Had a crash today on a brand new install, windbg output included

[Hauser]

I get the occasional crash with uTorrent but I don't think much of it, but I just installed a fresh system and had a crash so I thought I'd post the log from windbg. (I'm not sure about the symbols error as I just use the MS symbol server, let me know if there's a different set I should be using.)

System is MCE 2005 with SP3 and all Microsoft Update updates as of today, I can post any other info you guys want.

*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************

*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: kernel32!pNlsUserInfo                         ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: kernel32!pNlsUserInfo                         ***
***                                                                   ***
*************************************************************************

FAULTING_IP: 
uTorrent+1f6f4
0041f6f4 ??              ???

EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 0041f6f4 (uTorrent+0x0001f6f4)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 00000000
Attempt to read from address 00000000

PROCESS_NAME:  uTorrent.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

EXCEPTION_PARAMETER1:  00000000

EXCEPTION_PARAMETER2:  00000000

READ_ADDRESS:  00000000 

FOLLOWUP_IP: 
uTorrent+1f6f4
0041f6f4 ??              ???

NTGLOBALFLAG:  0

FAULTING_THREAD:  000000b8

DEFAULT_BUCKET_ID:  STATUS_ACCESS_VIOLATION

PRIMARY_PROBLEM_CLASS:  STATUS_ACCESS_VIOLATION

BUGCHECK_STR:  APPLICATION_FAULT_STATUS_ACCESS_VIOLATION

IP_ON_HEAP:  010f4e08

FRAME_ONE_INVALID: 1

LAST_CONTROL_TRANSFER:  from 010f4e08 to 0041f6f4

STACK_TEXT:  
WARNING: Stack unwind information not available. Following frames may be wrong.
00f3fe30 010f4e08 00004000 00002667 00f3fe68 uTorrent+0x1f6f4
00f3fe40 00425bfc 026b0a8d 026b04f9 0045e408 0x10f4e08
00f3fe68 00426a1f 0000008f 010f4e08 00000000 uTorrent+0x25bfc
00f3ff44 0042035c 010f4e08 000003e8 00420d0e uTorrent+0x26a1f
00f3ffac 7c90d9fc 00420d5c 7c80b713 0012fedc uTorrent+0x2035c
00f3ffb4 7c80b713 0012fedc 9408981f eeb07738 ntdll!NtRegisterThreadTerminatePort+0xc
00f3ffe4 00000000 00000000 00000000 00420d53 kernel32!BaseThreadStart+0x37


STACK_COMMAND:  ~3s; .ecxr ; kb

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  uTorrent+1f6f4

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: uTorrent

IMAGE_NAME:  uTorrent.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  48ebab92

FAILURE_BUCKET_ID:  STATUS_ACCESS_VIOLATION_c0000005_uTorrent.exe!Unknown

BUCKET_ID:  APPLICATION_FAULT_STATUS_ACCESS_VIOLATION_uTorrent+1f6f4

WATSON_IBUCKET:  990005516

WATSON_IBUCKETTABLE:  1

Followup: MachineOwner
---------

[Ultima]

Hm.

a) get HijackThis from trendsecure.com, run it, view the log, and post the contents here

get Process Explorer from sysinternals.com, run it, Ctrl+D (to show the lower DLL pane), select the µTorrent process from the list, Ctrl+S (and save the list somewhere you'll find easily -- like the Desktop), then post the contents of the saved process list in the .txt file here

[Hauser]

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:31:52 PM, on 12/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [egui] "C:\Program Files\NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Nostromo Loadout Manager.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228701070734
O17 - HKLM\System\CCS\Services\Tcpip\..\{44961159-67D8-4748-92CF-645A9B83C9E7}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{9492FD28-0179-4529-A68F-4F34E700D3E2}: NameServer = 192.168.1.1
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\NOD32 Antivirus\ekrn.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4854 bytes

Process Explorer:

