Solved

Windows Error svchost.exe every time computer starts

Posted on 2008-06-18
4
5,617 Views
Last Modified: 2013-12-06
Every time this computer starts I get a svchost error, if I ignore it and continue working there seems to be no problem but if I choose to send the problem to Microsoft the computer restarts itself after 60 seconds.

I recently ran AVG, Adaware, Spybot and had several files with viruses and problems but it seems that I have cleared these up. Could the error be an underlying issue caused by this activity?

I have extracted the following DR Watson Logs and also run Hijackthis (logs below).

[DR Watson]
Application exception occurred:
        App: C:\WINDOWS\system32\svchost.exe (pid=1144)
        When: 6/13/2008 @ 15:58:47.781
        Exception number: c0000005 (access violation)

*----> System Information <----*
        Computer Name:
        User Name:
        Terminal Session Id: 0
        Number of Processors: 1
        Processor Type: x86 Family 15 Model 79 Stepping 2
        Windows Version: 5.1
        Current Build: 2600
        Service Pack: 3
        Current Type: Uniprocessor Free
        Registered Organization:
        Registered Owner:  

*----> Task List <----*
   0 System Process
   4 System
 776 smss.exe
 864 csrss.exe
 892 winlogon.exe
 960 services.exe
 972 lsass.exe
1116 Ati2evxx.exe
1144 svchost.exe
1220 svchost.exe
1260 MsMpEng.exe
1300 svchost.exe
1400 Ati2evxx.exe
1452 svchost.exe
1588 svchost.exe
1724 wltrysvc.exe
1736 bcmwltry.exe
1744 aawservice.exe
1932 spoolsv.exe
 160 avgwdsvc.exe
 408 MDM.EXE
 456 svchost.exe
 544 Explorer.EXE
 260 MSASCui.exe
1460 bcmntray.exe
1480 Scheduler.exe
1568 avgtray.exe
1652 ctfmon.exe
 816 msmsgs.exe
2368 avgrsx.exe
3680 avgemc.exe
4024 wscntfy.exe
4088 alg.exe
3848 Error 0x8007012B
2612 drwtsn32.exe

*----> Module List <----*
(0000000000670000 - 0000000000935000: C:\WINDOWS\system32\xpsp2res.dll
(0000000001000000 - 0000000001006000: C:\WINDOWS\system32\svchost.exe
(000000005ad70000 - 000000005ada8000: C:\WINDOWS\system32\UxTheme.dll
(000000005b860000 - 000000005b8b5000: C:\WINDOWS\system32\NETAPI32.dll
(000000005cb70000 - 000000005cb96000: C:\WINDOWS\system32\ShimEng.dll
(000000005d090000 - 000000005d12a000: C:\WINDOWS\system32\comctl32.dll
(00000000662b0000 - 0000000066308000: C:\WINDOWS\system32\hnetcfg.dll
(0000000068000000 - 0000000068036000: C:\WINDOWS\system32\rsaenh.dll
(000000006f880000 - 000000006fa4a000: C:\WINDOWS\AppPatch\AcGenral.DLL
(0000000071a50000 - 0000000071a8f000: C:\WINDOWS\system32\mswsock.dll
(0000000071a90000 - 0000000071a98000: C:\WINDOWS\System32\wshtcpip.dll
(0000000071aa0000 - 0000000071aa8000: c:\windows\system32\WS2HELP.dll
(0000000071ab0000 - 0000000071ac7000: c:\windows\system32\WS2_32.dll
(0000000071ad0000 - 0000000071ad9000: C:\WINDOWS\system32\WSOCK32.dll
(0000000071bf0000 - 0000000071c03000: C:\WINDOWS\system32\SAMLIB.dll
(0000000074f70000 - 0000000074f76000: c:\windows\system32\ICAAPI.dll
(0000000075110000 - 000000007512f000: c:\windows\system32\mstlsapi.dll
(00000000760f0000 - 0000000076143000: c:\windows\system32\termsrv.dll
(0000000076360000 - 0000000076370000: C:\WINDOWS\system32\WINSTA.dll
(0000000076390000 - 00000000763ad000: C:\WINDOWS\system32\IMM32.DLL
(00000000769c0000 - 0000000076a74000: C:\WINDOWS\system32\USERENV.dll
(0000000076a80000 - 0000000076ae4000: c:\windows\system32\rpcss.dll
(0000000076b20000 - 0000000076b31000: c:\windows\system32\ATL.DLL
(0000000076b40000 - 0000000076b6d000: C:\WINDOWS\system32\WINMM.dll
(0000000076bc0000 - 0000000076bcf000: C:\WINDOWS\system32\REGAPI.dll
(0000000076c30000 - 0000000076c5e000: C:\WINDOWS\system32\WINTRUST.dll
(0000000076c90000 - 0000000076cb8000: C:\WINDOWS\system32\IMAGEHLP.dll
(0000000076d60000 - 0000000076d79000: C:\WINDOWS\system32\iphlpapi.dll
(0000000076e10000 - 0000000076e35000: c:\windows\system32\adsldpc.dll
(0000000076f50000 - 0000000076f58000: C:\WINDOWS\system32\WTSAPI32.dll
(0000000076f60000 - 0000000076f8c000: C:\WINDOWS\system32\WLDAP32.dll
(0000000076fd0000 - 000000007704f000: C:\WINDOWS\system32\CLBCATQ.DLL
(0000000077050000 - 0000000077115000: C:\WINDOWS\system32\COMRes.dll
(0000000077120000 - 00000000771ab000: C:\WINDOWS\system32\OLEAUT32.dll
(00000000773d0000 - 00000000774d3000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
(00000000774e0000 - 000000007761d000: C:\WINDOWS\system32\ole32.dll
(0000000077690000 - 00000000776b1000: C:\WINDOWS\system32\NTMARTA.DLL
(00000000776c0000 - 00000000776d2000: c:\windows\system32\AUTHZ.dll
(0000000077920000 - 0000000077a13000: c:\windows\system32\SETUPAPI.dll
(0000000077a80000 - 0000000077b15000: C:\WINDOWS\system32\CRYPT32.dll
(0000000077b20000 - 0000000077b32000: C:\WINDOWS\system32\MSASN1.dll
(0000000077b40000 - 0000000077b62000: C:\WINDOWS\system32\Apphelp.dll
(0000000077be0000 - 0000000077bf5000: C:\WINDOWS\system32\MSACM32.dll
(0000000077c00000 - 0000000077c08000: C:\WINDOWS\system32\VERSION.dll
(0000000077c10000 - 0000000077c68000: C:\WINDOWS\system32\msvcrt.dll
(0000000077c70000 - 0000000077c94000: C:\WINDOWS\system32\msv1_0.dll
(0000000077cc0000 - 0000000077cf2000: c:\windows\system32\ACTIVEDS.dll
(0000000077dd0000 - 0000000077e6b000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e70000 - 0000000077f02000: C:\WINDOWS\system32\RPCRT4.dll
(0000000077f10000 - 0000000077f59000: C:\WINDOWS\system32\GDI32.dll
(0000000077f60000 - 0000000077fd6000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000077fe0000 - 0000000077ff1000: C:\WINDOWS\system32\Secur32.dll
(000000007c800000 - 000000007c8f6000: C:\WINDOWS\system32\kernel32.dll
(000000007c900000 - 000000007c9af000: C:\WINDOWS\system32\ntdll.dll
(000000007c9c0000 - 000000007d1d7000: C:\WINDOWS\system32\SHELL32.dll
(000000007e410000 - 000000007e4a1000: C:\WINDOWS\system32\USER32.dll

