    Microsoft Corporation
     schedul2.exe    1344        Acronis Scheduler 2    Acronis
     spd.exe    1420        cFosSpeed Service    cFos Software GmbH
     svchost.exe    1476        Generic Host Process for Win32 Services    Microsoft Corporation
     ramaint.exe    1512        LogMeIn Maintenance Service    LogMeIn, Inc.
     LogMeIn.exe    1572        LogMeIn    LogMeIn, Inc.
      LMIGuardian.exe    1656        LMIGuardian    LogMeIn, Inc.
     nod32krn.exe    1708        NOD32 Kernel Service    Eset 
     svchost.exe    1760        Generic Host Process for Win32 Services    Microsoft Corporation
     rserver3.exe    1788    6.06    Radmin Server    Famatech International Corp.
      FamItrfc.Exe    704        Radmin component    Famatech International Corp.
      FamItrf2.Exe    3444    1.52    Radmin component    Famatech International Corp.
     svchost.exe    1872        Generic Host Process for Win32 Services    Microsoft Corporation
     Dfsr.exe    2000        Distributed File System Replication    Microsoft Corporation
     svchost.exe    1008        Generic Host Process for Win32 Services    Microsoft Corporation
     dllhost.exe    2052        COM Surrogate    Microsoft Corporation
     alg.exe    2220        Application Layer Gateway Service    Microsoft Corporation
     svchost.exe    2676        Generic Host Process for Win32 Services    Microsoft Corporation
    lsass.exe    580        LSA Shell    Microsoft Corporation
explorer.exe    2556        Windows Explorer    Microsoft Corporation
 LogMeInSystray.exe    1728        LogMeIn Desktop Application    LogMeIn, Inc.
  LMIGuardian.exe    2792        LMIGuardian    LogMeIn, Inc.
 UnlockerAssistant.exe    420            
 TrueImageMonitor.exe    1176        Acronis True Image Monitor    Acronis
 TimounterMonitor.exe    2708        Monitor for Acronis True Image Backup Archive Explorer    Acronis
 schedhlp.exe    2724        Acronis Scheduler Helper    Acronis
 cfosspeed.exe    2752        cFosSpeed Window    cFos Software GmbH
 nod32kui.exe    2756        NOD32 Control Center GUI    Eset 
 ctfmon.exe    2896        CTF Loader    Microsoft Corporation
 orbitdm.exe    888        Orbit Downloader    Orbitdownloader.com
  orbitnet.exe    1932        P2P service of Orbit Downloader    Orbitdownloader.com
 procexp.exe    2820    1.52    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com
ProcessLasso.exe    4048        Process Lasso management console    Bitsum Technologies
 ProcessGovernor.exe    3868        Process Lasso core engine    Bitsum Technologies

CrashDumps:

http://tinyurl.com/6p7kgh

Thanks for your help!

netRAT.

[moogly]

You need to run uT and select utorrent.exe in list and enable DLL mode (ctrl+d) for Process Explorer.

Did you disable IMOn for NOD32 ?

[netRAT]

I thought the NOD32 issues were only related to V3.x. Guess I was wrong...

I'll add the exception in IMON. However, I must say I have never experienced any uTorrent issues while running NOD 2.x on my other machine...

Anything else look fishy?

