Jump to content

Had a crash today on a brand new install, windbg output included


Recommended Posts

I get the occasional crash with uTorrent but I don't think much of it, but I just installed a fresh system and had a crash so I thought I'd post the log from windbg. (I'm not sure about the symbols error as I just use the MS symbol server, let me know if there's a different set I should be using.)

System is MCE 2005 with SP3 and all Microsoft Update updates as of today, I can post any other info you guys want.

* *
* Exception Analysis *
* *

*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** ***

0041f6f4 ?? ???

EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 0041f6f4 (uTorrent+0x0001f6f4)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000000
Attempt to read from address 00000000

PROCESS_NAME: uTorrent.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".



READ_ADDRESS: 00000000

0041f6f4 ?? ???






IP_ON_HEAP: 010f4e08


LAST_CONTROL_TRANSFER: from 010f4e08 to 0041f6f4

WARNING: Stack unwind information not available. Following frames may be wrong.
00f3fe30 010f4e08 00004000 00002667 00f3fe68 uTorrent+0x1f6f4
00f3fe40 00425bfc 026b0a8d 026b04f9 0045e408 0x10f4e08
00f3fe68 00426a1f 0000008f 010f4e08 00000000 uTorrent+0x25bfc
00f3ff44 0042035c 010f4e08 000003e8 00420d0e uTorrent+0x26a1f
00f3ffac 7c90d9fc 00420d5c 7c80b713 0012fedc uTorrent+0x2035c
00f3ffb4 7c80b713 0012fedc 9408981f eeb07738 ntdll!NtRegisterThreadTerminatePort+0xc
00f3ffe4 00000000 00000000 00000000 00420d53 kernel32!BaseThreadStart+0x37

STACK_COMMAND: ~3s; .ecxr ; kb


SYMBOL_NAME: uTorrent+1f6f4



IMAGE_NAME: uTorrent.exe






Followup: MachineOwner

Link to comment
Share on other sites


a) get HijackThis from trendsecure.com, run it, view the log, and post the contents here

B) get Process Explorer from sysinternals.com, run it, Ctrl+D (to show the lower DLL pane), select the µTorrent process from the list, Ctrl+S (and save the list somewhere you'll find easily -- like the Desktop), then post the contents of the saved process list in the .txt file here

Link to comment
Share on other sites


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:31:52 PM, on 12/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\Program Files\NOD32 Antivirus\egui.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\NOD32 Antivirus\ekrn.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [egui] "C:\Program Files\NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Nostromo Loadout Manager.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228701070734
O17 - HKLM\System\CCS\Services\Tcpip\..\{44961159-67D8-4748-92CF-645A9B83C9E7}: NameServer =
O17 - HKLM\System\CCS\Services\Tcpip\..\{9492FD28-0179-4529-A68F-4F34E700D3E2}: NameServer =
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\NOD32 Antivirus\ekrn.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

End of file - 4854 bytes

Process Explorer:

Process    PID    CPU    Description    Company Name
System Idle Process 0 95.38
Interrupts n/a 3.08 Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 380 Windows NT Session Manager Microsoft Corporation
csrss.exe 516 Client Server Runtime Process Microsoft Corporation
winlogon.exe 540 Windows NT Logon Application Microsoft Corporation
services.exe 584 1.54 Services and Controller app Microsoft Corporation
svchost.exe 756 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 816 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 876 Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1232 Spooler SubSystem App Microsoft Corporation
svchost.exe 1912 Generic Host Process for Win32 Services Microsoft Corporation
ekrn.exe 1932 Eset Service ESET
nvsvc32.exe 164 NVIDIA Driver Helper Service, Version 180.48 NVIDIA Corporation
lsass.exe 604 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 1328 Windows Explorer Microsoft Corporation
rundll32.exe 1416 Run a DLL as an App Microsoft Corporation
egui.exe 1428 Eset GUI ESET
ctfmon.exe 1456 CTF Loader Microsoft Corporation
SetPoint.exe 1488 Logitech SetPoint Event Manager (UNICODE) Logitech, Inc.
KHALMNPR.exe 1540 Logitech KHAL Main Process Logitech, Inc.
nost_LM.exe 1520 Activator Application for Nostromo Belkin Corporation
sndvol32.exe 1824 Volume Control Microsoft Corporation
firefox.exe 1140 Firefox Mozilla Corporation
foobar2000.exe 956 foobar2000 Application
procexp.exe 1152 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
uTorrent.exe 1444 µTorrent BitTorrent, Inc.