*----> State Dump for Thread Id 0x47c <----*

eax=0007fcc4 ebx=00000000 ecx=77de6f7e edx=00010000 esi=00000000 edi=000000bc
eip=7c90e4f4 esp=0007fc48 ebp=0007fcb0 iopl=0         nv up ei pl zr na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll -
function: ntdll!KiFastSystemCallRet
        7c90e4da e829000000       call    ntdll!RtlRaiseException (7c90e508)
        7c90e4df 8b0424           mov     eax,[esp]
        7c90e4e2 8be5             mov     esp,ebp
        7c90e4e4 5d               pop     ebp
        7c90e4e5 c3               ret
        7c90e4e6 8da42400000000   lea     esp,[esp]
        7c90e4ed 8d4900           lea     ecx,[ecx]
        ntdll!KiFastSystemCall:
        7c90e4f0 8bd4             mov     edx,esp
        7c90e4f2 0f34             sysenter
        ntdll!KiFastSystemCallRet:
        7c90e4f4 c3               ret
        7c90e4f5 8da42400000000   lea     esp,[esp]
        7c90e4fc 8d642400         lea     esp,[esp]
        ntdll!KiIntSystemCall:
        7c90e500 8d542408         lea     edx,[esp+0x8]
        7c90e504 cd2e             int     2e
        7c90e506 c3               ret
        7c90e507 90               nop
        ntdll!RtlRaiseException:
        7c90e508 55               push    ebp
        7c90e509 8bec             mov     ebp,esp

[Hijackthis]
Logfile of HijackThis v1.99.1
Scan saved at 18:53:19, on 17/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\bcmntray.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dwwin.exe
C:\DOCUME~1\ROWLES~1\LOCALS~1\Temp\{486CA677-9889-4768-8C32-746037298377}\HomeDecryptionUtilityVV.exe
C:\Program Files\Internet Explorer\iexplore.exe
Z:\Utilities\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rowlesfineart.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189527958625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211395081562
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WinNt32 - WinNt32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
0
Comment
Question by:jones_rcj
  • 2
4 Comments
 
LVL 6

Accepted Solution

by:
Jk387 earned 50 total points
ID: 21812770
I would first make sure you didn't have the svchost.exe virus.  Go to control panel... administrative tools... services.  Make sure nothing is called svchost in the services list.  If it's not there then you most likely either didn't have it or you cleaned it.  If youa re still getting these errors after clearing out the viruses you are were talking about.  You may just want to run a quick system restore to a point earlier than the problem existed.  If that doesn't work or you cannot do it.  I would run a repair from your windows disc.  A lot of people don't like to do that sort of thing as a first step in troubleshooting something like this but I feel it's the quickest way to know that your system files are rebuilt and completely intact rather then playing around with other ideas first only to find out that you need to repair your system.
0
 
LVL 23

Assisted Solution

by:Admin3k
Admin3k earned 50 total points
ID: 21838728
those entries in the HJT log look bad

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\

O20 - Winlogon Notify: WinNt32 - WinNt32.dll (file missing)

Hijack this may not be able to remove them

so you should consider manually deleting them from the registry.

those are under the below key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

sometimes the report provided by microsoft does contain the fix or at least a pointer to the solution

if after SVCHOST.exe failure, a countdown prompt is displayed and as you say the computer is shutdown in 60 seconds , follow these steps before the computer reboots

start>run

type  shutdown -a

this should stop the countdown and allows you to further investigate the problem.

0
 

Author Comment

by:jones_rcj
ID: 21873321
Thanks for your comments, I will try a repair this week and see how it goes, I'll also recheck the hijackthis issues once the rebuild has completed.
0
 

Author Closing Comment

by:jones_rcj
ID: 31468258
Neither solution fixed the initial problem but both were helpful in taking action to resolving it. I ended up rebuilding the PC and restoring the profile. 50 points each for your advice. Cheers.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now