Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

svchost error

Posted on 2003-05-20
16
Medium Priority
?
4,208 Views
Last Modified: 2007-12-19
I have been getting a error on my Win2k machine that reads:
"svchost.exe has generated errors and will be closed by Windows. You will need to restart the program. An error log is being created"
After the error message many windows functions are disabled, eg cut/copy/paste etc, ability to use Outlook or any MS office applications properly and the machine needs to be restarted which is a major pain when it happens more than once a day. I have tried reformating the HDD and reinstalling windows but the errors continue and I'm not sure what to do next.
The PC is part of a small LAN and the other 5 machines share the internet connection through this machine.
There seems to be no pattern as to when the error occurs, sometimes it happens once a week and sometimes 10 times a day. I'm incredibly frustrated and hope that someone has some info or advice? I can give any more info about the PC if needs be, thanks
van
0
Comment
Question by:lil_van
16 Comments
 
LVL 12

Accepted Solution

by:
pjknibbs earned 100 total points
ID: 8555880
Unfortunately SVCHOST.EXE is a "container" service which runs many other services, so you actually need to figure out which instance of SVCHOST has failed. This isn't particularly easy on Win2K--XP has a TASKLIST command which shows you all the sub-services being run by a particular instance of SVCHOST, but this command doesn't exist on Win2K. You would need to find some Win2K-compatible detailed process viewer to determine which instance of SVCHOST has crashed.
0
 
LVL 11

Expert Comment

by:ewtaylor
ID: 8556806
Check the event log and see if that sheds any light on the cause of the error.
0
 

Author Comment

by:lil_van
ID: 8561913
Thanks, I've included the error log from Dr Watson because it doesnt make much sense to me. Halfway down there is the error with the beginning "FAULT ->"

I used Ad-aware to see what processes were running before and after the error and all the processes are the same except one instance of svchost.exe. Does anyone know a way to work out what instance of svchost has crashed?

_ _ _ _ _ _ _ _  _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
name in Dr Watson:
svchost.exe c0000005 |_RpcTransServerNewConnection(77D3D4AE)
(all the errors are called this)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

Application exception occurred:
        App: svchost.exe (pid=392)
        When: 5/22/2003 @ 08:34:57.754
        Exception number: c0000005 (access violation)

*----> System Information <----*
        Computer Name: ADMIN003
        User Name: SYSTEM
        Number of Processors: 1
        Processor Type: x86 Family 6 Model 4 Stepping 2
        Windows 2000 Version: 5.0
        Current Build: 2195
        Service Pack: 3
        Current Type: Uniprocessor Free
        Registered Organization: WWtd
        Registered Owner: Acc392

*----> Task List <----*
   0 Idle.exe
   8 System.exe
 140 SMSS.exe
 164 CSRSS.exe
 184 WINLOGON.exe
 212 SERVICES.exe
 224 LSASS.exe
 392 svchost.exe
 424 spoolsv.exe
 456 svchost.exe
 480 Navapsvc.exe
 520 regsvc.exe
 572 mstask.exe
 616 WinMgmt.exe
 720 svchost.exe
 664 explorer.exe
1052 sm56hlpr.exe
 940 realsched.exe
1072 Navapw32.exe
1080 internat.exe
1100 msnmsgr.exe
1088 Kinberlink.exe
 280 DRWTSN32.exe
   0 _Total.exe

(01000000 - 01005000)
(77F80000 - 77FFB000)
(77DB0000 - 77E0D000)
(77E80000 - 77F36000)
(77D30000 - 77DA1000)
(77A50000 - 77B45000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(76190000 - 761CD000)
(78000000 - 78046000)
(77C10000 - 77C6E000)
(75030000 - 75043000)
(75020000 - 75028000)
(77BE0000 - 77BEF000)
(74FF0000 - 75002000)
(77980000 - 779A4000)
(75050000 - 75058000)
(74FD0000 - 74FED000)
(75010000 - 75017000)
(782C0000 - 782CC000)
(77340000 - 77353000)
(77520000 - 77525000)
(77320000 - 77337000)
(75150000 - 75160000)
(75170000 - 751BF000)
(751C0000 - 751C6000)
(77950000 - 7797A000)
(779B0000 - 77A4B000)
(773B0000 - 773DE000)
(77380000 - 773A2000)
(77830000 - 7783E000)
(77880000 - 7790D000)
(774E0000 - 77512000)
(774C0000 - 774D1000)
(77530000 - 77552000)
(71710000 - 71794000)
(70BD0000 - 70C35000)
(77360000 - 77379000)
(777E0000 - 777E8000)
(777F0000 - 777F5000)
(775A0000 - 77625000)
(782D0000 - 782EE000)

