Hauser Posted December 9, 2008 Report Share Posted December 9, 2008 I get the occasional crash with uTorrent but I don't think much of it, but I just installed a fresh system and had a crash so I thought I'd post the log from windbg. (I'm not sure about the symbols error as I just use the MS symbol server, let me know if there's a different set I should be using.)System is MCE 2005 with SP3 and all Microsoft Update updates as of today, I can post any other info you guys want.******************************************************************************** ** Exception Analysis ** ************************************************************************************************************************************************************ ****** ****** Your debugger is not using the correct symbols ****** ****** In order for this command to work properly, your symbol path ****** must point to .pdb files that have full type information. ****** ****** Certain .pdb files (such as the public OS symbols) do not ****** contain the required information. Contact the group that ****** provided you with these symbols if you need this command to ****** work. ****** ****** Type referenced: kernel32!pNlsUserInfo ****** ******************************************************************************************************************************************************** ****** ****** Your debugger is not using the correct symbols ****** ****** In order for this command to work properly, your symbol path ****** must point to .pdb files that have full type information. ****** ****** Certain .pdb files (such as the public OS symbols) do not ****** contain the required information. Contact the group that ****** provided you with these symbols if you need this command to ****** work. ****** ****** Type referenced: kernel32!pNlsUserInfo ****** ****************************************************************************FAULTING_IP: uTorrent+1f6f40041f6f4 ?? ???EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)ExceptionAddress: 0041f6f4 (uTorrent+0x0001f6f4) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000NumberParameters: 2 Parameter[0]: 00000000 Parameter[1]: 00000000Attempt to read from address 00000000PROCESS_NAME: uTorrent.exeERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".EXCEPTION_PARAMETER1: 00000000EXCEPTION_PARAMETER2: 00000000READ_ADDRESS: 00000000 FOLLOWUP_IP: uTorrent+1f6f40041f6f4 ?? ???NTGLOBALFLAG: 0FAULTING_THREAD: 000000b8DEFAULT_BUCKET_ID: STATUS_ACCESS_VIOLATIONPRIMARY_PROBLEM_CLASS: STATUS_ACCESS_VIOLATIONBUGCHECK_STR: APPLICATION_FAULT_STATUS_ACCESS_VIOLATIONIP_ON_HEAP: 010f4e08FRAME_ONE_INVALID: 1LAST_CONTROL_TRANSFER: from 010f4e08 to 0041f6f4STACK_TEXT: WARNING: Stack unwind information not available. Following frames may be wrong.00f3fe30 010f4e08 00004000 00002667 00f3fe68 uTorrent+0x1f6f400f3fe40 00425bfc 026b0a8d 026b04f9 0045e408 0x10f4e0800f3fe68 00426a1f 0000008f 010f4e08 00000000 uTorrent+0x25bfc00f3ff44 0042035c 010f4e08 000003e8 00420d0e uTorrent+0x26a1f00f3ffac 7c90d9fc 00420d5c 7c80b713 0012fedc uTorrent+0x2035c00f3ffb4 7c80b713 0012fedc 9408981f eeb07738 ntdll!NtRegisterThreadTerminatePort+0xc00f3ffe4 00000000 00000000 00000000 00420d53 kernel32!BaseThreadStart+0x37STACK_COMMAND: ~3s; .ecxr ; kbSYMBOL_STACK_INDEX: 0SYMBOL_NAME: uTorrent+1f6f4FOLLOWUP_NAME: MachineOwnerMODULE_NAME: uTorrentIMAGE_NAME: uTorrent.exeDEBUG_FLR_IMAGE_TIMESTAMP: 48ebab92FAILURE_BUCKET_ID: STATUS_ACCESS_VIOLATION_c0000005_uTorrent.exe!UnknownBUCKET_ID: APPLICATION_FAULT_STATUS_ACCESS_VIOLATION_uTorrent+1f6f4WATSON_IBUCKET: 990005516WATSON_IBUCKETTABLE: 1Followup: MachineOwner--------- Link to comment Share on other sites More sharing options...
Ultima Posted December 9, 2008 Report Share Posted December 9, 2008 Hm.a) get HijackThis from trendsecure.com, run it, view the log, and post the contents here get Process Explorer from sysinternals.com, run it, Ctrl+D (to show the lower DLL pane), select the µTorrent process from the list, Ctrl+S (and save the list somewhere you'll find easily -- like the Desktop), then post the contents of the saved process list in the .txt file here Link to comment Share on other sites More sharing options...
