Re: Recurring application error - svchost.exe



"PaulE" <peverett@xxxxxxxxxxxxxx> wrote in message
news:%23kUHrav7HHA.4880@xxxxxxxxxxxxxxxxxxxxxxx
I am running XP Pro SP2 and fully updated on a Dell 670 Workstation.

Once or twice a day I get a pop-up error message (event log entry below):

***********

Event Type: Information
Event Source: Application Popup
Event Category: None
Event ID: 26
Date: 04/09/2007
Time: 9:03:23 AM
User: N/A
Computer: ******
Description:
Application popup: svchost.exe - Application Error : The instruction
at "0x00000000" referenced
memory at "0x00000000". The memory could not be "written".

Click on OK to terminate the program
Click on CANCEL to debug the program

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

********

The DrWatson report includes:

Application exception occurred:
App: C:\WINDOWS\System32\svchost.exe (pid=1180)
When: 04/09/2007 @ 09:03:32.109
Exception number: c0000005 (access violation)

*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export
symbols for
C:\WINDOWS\system32\ADVAPI32.dll -
WARNING: Stack unwind information not available. Following frames
may be wrong.
*** ERROR: Module load completed but symbols could not be loaded
for
C:\WINDOWS\System32\svchost.exe
ChildEBP RetAddr Args to Child


I have run CHKDSK numerous times, I have run the System
Tests/Diagnostics, I have checked my drivers for updates. I have yet to
be able to narrow down the cause of this problem. I use up-to-date
Kaspersky AV and have maintained and updated for more than a year the MVP
HOSTS file and SpywareBlaster. I also run and Lavasoft Adaware Pro and
Spybot at least weekly. It is not likely that I have picked up something
on-line as I am not an adventurous web surfer.

Can someone here please give me some ideas on how to trace the cause of
this?

TIA,

Paul

"JS" <@> wrote in message news:uC$kK8v7HHA.748@xxxxxxxxxxxxxxxxxxxxxxx
May or may not help but...
To find out more about Svchost.exe entries try Process Explorer:
http://www.microsoft.com/technet/sysinternals/SystemInformation/ProcessExplorer.mspx

Once you have Process Explorer installed and running:
In the taskbar select View and check 'Show Process Tree' and 'Show Lower
Pane' options.
The PID column should be displayed in the right hand side of the window.
Next click/Expand the Svchost.exe process that you are interested in.
If you hold the mouse cursor over each Svchost entry you should get a pop
up with more info.
Next highlight one of the process listed under Svchost, right click and
from the options listed select: Search Online
This should display what out there on the web about that process.

JS

"PaulE" wrote:

Thank you. I will give this a try over the next 24 hours (as that will
definitely see the error occur) and see if this helps me to establish what
the culprit is. I will post back any findings.

Adding to JS good advice, you need to make sure the Machine is clean, I read
your post, I thought may be a memory or a plug-ins can cause your issue or a
bad driver for a hardware may corrupt or damaged, but when I proceeded to
ADVAPI32.dll something seems fishy here??.
Read here for the list of start up and running processes:
http://www.blackviper.com/WinXP/servicecfg.htm
go through these cleaning steps to see or get a clear opinion on how
clean your machine is:
= Click Start >> Control Panel>>Network and Internet Connections >> Double
click Internet Options.
On the IE properties windows you will see these Tabs:
General | Security | Privacy | Content | Connections | Programs |
Advanced.
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
[ ] Disable script Debugging (internet Explorer) <= check this box
[ ] Disable Script Debugging (Other) <= check this box

Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.

2.... And also for malware from here:
http://onecare.live.com/site/en-gb/default.htm?s_cid=sah
http://onecare.live.com/standard/en-gb/default.htm
http://www.lavasoft.com/products/ad-aware_se_personal.php
http://www.safer-networking.org ; for Spybot S&D

Run a scan from here on-line:
http://www.sophos.com
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym
Download Avast Cleaner from here:
http://www.avast.com/eng/avast-virus-cleaner.html
Lots of tools to download and disinfect your machine:
http://www.bitdefender.co.uk/site/Downloads/browseFreeRemovalTool/
http://free.grisoft.com/doc/5390/lng/us/tpl/v5
=How to perform a clean boot procedure to prevent background programs from
interfering with a game or a program that you currently use
http://support.microsoft.com/kb/331796

3... You may have a bad RAM try to test your RAM by running Memory test by
downloading this tool and unzip it and make a floppy or CD/DVD and run it on
Reboot.
http://oca.microsoft.com/en/windiag.asp.
You may need to reposition/reset the RAM sticks in their slots.

Download the Hijackthis and send the report to one of
many
forums for analysis and troubleshooting:
When all else fails, HijackThis v2.0.2
(http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php) is
the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to:
http://www.spywareinfo.com/~merijn/downloads.html
http://www.bleepingcomputer.com/tutorials/tutorial42.html
http://www.bleepingcomputer.com/forums/
http://www.webuser.co.uk/forums/postlist.php/Cat/0/Board/hijackthis
http://forums.whatthetech.com/forums.html
http://www.security-forums.com/viewforum.php?f=48
http://www.virusvault.co.uk/fusionbb/showforum.php?fid/15/
http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7
http://www.lavasoftsupport.com/index.php?showforum=36
http://forums.techguy.org/54-malware-removal-hijackthis-logs/
Or other appropriate
forums for expert analysis, not here.
HTH.
nass
-----
www.nasstec.co.uk
.