State Dump for Thread Id 0x184

eax=00000004 ebx=00000000 ecx=00000000 edx=00000000 esi=00000000 edi=00000048
eip=77f839eb esp=0006fc38 ebp=0006fca8 iopl=0         nv up ei pl zr na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=00000246


function: NtReadFile
        77f839e0 b8a1000000       mov     eax,0xa1
        77f839e5 8d542404         lea     edx,[esp+0x4]          ss:00aed20b=????????
        77f839e9 cd2e             int     2e
        77f839eb c22400           ret     0x24

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0006FCA8 77DB2252 00000048 0006FD80 00000216 0006FCD0 ntdll!NtReadFile
0006FCD4 77DB20F2 00000048 0006FD80 00000216 0006FD0C advapi32!StartServiceCtrlDispatcherW
0006FD50 77DB1E43 00000048 0006FD80 00000216 000748F0 advapi32!StartServiceCtrlDispatcherW
0006FFB0 0100113D 000748F0 00650076 00000072 77E9CA90 advapi32!StartServiceCtrlDispatcherW
0006FFF0 00000000 010010B8 00000000 000000C8 00000100 svchost!<nosymbols>

*----> Raw Stack Dump <----*
0006fc38  07 7f e8 77 48 00 00 00 - 00 00 00 00 00 00 00 00  ...wH...........
0006fc48  00 00 00 00 80 fc 06 00 - 80 fd 06 00 16 02 00 00  ................
0006fc58  00 00 00 00 00 00 00 00 - 0c fd 06 00 7c 7e e8 77  ............|~.w
0006fc68  80 fd 06 00 00 00 00 00 - 01 00 00 00 60 55 07 00  ............`U..
0006fc78  94 fd 06 00 00 00 00 00 - 70 00 00 00 08 49 07 00  ........p....I..
0006fc88  88 01 00 00 00 00 00 00 - 60 fc 06 00 40 fd 06 00  ........`...@...
0006fc98  40 fd 06 00 56 18 ea 77 - 38 7f e8 77 ff ff ff ff  @...V..w8..w....
0006fca8  d4 fc 06 00 52 22 db 77 - 48 00 00 00 80 fd 06 00  ....R".wH.......
0006fcb8  16 02 00 00 d0 fc 06 00 - 00 00 00 00 60 55 07 00  ............`U..
0006fcc8  80 fd 06 00 00 00 00 00 - 00 00 00 00 50 fd 06 00  ............P...
0006fcd8  f2 20 db 77 48 00 00 00 - 80 fd 06 00 16 02 00 00  . .wH...........
0006fce8  0c fd 06 00 f0 48 07 00 - 00 00 00 00 00 f0 fd 7f  .....H..........
0006fcf8  8b 96 d3 77 48 49 07 00 - 94 fd 06 00 00 00 00 00  ...wHI..........
0006fd08  3c fd 06 00 00 00 00 00 - 00 00 00 00 00 00 00 00  <...............
0006fd18  10 4f 07 00 08 49 07 00 - 80 01 00 00 70 00 65 00  .O...I......p.e.
0006fd28  32 00 00 00 01 00 00 00 - 30 24 db 77 00 00 00 00  2.......0$.w....
0006fd38  ec fc 06 00 48 49 07 00 - a0 ff 06 00 fb 19 db 77  ....HI.........w
0006fd48  40 56 db 77 ff ff ff ff - b0 ff 06 00 43 1e db 77  @V.w........C..w
0006fd58  48 00 00 00 80 fd 06 00 - 16 02 00 00 f0 48 07 00  H............H..
0006fd68  58 48 07 00 00 f0 fd 7f - 00 00 00 00 64 fd 06 00  XH..........d...