Process    PID    CPU    Description    Company Name
System Idle Process    0    95.38        
 Interrupts    n/a    3.08    Hardware Interrupts    
 DPCs    n/a        Deferred Procedure Calls    
 System    4            
  smss.exe    380        Windows NT Session Manager    Microsoft Corporation
   csrss.exe    516        Client Server Runtime Process    Microsoft Corporation
   winlogon.exe    540        Windows NT Logon Application    Microsoft Corporation
    services.exe    584    1.54    Services and Controller app    Microsoft Corporation
     svchost.exe    756        Generic Host Process for Win32 Services    Microsoft Corporation
     svchost.exe    816        Generic Host Process for Win32 Services    Microsoft Corporation
     svchost.exe    876        Generic Host Process for Win32 Services    Microsoft Corporation
     spoolsv.exe    1232        Spooler SubSystem App    Microsoft Corporation
     svchost.exe    1912        Generic Host Process for Win32 Services    Microsoft Corporation
     ekrn.exe    1932        Eset Service    ESET
     nvsvc32.exe    164        NVIDIA Driver Helper Service, Version 180.48    NVIDIA Corporation
    lsass.exe    604        LSA Shell (Export Version)    Microsoft Corporation
explorer.exe    1328        Windows Explorer    Microsoft Corporation
 rundll32.exe    1416        Run a DLL as an App    Microsoft Corporation
 egui.exe    1428        Eset GUI    ESET
 ctfmon.exe    1456        CTF Loader    Microsoft Corporation
 SetPoint.exe    1488        Logitech SetPoint Event Manager (UNICODE)    Logitech, Inc.
  KHALMNPR.exe    1540        Logitech KHAL Main Process    Logitech, Inc.
 nost_LM.exe    1520        Activator Application for Nostromo    Belkin Corporation
 sndvol32.exe    1824        Volume Control    Microsoft Corporation
 firefox.exe    1140        Firefox    Mozilla Corporation
 foobar2000.exe    956        foobar2000 Application    
 procexp.exe    1152        Sysinternals Process Explorer    Sysinternals - www.sysinternals.com
uTorrent.exe    1444        µTorrent    BitTorrent, Inc.