Process: uTorrent.exe Pid: 2336

Name    Description    Company Name    Version
ACTIVEDS.dll    ADs Router Layer DLL    Microsoft Corporation    5.02.3790.3959
adsldpc.dll    ADs LDAP Provider C DLL    Microsoft Corporation    5.02.3790.3959
ADVAPI32.dll    Advanced Windows 32 Base API    Microsoft Corporation    5.02.3790.3959
apphelp.dll    Application Compatibility Client Library    Microsoft Corporation    5.02.3790.3959
ATL.DLL    ATL Module for Windows XP (Unicode)    Microsoft Corporation    3.05.2283.0000
CLBCatQ.DLL    COM+ Configuration Catalog    Microsoft Corporation    2001.12.4720.3959
CLUSAPI.dll    Cluster API Library    Microsoft Corporation    5.02.3790.3959
COMCTL32.dll    User Experience Controls Library    Microsoft Corporation    6.00.3790.3959
comdlg32.dll    Common Dialogs DLL    Microsoft Corporation    6.00.3790.3959
COMRes.dll    COM+ Resources    Microsoft Corporation    2001.12.4720.3959
credui.dll    Credential Manager User Interface    Microsoft Corporation    5.02.3790.3959
ctype.nls            
DnsApi.dll    DNS Client API DLL    Microsoft Corporation    5.02.3790.4318
GDI32.dll    GDI Client DLL    Microsoft Corporation    5.02.3790.4237
hnetcfg.dll    Home Networking Configuration Manager    Microsoft Corporation    5.02.3790.3959
IMM32.DLL    Windows IMM32 API Client DLL    Microsoft Corporation    5.02.3790.3959
Iphlpapi.dll    IP Helper API    Microsoft Corporation    5.02.3790.3959
kernel32.dll    Windows NT BASE API Client DLL    Microsoft Corporation    5.02.3790.4062
locale.nls            
LPK.DLL    Language Pack    Microsoft Corporation    5.02.3790.3959
MPRAPI.dll    Windows NT MP Router Administration DLL    Microsoft Corporation    5.02.3790.3959
MSCTF.dll    MSCTF Server DLL    Microsoft Corporation    5.02.3790.3959
msctfime.ime    Microsoft Text Frame Work Service IME    Microsoft Corporation    5.02.3790.3959
msvcrt.dll    Windows NT CRT DLL    Microsoft Corporation    7.00.3790.3959
mswsock.dll    Microsoft Windows Sockets 2.0 Service Provider    Microsoft Corporation    5.02.3790.4318
netapi32.dll    Net Win32 API DLL    Microsoft Corporation    5.02.3790.4392
NETSHELL.dll    Network Connections Shell    Microsoft Corporation    5.02.3790.3959
ntdll.dll    NT Layer DLL    Microsoft Corporation    5.02.3790.3959
ole32.dll    Microsoft OLE for Windows    Microsoft Corporation    5.02.3790.3959
oleaut32.dll        Microsoft Corporation    5.02.3790.4202
PSAPI.DLL    Process Status Helper    Microsoft Corporation    5.02.3790.3959
R00000000000c.clb            
rasadhlp.dll    Remote Access AutoDial Helper    Microsoft Corporation    5.02.3790.3959
RPCRT4.dll    Remote Procedure Call Runtime    Microsoft Corporation    5.02.3790.4115
rsaenh.dll    Microsoft Enhanced Cryptographic Provider    Microsoft Corporation    5.02.3790.3959
rtutils.dll    Routing Utilities    Microsoft Corporation    5.02.3790.3959
SAMLIB.dll    SAM Library DLL    Microsoft Corporation    5.02.3790.3959
Secur32.dll    Security Support Provider Interface    Microsoft Corporation    5.02.3790.3959
SETUPAPI.dll    Windows Setup API    Microsoft Corporation    5.02.3790.3959
SHELL32.dll    Windows Shell Common Dll    Microsoft Corporation    6.00.3790.4184
shfolder.dll    Shell Folder Service    Microsoft Corporation    6.00.3790.3959
SHLWAPI.dll    Shell Light-weight Utility Library    Microsoft Corporation    6.00.3790.3959
sortkey.nls            
sorttbls.nls            
unicode.nls            
UnlockerHook.dll            
USER32.dll    Windows USER API Client DLL    Microsoft Corporation    5.02.3790.4033
USERENV.dll    Userenv    Microsoft Corporation    5.02.3790.3959
USP10.dll    Uniscribe Unicode script processor    Microsoft Corporation    1.422.3790.3959
uTorrent.exe    µTorrent    BitTorrent, Inc.    1.08.0001.12639
UxTheme.dll    Microsoft UxTheme Library    Microsoft Corporation    6.00.3790.3959
VERSION.dll    Version Checking and File Installation Libraries    Microsoft Corporation    5.02.3790.3959
winrnr.dll    LDAP RnR Provider DLL    Microsoft Corporation    5.02.3790.3959
WLDAP32.dll    Win32 LDAP API DLL    Microsoft Corporation    5.02.3790.3959
WS2_32.dll    Windows Socket 2.0 32-Bit DLL    Microsoft Corporation    5.02.3790.3959
WS2HELP.dll    Windows Socket 2.0 Helper for Windows NT    Microsoft Corporation    5.02.3790.3959
wshtcpip.dll    Windows Sockets Helper DLL    Microsoft Corporation    5.02.3790.3959
xpsp2res.dll    Service Pack 2 Messages    Microsoft Corporation    5.02.3790.3959