State Dump for Thread Id 0x180

eax=77b33930 ebx=00000000 ecx=77b32d78 edx=00000000 esi=77f8318c edi=0043fe88
eip=77f83197 esp=0043fe74 ebp=0043fe90 iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=00000206


function: NtDelayExecution
        77f8318c b832000000       mov     eax,0x32
        77f83191 8d542404         lea     edx,[esp+0x4]          ss:00ebd447=????????
        77f83195 cd2e             int     2e
        77f83197 c20800           ret     0x8

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0043FE90 7619F62A 0001D8A8 00000000 000006B3 00000002 ntdll!NtDelayExecution
0043FEB8 7619D8FC 00000000 00074F1C 00000000 01003000 rpcss!<nosymbols>
0043FF84 0100157B 00000001 00074F18 00000000 00074F10 rpcss!<nosymbols>
7619D74E 0000B4EC 33565300 5D8957DB 019DE8FC 358B0000 svchost!<nosymbols>

*----> Raw Stack Dump <----*
0043fe74  17 76 e8 77 00 00 00 00 - 88 fe 43 00 00 00 00 00  .v.w......C.....
0043fe84  4c 7a 24 00 80 dd e0 b7 - ff ff ff ff b8 fe 43 00  Lz$...........C.
0043fe94  2a f6 19 76 a8 d8 01 00 - 00 00 00 00 b3 06 00 00  *..v............
0043fea4  02 00 00 00 00 00 00 00 - 8c 04 00 00 8c a5 22 00  ..............".
0043feb4  ac b6 25 00 84 ff 43 00 - fc d8 19 76 00 00 00 00  ..%...C....v....
0043fec4  1c 4f 07 00 00 00 00 00 - 00 30 00 01 95 52 ed 77  .O.......0...R.w
0043fed4  a0 03 ee 77 1c 4f 07 00 - 01 00 00 00 09 0c 00 00  ...w.O..........
0043fee4  09 0c 00 00 00 00 00 00 - d0 71 07 00 60 ff 43 00  .........q..`.C.
0043fef4  02 00 00 00 1c 4f 07 00 - 00 00 00 00 c0 48 07 00  .....O.......H..
0043ff04  f0 7a 60 81 a0 d6 61 81 - 20 30 5f 81 00 4b 00 e1  .z`...a. 0_..K..
0043ff14  1b 55 45 80 00 00 00 82 - 00 00 00 02 64 ec 6c bc  .UE.........d.l.
0043ff24  04 22 49 80 88 8e 8a 81 - e0 07 54 81 80 d0 53 81  ."I.......T...S.
0043ff34  00 00 00 00 10 d2 53 81 - d0 71 07 00 46 02 00 00  ......S..q..F...
0043ff44  a4 da 42 80 10 2f 06 80 - e0 d1 53 81 80 d0 53 81  ..B../....S...S.
0043ff54  46 02 00 00 85 26 40 80 - 70 ec 6c bc 00 00 00 00  F....&@.p.l.....
0043ff64  c5 a0 e8 77 26 4f 07 00 - 01 00 00 00 80 00 00 00  ...w&O..........
0043ff74  ff ff ff ff c0 48 07 00 - ca 48 07 00 00 00 00 00  .....H...H......
0043ff84  4e d7 19 76 7b 15 00 01 - 01 00 00 00 18 4f 07 00  N..v{........O..
0043ff94  00 00 00 00 10 4f 07 00 - ec ff 43 00 10 4f 07 00  .....O....C..O..
0043ffa4  00 00 00 00 3e 24 db 77 - 01 00 00 00 18 4f 07 00  ....>$.w.....O..

State Dump for Thread Id 0x198

eax=778321fe ebx=00000004 ecx=77db0260 edx=00000000 esi=77f837a7 edi=00000004
eip=77f837b2 esp=0090fd24 ebp=0090fd70 iopl=0         nv up ei pl zr na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=00000246


function: NtWaitForMultipleObjects
        77f837a7 b8e9000000       mov     eax,0xe9
        77f837ac 8d542404         lea     edx,[esp+0x4]          ss:0138d2f7=????????
        77f837b0 cd2e             int     2e
        77f837b2 c21400           ret     0x14

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0090FD70 77E8A31D 0090FD48 00000001 00000000 00000000 ntdll!NtWaitForMultipleObjects
0090FFB4 77E887DD 00000005 00000000 000B000A 00096878 kernel32!WaitForMultipleObjects
0090FFEC 00000000 778321FE 00096878 00000000 000000C8 kernel32!GetModuleFileNameA