Process: uTorrent.exe Pid: 1444

Name    Description    Company Name    Version
ACTIVEDS.dll    ADs Router Layer DLL    Microsoft Corporation    5.01.2600.5512
adsldpc.dll    ADs LDAP Provider C DLL    Microsoft Corporation    5.01.2600.5512
ADVAPI32.dll    Advanced Windows 32 Base API    Microsoft Corporation    5.01.2600.5512
ATL.DLL    ATL Module for Windows XP (Unicode)    Microsoft Corporation    3.05.2284.0001
COMCTL32.dll    User Experience Controls Library    Microsoft Corporation    6.00.2900.5512
comdlg32.dll    Common Dialogs DLL    Microsoft Corporation    6.00.2900.5512
ctype.nls            
DnsApi.dll    DNS Client API DLL    Microsoft Corporation    5.01.2600.5512
eplgHooks.dll    Eset Hooks DLL    ESET    3.00.0642.0000
GameHook.dll    Logitech Gaming Hook (UNICODE)    Logitech, Inc.    4.70.0213.0000
GDI32.dll    GDI Client DLL    Microsoft Corporation    5.01.2600.5512
hnetcfg.dll    Home Networking Configuration Manager    Microsoft Corporation    5.01.2600.5512
IMM32.DLL    Windows XP IMM32 API Client DLL    Microsoft Corporation    5.01.2600.5512
Iphlpapi.dll    IP Helper API    Microsoft Corporation    5.01.2600.5512
kernel32.dll    Windows NT BASE API Client DLL    Microsoft Corporation    5.01.2600.5512
lgscroll.dll    Logitech Scroll Enabler (UNICODE)    Logitech, Inc.    4.70.0213.0000
locale.nls            
LPK.DLL    Language Pack    Microsoft Corporation    5.01.2600.5512
MPRAPI.dll    Windows NT MP Router Administration DLL    Microsoft Corporation    5.01.2600.5512
MSCTF.dll    MSCTF Server DLL    Microsoft Corporation    5.01.2600.5512
msctfime.ime    Microsoft Text Frame Work Service IME    Microsoft Corporation    5.01.2600.5512
MSVCR80.dll    Microsoft® C Runtime Library    Microsoft Corporation    8.00.50727.3053
msvcrt.dll    Windows NT CRT DLL    Microsoft Corporation    7.00.2600.5512
mswsock.dll    Microsoft Windows Sockets 2.0 Service Provider    Microsoft Corporation    5.01.2600.5512
netapi32.dll    Net Win32 API DLL    Microsoft Corporation    5.01.2600.5694
nost_FSH.dll    ActivatorHook    eTEK Labs    3.01.0000.0818
ntdll.dll    NT Layer DLL    Microsoft Corporation    5.01.2600.5512
NTMARTA.DLL    Windows NT MARTA provider    Microsoft Corporation    5.01.2600.5512
ole32.dll    Microsoft OLE for Windows    Microsoft Corporation    5.01.2600.5512
oleaut32.dll        Microsoft Corporation    5.01.2600.5512
psapi.dll    Process Status Helper    Microsoft Corporation    5.01.2600.5512
rasadhlp.dll    Remote Access AutoDial Helper    Microsoft Corporation    5.01.2600.5512
RPCRT4.dll    Remote Procedure Call Runtime    Microsoft Corporation    5.01.2600.5512
rsaenh.dll    Microsoft Enhanced Cryptographic Provider    Microsoft Corporation    5.01.2600.5507
rtutils.dll    Routing Utilities    Microsoft Corporation    5.01.2600.5512
SAMLIB.dll    SAM Library DLL    Microsoft Corporation    5.01.2600.5512
Secur32.dll    Security Support Provider Interface    Microsoft Corporation    5.01.2600.5512
SETUPAPI.dll    Windows Setup API    Microsoft Corporation    5.01.2600.5512
SHELL32.dll    Windows Shell Common Dll    Microsoft Corporation    6.00.2900.5512
shfolder.dll    Shell Folder Service    Microsoft Corporation    6.00.2900.5512
SHLWAPI.dll    Shell Light-weight Utility Library    Microsoft Corporation    6.00.2900.5512
sortkey.nls            
sorttbls.nls            
unicode.nls            
USER32.dll    Windows XP USER API Client DLL    Microsoft Corporation    5.01.2600.5512
USERENV.dll    Userenv    Microsoft Corporation    5.01.2600.5512
USP10.dll    Uniscribe Unicode script processor    Microsoft Corporation    1.420.2600.5512
uTorrent.exe    µTorrent    BitTorrent, Inc.    1.08.0001.12639
uxtheme.dll    Microsoft UxTheme Library    Microsoft Corporation    6.00.2900.5512
WLDAP32.dll    Win32 LDAP API DLL    Microsoft Corporation    5.01.2600.5512
WS2_32.dll    Windows Socket 2.0 32-Bit DLL    Microsoft Corporation    5.01.2600.5512
WS2HELP.dll    Windows Socket 2.0 Helper for Windows NT    Microsoft Corporation    5.01.2600.5512
wshtcpip.dll    Windows Sockets Helper DLL    Microsoft Corporation    5.01.2600.5512

As you see I have NOD32 3.0.642.0 installed but I've excluded uTorrent from the web browsers list in NOD so hopefully that's not an issue.

[moogly]

eSET sounds bad.

[DreadWingKnight]

nost_FSH.dll ActivatorHook eTEK Labs 3.01.0000.0818

Potential problem.

[Hauser]

I don't know how to spot problems using these logs so thanks for your patience with my questions.

The Eset stuff belongs to NOD32 (ESET is the company's name), are there problems with NOD32 3.0.642.0 and uTorrent 1.8.1, even after putting uTorrent in the NOD32 exclusion list? What makes you think there's a problem there?

nost_fsh.dll is the Belkin N52 Nostromo gamepad driver, I've run that beside various versions for uTorrent for years. What makes you say it might be a potential problem?

[thelittlefire]

If there's a place to make exceptions... use it. There really is no reason to inject into uT. And as an example, MouseImp, a program which helps pointing devices, causes uT to crash when enabled for some people.

Right now, it's about stripping off unnecessary parts to see if it is hardware or software.

[Hauser]

I assume the gamepad injects itself into any running application since it's designed to be used with anything (e.g. I've used it with Excel to speed up some of the complex copy/pasting I needed to do on monthly P/L statements at work). That said I don't really use it anymore so I'll uninstall it and post back if there's another crash.