[GTHK]

Update Windows?

[netRAT]

Yeah...forgot to mention, Windows is fully patched with latest updates and available drivers.

netRAT.

[GTHK]

Crashdumps weren't very helpful, seemed to talk about a file related to memory management. What cache settings are you using?

[netRAT]

It's at the default OS settings "System cache".

netRAT.

[GTHK]

Cache settings in µTorrent

[netRAT]

oh...

Crashed again last night...

Gonna try an older uTorrent version perhaps.

Thanks!

netRAT.

[GTHK]

Yeahhhhhhhhh, older versions are unsupported, have security issues and other bugs.

Really though I don't see anything wrong, maybe someone else will.. could try mucking with the Windows bypasses, or run a memory tester.

[netRAT]

It's just uTorrent that crashes...

Ran memtest for 7 passes, no errors detected.

I'm starting to think this is hardware/driver related...

The machine in question isn't brand new. Specs are as follows:

MB: GA-8S648FX-775 (SiS 648FX chipset)

CPU: Intel Celeron 2.8

RAM: 1.25GB DDR333

HDD:

Western Digital WDC-WD800BB-60JKA0 80GB (system drive) (IDE)

Seagate ST3200826A 200GB (data drive) (IDE)

Samsung HD753LJ 700GB (data drive) (SATA II)

PSU: it's a decent Thermaltake 450W

GPU: ATI Radeon 9250 AGP

LAN: Realtek based PCI RTL8169/8110

Optical: Pioneer DVR 111L

All drivers seem to be installed correctly, I have the latest ones available.

The only possible issue that comes to mind is the Samsung HDD (SATA II) installed on a SATA I board.

The OS recognises it as a SCSI drive which seems fine according to some research I performed.

Had a good look in the Event Viewer and all appears to be OK.

I'm running out of ideas here...

netRAT.

[GTHK]

Backup your appdata and try the 1.9 alpha that was just released? Also, check to see if the Samsung is supposed to have a driver set, SATA II drives on older SATA I controllers may need a jumper due to some detection problem or something, though this may only apply to WD drives.

You're sure all the drivers are updated?

[Firon]

Can you try running the 1.9 alpha?

If the download speeds are bad, set bt.transp_disposition to 0 for 1.8.1 behavior.

[netRAT]

GTHK, in my Samsung drive there's no jumper. They have a boot disk utility that sets the limit at 1.5Gb/s. I think this method should only be used if the drive isn't detected at all.

I'm going to run it tonight on different cache settings. If it still crashes I'll try 1.9 alpha.

I'll report back with my findings...

Thanks for all your help guys!

netRAT.

EDIT:

Ok, it appears I've fixed the problem. Have not had a crash in a couple of days!

All I did was set a jumper on my 80GB WD IDE system drive to master. There was no jumper there before.

BIOS and Windows seemed to be happy, that's why I didn't bother checking...

Anyway...fingers crossed!

netRAT.