*----> Raw Stack Dump <----*
0090fd24  b7 7a e8 77 04 00 00 00 - 48 fd 90 00 01 00 00 00  .z.w....H.......
0090fd34  00 00 00 00 00 00 00 00 - 01 00 00 00 78 68 09 00  ............xh..
0090fd44  01 00 00 00 08 01 00 00 - 0c 01 00 00 1c 01 00 00  ................
0090fd54  70 01 00 00 00 00 00 00 - 00 6b 4a 80 00 00 00 00  p........kJ.....
0090fd64  50 f1 63 81 00 38 8b 81 - 78 59 3a e1 b4 ff 90 00  P.c..8..xY:.....
0090fd74  1d a3 e8 77 48 fd 90 00 - 01 00 00 00 00 00 00 00  ...wH...........
0090fd84  00 00 00 00 00 00 00 00 - b2 22 83 77 04 00 00 00  .........".w....
0090fd94  b0 fe 90 00 00 00 00 00 - ff ff ff ff 78 68 09 00  ............xh..
0090fda4  0a 00 0b 00 00 00 00 00 - 28 89 2a e2 2c 89 2a e2  ........(.*.,.*.
0090fdb4  e0 49 8a 81 00 00 00 00 - 01 00 00 00 38 00 00 00  .I..........8...
0090fdc4  23 00 00 00 23 00 00 00 - 00 00 00 00 0a 00 0b 00  #...#...........
0090fdd4  78 68 09 00 00 6c f8 77 - 60 02 db 77 fe 21 83 77  xh...l.w`..w.!.w
0090fde4  00 00 00 00 85 87 e8 77 - 1b 00 00 00 00 02 00 00  .......w........
0090fdf4  fc ff 90 00 23 00 00 00 - 8c 4f 45 80 80 eb 6c bc  ....#....OE...l.
0090fe04  68 86 53 81 68 86 53 81 - 40 00 00 00 24 eb 6c bc  h.S.h.S.@...$.l.
0090fe14  d0 f8 44 80 00 07 54 81 - 00 00 00 00 00 00 00 00  ..D...T.........
0090fe24  e8 f8 53 81 a6 24 49 80 - e8 f8 53 81 dc 00 00 00  ..S..$I...S.....
0090fe34  60 81 8a 81 03 00 10 00 - 68 86 53 81 60 81 8a 81  `.......h.S.`...
0090fe44  80 86 53 81 68 86 53 81 - 6c 86 53 81 e0 49 8a 81  ..S.h.S.l.S..I..
0090fe54  40 ed 6c bc 01 00 00 00 - e0 07 54 81 01 00 00 00  @.l.......T.....

State Dump for Thread Id 0x1a0

eax=00000000 ebx=00000000 ecx=000adbb8 edx=00070608 esi=000adbb8 edi=0000008f
eip=77d3d4ae esp=0095fe60 ebp=0095feac iopl=0         nv up ei pl zr na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=00000246


function: I_RpcTransServerNewConnection
        77d3d48d 74bc             jz      UuidToStringW+0x7fa (77d4be4b)
        77d3d48f e9ff4c0200       jmp     I_RpcTransDatagramFree+0x1363 (77d62193)
        77d3d494 56               push    esi
        77d3d495 8bf1             mov     esi,ecx
        77d3d497 57               push    edi
        77d3d498 837e1400         cmp   dword ptr [esi+0x14],0x0 ds:00b2b18a=????????
        77d3d49c 7534             jnz     RpcServerRegisterIfEx+0x1c9 (77d457d2)
        77d3d49e 83becc00000000   cmp   dword ptr [esi+0xcc],0x0 ds:000adc84=00000000
        77d3d4a5 0f8407480200     je      I_RpcTransDatagramFree+0xe82 (77d61cb2)
        77d3d4ab 8b4648           mov     eax,[esi+0x48]         ds:00b2b18a=????????
FAULT ->77d3d4ae 8b4028           mov     eax,[eax+0x28]         ds:00a7d5d2=????????
        77d3d4b1 f6400401         test    byte ptr [eax+0x4],0x1       ds:00a7d5d2=??
        77d3d4b5 753b             jnz     RpcServerRegisterIfEx+0x9e9 (77d45ff2)
        77d3d4b7 8b4e44           mov     ecx,[esi+0x44]         ds:00b2b18a=????????
        77d3d4ba e84f000000      call I_RpcTransServerNewConnection+0x27af (77d3d50e)
        77d3d4bf 8b7644           mov     esi,[esi+0x44]         ds:00b2b18a=????????
        77d3d4c2 837e1000         cmp   dword ptr [esi+0x10],0x0 ds:00b2b18a=????????
        77d3d4c6 7407             jz      I_RpcReceive+0x79 (77d49bcf)
        77d3d4c8 c7464401000000   mov   dword ptr [esi+0x44],0x1 ds:00b2b18a=????????
        77d3d4cf 5f               pop     edi
        77d3d4d0 5e               pop     esi
        77d3d4d1 c3               ret