Hauser Posted December 9, 2008 Author Report Share Posted December 9, 2008 HijackThis:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:31:52 PM, on 12/8/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\RunDll32.exeC:\Program Files\NOD32 Antivirus\egui.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\Belkin\Nostromo\nost_LM.exeC:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXEC:\Program Files\NOD32 Antivirus\ekrn.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\SNDVOL32.EXEC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\foobar2000\foobar2000.exeC:\Program Files\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dllO2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXEO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWndO4 - HKLM\..\Run: [egui] "C:\Program Files\NOD32 Antivirus\egui.exe" /hide /waitserviceO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exeO4 - Global Startup: Nostromo Loadout Manager.lnk = ?O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228701070734O17 - HKLM\System\CCS\Services\Tcpip\..\{44961159-67D8-4748-92CF-645A9B83C9E7}: NameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\..\{9492FD28-0179-4529-A68F-4F34E700D3E2}: NameServer = 192.168.1.1O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\NOD32 Antivirus\EHttpSrv.exeO23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\NOD32 Antivirus\ekrn.exeO23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe--End of file - 4854 bytesProcess Explorer:Process PID CPU Description Company NameSystem Idle Process 0 95.38 Interrupts n/a 3.08 Hardware Interrupts DPCs n/a Deferred Procedure Calls System 4 smss.exe 380 Windows NT Session Manager Microsoft Corporation csrss.exe 516 Client Server Runtime Process Microsoft Corporation winlogon.exe 540 Windows NT Logon Application Microsoft Corporation services.exe 584 1.54 Services and Controller app Microsoft Corporation svchost.exe 756 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 816 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 876 Generic Host Process for Win32 Services Microsoft Corporation spoolsv.exe 1232 Spooler SubSystem App Microsoft Corporation svchost.exe 1912 Generic Host Process for Win32 Services Microsoft Corporation ekrn.exe 1932 Eset Service ESET nvsvc32.exe 164 NVIDIA Driver Helper Service, Version 180.48 NVIDIA Corporation lsass.exe 604 LSA Shell (Export Version) Microsoft Corporationexplorer.exe 1328 Windows Explorer Microsoft Corporation rundll32.exe 1416 Run a DLL as an App Microsoft Corporation egui.exe 1428 Eset GUI ESET ctfmon.exe 1456 CTF Loader Microsoft Corporation SetPoint.exe 1488 Logitech SetPoint Event Manager (UNICODE) Logitech, Inc. KHALMNPR.exe 1540 Logitech KHAL Main Process Logitech, Inc. nost_LM.exe 1520 Activator Application for Nostromo Belkin Corporation sndvol32.exe 1824 Volume Control Microsoft Corporation firefox.exe 1140 Firefox Mozilla Corporation foobar2000.exe 956 foobar2000 Application procexp.exe 1152 Sysinternals Process Explorer Sysinternals - www.sysinternals.comuTorrent.exe 1444 µTorrent BitTorrent, Inc.Process: uTorrent.exe Pid: 1444Name Description Company Name VersionACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation 5.01.2600.5512adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.01.2600.5512ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.5512ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0001COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.5512comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.2900.5512ctype.nls DnsApi.dll DNS Client API DLL Microsoft Corporation 5.01.2600.5512eplgHooks.dll Eset Hooks DLL ESET 3.00.0642.0000GameHook.dll Logitech Gaming Hook (UNICODE) Logitech, Inc. 4.70.0213.0000GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.5512hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.01.2600.5512IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.5512Iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.5512kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.5512lgscroll.dll Logitech Scroll Enabler (UNICODE) Logitech, Inc. 4.70.0213.0000locale.nls LPK.DLL Language Pack Microsoft Corporation 5.01.2600.5512MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.01.2600.5512MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.01.2600.5512msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.01.2600.5512MSVCR80.dll Microsoft® C Runtime Library Microsoft Corporation 8.00.50727.3053msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.5512mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.01.2600.5512netapi32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.5694nost_FSH.dll ActivatorHook eTEK Labs 3.01.0000.0818ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.5512NTMARTA.DLL Windows NT MARTA provider Microsoft Corporation 5.01.2600.5512ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.5512oleaut32.dll Microsoft Corporation 5.01.2600.5512psapi.dll Process Status Helper Microsoft Corporation 5.01.2600.5512rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.5512RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.5512rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.01.2600.5507rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.5512SAMLIB.dll SAM Library DLL Microsoft Corporation 5.01.2600.5512Secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.5512SETUPAPI.dll Windows Setup API Microsoft Corporation 5.01.2600.5512SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.5512shfolder.dll Shell Folder Service Microsoft Corporation 6.00.2900.5512SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.5512sortkey.nls sorttbls.nls unicode.nls USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.5512USERENV.dll Userenv Microsoft Corporation 5.01.2600.5512USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.420.2600.5512uTorrent.exe µTorrent BitTorrent, Inc. 1.08.0001.12639uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.5512WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.5512WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.5512WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.5512wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.5512As you see I have NOD32 3.0.642.0 installed but I've excluded uTorrent from the web browsers list in NOD so hopefully that's not an issue. Link to comment Share on other sites More sharing options...
moogly Posted December 9, 2008 Report Share Posted December 9, 2008 eSET sounds bad. Link to comment Share on other sites More sharing options...
DreadWingKnight Posted December 9, 2008 Report Share Posted December 9, 2008 nost_FSH.dll ActivatorHook eTEK Labs 3.01.0000.0818Potential problem. Link to comment Share on other sites More sharing options...
Hauser Posted December 9, 2008 Author Report Share Posted December 9, 2008 I don't know how to spot problems using these logs so thanks for your patience with my questions.The Eset stuff belongs to NOD32 (ESET is the company's name), are there problems with NOD32 3.0.642.0 and uTorrent 1.8.1, even after putting uTorrent in the NOD32 exclusion list? What makes you think there's a problem there?nost_fsh.dll is the Belkin N52 Nostromo gamepad driver, I've run that beside various versions for uTorrent for years. What makes you say it might be a potential problem? Link to comment Share on other sites More sharing options...
thelittlefire Posted December 9, 2008 Report Share Posted December 9, 2008 If there's a place to make exceptions... use it. There really is no reason to inject into uT. And as an example, MouseImp, a program which helps pointing devices, causes uT to crash when enabled for some people.Right now, it's about stripping off unnecessary parts to see if it is hardware or software. Link to comment Share on other sites More sharing options...
Hauser Posted December 9, 2008 Author Report Share Posted December 9, 2008 I assume the gamepad injects itself into any running application since it's designed to be used with anything (e.g. I've used it with Excel to speed up some of the complex copy/pasting I needed to do on monthly P/L statements at work). That said I don't really use it anymore so I'll uninstall it and post back if there's another crash. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.