Process: uTorrent.exe Pid: 1444

Name Description Company Name Version
ACTIVEDS.dll ADs Router Layer DLL Microsoft Corporation 5.01.2600.5512
adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.01.2600.5512
ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.5512
ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0001
COMCTL32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.5512
comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.2900.5512
DnsApi.dll DNS Client API DLL Microsoft Corporation 5.01.2600.5512
eplgHooks.dll Eset Hooks DLL ESET 3.00.0642.0000
GameHook.dll Logitech Gaming Hook (UNICODE) Logitech, Inc. 4.70.0213.0000
GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.5512
hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.01.2600.5512
IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.5512
Iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.5512
kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.5512
lgscroll.dll Logitech Scroll Enabler (UNICODE) Logitech, Inc. 4.70.0213.0000
LPK.DLL Language Pack Microsoft Corporation 5.01.2600.5512
MPRAPI.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.01.2600.5512
MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.01.2600.5512
msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.01.2600.5512
MSVCR80.dll Microsoft® C Runtime Library Microsoft Corporation 8.00.50727.3053
msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.5512
mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.01.2600.5512
netapi32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.5694
nost_FSH.dll ActivatorHook eTEK Labs 3.01.0000.0818
ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.5512
NTMARTA.DLL Windows NT MARTA provider Microsoft Corporation 5.01.2600.5512
ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.5512
oleaut32.dll Microsoft Corporation 5.01.2600.5512
psapi.dll Process Status Helper Microsoft Corporation 5.01.2600.5512
rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.5512
RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.5512
rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.01.2600.5507
rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.5512
SAMLIB.dll SAM Library DLL Microsoft Corporation 5.01.2600.5512
Secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.5512
SETUPAPI.dll Windows Setup API Microsoft Corporation 5.01.2600.5512
SHELL32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.5512
shfolder.dll Shell Folder Service Microsoft Corporation 6.00.2900.5512
SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.5512
USER32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.5512
USERENV.dll Userenv Microsoft Corporation 5.01.2600.5512
USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.420.2600.5512
uTorrent.exe µTorrent BitTorrent, Inc. 1.08.0001.12639
uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.5512
WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.5512
WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.5512
WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.5512
wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.5512

As you see I have NOD32 3.0.642.0 installed but I've excluded uTorrent from the web browsers list in NOD so hopefully that's not an issue.

Link to comment
Share on other sites

I don't know how to spot problems using these logs so thanks for your patience with my questions.

The Eset stuff belongs to NOD32 (ESET is the company's name), are there problems with NOD32 3.0.642.0 and uTorrent 1.8.1, even after putting uTorrent in the NOD32 exclusion list? What makes you think there's a problem there?

nost_fsh.dll is the Belkin N52 Nostromo gamepad driver, I've run that beside various versions for uTorrent for years. What makes you say it might be a potential problem?

Link to comment
Share on other sites

If there's a place to make exceptions... use it. There really is no reason to inject into uT. And as an example, MouseImp, a program which helps pointing devices, causes uT to crash when enabled for some people.

Right now, it's about stripping off unnecessary parts to see if it is hardware or software.

Link to comment
Share on other sites

I assume the gamepad injects itself into any running application since it's designed to be used with anything (e.g. I've used it with Excel to speed up some of the complex copy/pasting I needed to do on monthly P/L statements at work). That said I don't really use it anymore so I'll uninstall it and post back if there's another crash.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...