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0095FEAC 77D629CB 000ADD48 00003D3D 00000000 00007530 rpcrt4!I_RpcTransServerNewConnection
0095FF10 77D3B9B0 00000000 000ADD48 00003D3D 77D4859D rpcrt4!I_RpcTransDatagramFree
0095FF74 77D48444 77D42528 00075060 00097540 53570000 rpcrt4!I_RpcTransServerNewConnection
0095FFA8 77D424DA 000979C0 0095FFEC 77E887DD 00080CA8 rpcrt4!NdrClientContextUnmarshall
0095FFB4 77E887DD 00080CA8 00097540 53570000 00080CA8 rpcrt4!NdrConformantArrayMemorySize
0095FFEC 00000000 77D424C2 00080CA8 00000000 00000000 kernel32!GetModuleFileNameA

*----> Raw Stack Dump <----*
0095fe60  8f 00 00 00 d0 d9 0a 00 - 53 26 d6 77 c0 06 00 00  ........S&.w....
0095fe70  48 dd 0a 00 b8 db 0a 00 - ed 18 d6 77 c0 06 00 00  H..........w....
0095fe80  00 00 00 00 00 00 00 00 - 48 dd 0a 00 d0 d9 0a 00  ........H.......
0095fe90  78 db 0a 00 8a 14 0b 00 - 00 00 00 00 00 00 00 00  x...............
0095fea0  00 00 00 00 00 00 00 00 - 3d 3d 00 00 10 ff 95 00  ........==......
0095feb0  cb 29 d6 77 48 dd 0a 00 - 3d 3d 00 00 00 00 00 00  .).wH...==......
0095fec0  30 75 00 00 60 50 07 00 - b2 73 e8 77 dc fe 95 00  0u..`P...s.w....
0095fed0  01 00 00 00 a1 74 d3 77 - 48 dd 0a 00 74 db 0a 00  .....t.wH...t...
0095fee0  48 db 0a 00 00 00 00 00 - 48 db 0a 00 20 ff 95 00  H.......H... ...
0095fef0  11 01 d4 77 fb 05 00 00 - 64 ff 95 00 58 ff 95 00  ...w....d...X...
0095ff00  30 75 00 00 60 50 07 00 - 00 00 00 00 00 00 00 00  0u..`P..........
0095ff10  74 ff 95 00 b0 b9 d3 77 - 00 00 00 00 48 dd 0a 00  t......w....H...
0095ff20  3d 3d 00 00 9d 85 d4 77 - 60 50 07 00 0c 00 00 00  ==.....w`P......
0095ff30  00 00 00 00 48 db 0a 00 - 3d 3d 00 00 48 dd 0a 00  ....H...==..H...
0095ff40  00 00 00 00 58 4c 07 00 - c0 79 09 00 a8 0c 08 00  ....XL...y......
0095ff50  58 00 00 00 00 00 00 00 - 3d 3d 00 00 00 00 00 00  X.......==......
0095ff60  0c 00 00 00 48 dd 0a 00 - 01 00 00 00 00 00 00 00  ....H...........
0095ff70  48 db 0a 00 a8 ff 95 00 - 44 84 d4 77 28 25 d4 77  H.......D..w(%.w
0095ff80  60 50 07 00 40 75 09 00 - 00 00 57 53 a8 0c 08 00  `P..@u....WS....
0095ff90  db 0d 43 80 e0 07 54 81 - 20 5d 53 81 ff ff ff ff  ..C...T. ]S.....

State Dump for Thread Id 0x1cc

eax=00000000 ebx=77f8316d ecx=00000101 edx=00000000 esi=00079440 edi=00000100
eip=77f83bb8 esp=009afe28 ebp=009aff74 iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=00000202


function: NtReplyWaitReceivePortEx
        77f83bad b8ac000000       mov     eax,0xac
        77f83bb2 8d542404         lea     edx,[esp+0x4]          ss:0142d3fb=????????
        77f83bb6 cd2e             int     2e
        77f83bb8 c21400           ret     0x14

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
009AFF74 77D420D9 77D425B9 00079440 00000000 00000000 ntdll!NtReplyWaitReceivePortEx
009AFFA8 77D424DA 00074CD0 009AFFEC 77E887DD 000AB7A0 rpcrt4!NdrConformantArrayMemorySize
009AFFB4 77E887DD 000AB7A0 00000000 00000000 000AB7A0 rpcrt4!NdrConformantArrayMemorySize
009AFFEC 00000000 77D424C2 000AB7A0 00000000 2B4D4F43 kernel32!GetModuleFileNameA

*----> Raw Stack Dump <----*
009afe28  85 22 d4 77 a0 00 00 00 - 54 ff 9a 00 00 00 00 00  .".w....T.......
009afe38  98 31 0a 00 58 ff 9a 00 - 58 4c 07 00 28 bf 0a 00  .1..X...XL..(...
009afe48  6d 31 f8 77 b4 6b 6a bc - 28 00 40 00 00 00 00 00  m1.w.kj.(.@.....
009afe58  a4 04 00 00 60 04 00 00 - 8e 0d 00 00 00 00 00 00  ....`...........
009afe68  02 8a 01 00 00 00 00 00 - 00 00 00 00 b4 6b 6a bc  .............kj.
009afe78  77 14 45 80 01 00 00 00 - e0 49 8a 81 01 00 00 00  w.E......I......
009afe88  00 00 00 00 00 00 00 00 - 50 03 00 00 00 00 00 00  ........P.......
009afe98  d8 02 00 00 fa 6d fd 2b - d9 02 00 00 fa 6d fd 2b  .....m.+.....m.+
009afea8  da 02 00 00 fa 6d fd 2b - db 02 00 00 fa 6d fd 2b  .....m.+.....m.+
009afeb8  dc 02 00 00 fa 6d fd 2b - dd 02 00 00 fa 6d fd 2b  .....m.+.....m.+
009afec8  de 02 00 00 fa 6d fd 2b - df 02 00 00 fa 6d fd 2b  .....m.+.....m.+
009afed8  e0 02 00 00 fa 6d fd 2b - e1 02 00 00 fa 6d fd 2b  .....m.+.....m.+
009afee8  e2 02 00 00 fa 6d fd 2b - e3 02 00 00 fa 6d fd 2b  .....m.+.....m.+
009afef8  e4 02 00 00 fa 6d fd 2b - e5 02 00 00 fa 6d fd 2b  .....m.+.....m.+
009aff08  e6 02 00 00 fa 6d fd 2b - e7 02 00 00 fa 6d fd 2b  .....m.+.....m.+
009aff18  e8 02 00 00 fa 6d fd 2b - e9 02 00 00 fa 6d fd 2b  .....m.+.....m.+
009aff28  ea 02 00 00 fa 6d fd 2b - eb 02 00 00 fa 6d fd 2b  .....m.+.....m.+
009aff38  14 00 00 00 00 00 00 00 - 46 02 00 00 a4 da 42 80  ........F.....B.
009aff48  10 2f 06 80 a0 dd 52 81 - 40 dc 52 81 06 00 2b 00  ./....R.@.R...+.
009aff58  00 a2 2f 4d ff ff ff ff - 50 fe 9a 00 ff ff ff ff  ../M....P.......

State Dump for Thread Id 0x300

eax=00000001 ebx=002b0006 ecx=009fffdc edx=00000000 esi=00079440 edi=00000100
eip=77f83bb8 esp=009ffe28 ebp=009fff74 iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=00000202


function: NtReplyWaitReceivePortEx
        77f83bad b8ac000000       mov     eax,0xac
        77f83bb2 8d542404         lea     edx,[esp+0x4]          ss:0147d3fb=????????
        77f83bb6 cd2e             int     2e
        77f83bb8 c21400           ret     0x14

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
009FFF74 77D420D9 77D425B9 00079440 00000000 00000006 ntdll!NtReplyWaitReceivePortEx
009FFFA8 77D424DA 00074CD0 009FFFEC 77E887DD 0008C3F8 rpcrt4!NdrConformantArrayMemorySize
009FFFB4 77E887DD 0008C3F8 00000000 00000006 0008C3F8 rpcrt4!NdrConformantArrayMemorySize
009FFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!GetModuleFileNameA

State Dump for Thread Id 0x348

eax=ffffffff ebx=0023e5ce ecx=000742a0 edx=00000000 esi=77f8318c edi=00a3ff88
eip=77f83197 esp=00a3ff74 ebp=00a3ff90 iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=00000206


function: NtDelayExecution
        77f8318c b832000000       mov     eax,0x32
        77f83191 8d542404         lea     edx,[esp+0x4]          ss:014bd547=????????
        77f83195 cd2e             int     2e
        77f83197 c20800           ret     0x8

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
00A3FF90 761A5902 0001B18A 00000000 77D37D12 00077DE0 ntdll!NtDelayExecution
00A3FFB4 77E887DD 00000000 77D37D12 00077DE0 00000000 rpcss!<nosymbols>
00A3FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!GetModuleFileNameA

State Dump for Thread Id 0x2fc

eax=00a7f9e4 ebx=0023e5ce ecx=00090ba8 edx=00000000 esi=77f8318c edi=00a7ff88
eip=77f83197 esp=00a7ff74 ebp=00a7ff90 iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=00000206


function: NtDelayExecution
        77f8318c b832000000       mov     eax,0x32
        77f83191 8d542404         lea     edx,[esp+0x4]          ss:014fd547=????????
        77f83195 cd2e             int     2e
        77f83197 c20800           ret     0x8

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
00A7FF90 761A5902 0001B18A 00000000 77D37D12 00077DE0 ntdll!NtDelayExecution
00A7FFB4 77E887DD 00000000 77D37D12 00077DE0 00000000 rpcss!<nosymbols>
00A7FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!GetModuleFileNameA

State Dump for Thread Id 0x45c

eax=77d424c2 ebx=00007530 ecx=00070000 edx=00000000 esi=00075060 edi=00007530
eip=77f837dc esp=00abfebc ebp=00abfee4 iopl=0         nv up ei ng nz ac po cy
cs=001b  ss=0023  ds=0023  es=0023  fs=0038  gs=0000             efl=00000297


function: ZwRemoveIoCompletion
        77f837d1 b8a8000000       mov     eax,0xa8
        77f837d6 8d542404         lea     edx,[esp+0x4]          ss:0153d48f=????????
        77f837da cd2e             int     2e
        77f837dc c21400           ret     0x14
        77f837df 53               push    ebx
        77f837e0 f7e1             mul     ecx
        77f837e2 8bd8             mov     ebx,eax
        77f837e4 8b442408         mov     eax,[esp+0x8]          ss:0153d48f=????????
        77f837e8 f7642414         mul     dword ptr [esp+0x14]   ss:0153d48f=????????
        77f837ec 03d8             add     ebx,eax
        77f837ee 8b442408         mov     eax,[esp+0x8]          ss:0153d48f=????????
        77f837f2 f7e1             mul     ecx
        77f837f4 03d3             add     edx,ebx
        77f837f6 5b               pop     ebx
        77f837f7 c21000           ret     0x10

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
00ABFEE4 77D40090 0000005C 00ABFF1C 00ABFF0C 00ABFF14 ntdll!ZwRemoveIoCompletion
00ABFF20 77D48565 00007530 00ABFF60 00ABFF5C 00ABFF70 rpcrt4!PerformRpcInitialization
00ABFF74 77D48444 77D42528 00075060 0007A038 74FE9380 rpcrt4!NdrClientContextUnmarshall
00ABFFA8 77D424DA 000A3CD8 00ABFFEC 77E887DD 000A3AA8 rpcrt4!NdrClientContextUnmarshall
00ABFFB4 77E887DD 000A3AA8 0007A038 74FE9380 000A3AA8 rpcrt4!NdrConformantArrayMemorySize
00ABFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!GetModuleFileNameA
0
Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

 
LVL 5

Expert Comment

by:cempasha
ID: 8777201
This question is still open and getting old. If any of the comment(s) above helped you please accept it as an answer or split the points who ever helped you in this question. Your attention in finalising this question is very much appreciated. Thanks in advance,

****** PLEASE DO NOT ACCEPT THIS AS AN ANSWER ********

- If you would like to close this question and have your points refunded, please post a question in community support area on http://www.experts-exchange.com/Community_Support/ giving the address of this question. Thank you    

Pasha

Cleanup Volunteer
0
 

Expert Comment

by:hilikuz
ID: 9127064
I got this problem out of the blue last night, the scvhost.exe error message first appeared when I clicked a hyperlink in Word, but soon started appearing right after logon. After the error some Windows functionality including 'cut and paste' was lost, although restarting the service contained in the event below would restore it..  until the scvhost.exe error appeared again.

The problem seems to have stopped after installing all missing critical updates.

Here is the event:

Event Type:      Error
Event Source:      Service Control Manager
Event Category:      None
Event ID:      7031
Date:            12/08/2003
Time:            11:26:36 AM
User:            N/A
Computer:      
Description:
The Remote Procedure Call (RPC) service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: No action.
0
 

Expert Comment

by:tonyc9
ID: 9127553
Guys this is very strange as two computers in my office started doing the same thing late last night out of the blue

This seems like a virus effect or some date stamped virus.
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 9127563
You need to ask your own questions. Click on "Ask a Question" which you will find on the left hand side of this page near the top.
0
 
LVL 1

Expert Comment

by:esthera
ID: 9127765
I just got the same problem.  Did anyone have success with fixing this?

0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 9127934
Yes there is fix but please ask a seperate question instead of piggy backing on someone elses question, especailly a question that has in all intent an purposes has been closed. That is how this site works.

In fact if you look at some of the questions that where asked today in the Win2000 and XP topic area's you will probably find your answer. It is a worm.
0
 

Expert Comment

by:Tcheereebee
ID: 9133887
To Setec,
I am in no way an expert. As I was getting the svchost error I was preparing myself to the task of reformatting everything and starting all over again from scratch. You saved me a lot of time and I wish to thank you for your links to the solution that solved my problem. Many thanks
0
 

Expert Comment

by:profsasquatch
ID: 9136989
To setec,
I work in a small office and 4 machines went down with the same problem yesterday.  Loaded wk2 service pack 3 and then the patch you recommended above and it seems to have sorted the problem.
Many thanks
0
 

Expert Comment

by:Emosyne
ID: 9145423
I had this problem, and now I solved it!
Try just to install the latest service pack (4, I think), and this patch
http://download.microsoft.com/download/0/1/f/01fdd40f-efc5-433d-8ad2-b4b9d42049d5/Windows2000-KB823980-x86-ENU.exe

Let me know if it works
0
 

Expert Comment

by:catapro
ID: 9163961
status: win2k IE 5.5

- after I tried to update Internet Explorer from 5.5 to 6.0, and the setup halted with an error when it was installing "System Services"; after I rebooted it continued (it skipped some files, for sure)
I wiped out the "WINNT", "Documents and Settings" and "Internet Explorer" (NOT all "Program Files" because I use 2 Windows versions) dirs and reinstalled, and still... so the bad file(s) are probably in the "Program Files"...

status: win2k IE 6, no service packs, clean WINNT dir
- IE 6 update setup was succesful, but same problem occurs

Remedy, in my case http://www.microsoft.com:
- install service pack 2
- install windows 2000 critical blaster patch

I also discovered a spyware application rb32.exe (Program Files\RapidBlaster\rb32.exe) in there, not sure if that's part of this problem
0
 

Expert Comment

by:dacaveman
ID: 9195148
i have the same problem
   svchost error
   drag and drop gone

im on win2k sp4, i recently installed the blasterworm patch from the link above
the problem still persists, svchost error, DnD gone.

im wondering why it worked for tcheereebee and profsasquatch.
0
 

Expert Comment

by:dacaveman
ID: 9196070
apparently, the only solution to this problem is to get a firewall to close port 135.
look it up at google. keywords are "RPC 135 vulnerability"
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Ranking ecommerce websites is a vital process. You need to have a strong SEO (Search Engine Optimization) strategy. If you don’t have one, you are losing out on brand impressions, clicks and sales. Check this guide on how to improve website traffic …
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …

782 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question