Windows Error svchost.exe every time computer starts

Posted on 2008-06-18
Last Modified: 2013-12-06
Every time this computer starts I get a svchost error, if I ignore it and continue working there seems to be no problem but if I choose to send the problem to Microsoft the computer restarts itself after 60 seconds.

I recently ran AVG, Adaware, Spybot and had several files with viruses and problems but it seems that I have cleared these up. Could the error be an underlying issue caused by this activity?

I have extracted the following DR Watson Logs and also run Hijackthis (logs below).

[DR Watson]
Application exception occurred:
        App: C:\WINDOWS\system32\svchost.exe (pid=1144)
        When: 6/13/2008 @ 15:58:47.781
        Exception number: c0000005 (access violation)

*----> System Information <----*
        Computer Name:
        User Name:
        Terminal Session Id: 0
        Number of Processors: 1
        Processor Type: x86 Family 15 Model 79 Stepping 2
        Windows Version: 5.1
        Current Build: 2600
        Service Pack: 3
        Current Type: Uniprocessor Free
        Registered Organization:
        Registered Owner:  

*----> Task List <----*
   0 System Process
   4 System
 776 smss.exe
 864 csrss.exe
 892 winlogon.exe
 960 services.exe
 972 lsass.exe
1116 Ati2evxx.exe
1144 svchost.exe
1220 svchost.exe
1260 MsMpEng.exe
1300 svchost.exe
1400 Ati2evxx.exe
1452 svchost.exe
1588 svchost.exe
1724 wltrysvc.exe
1736 bcmwltry.exe
1744 aawservice.exe
1932 spoolsv.exe
 160 avgwdsvc.exe
 408 MDM.EXE
 456 svchost.exe
 544 Explorer.EXE
 260 MSASCui.exe
1460 bcmntray.exe
1480 Scheduler.exe
1568 avgtray.exe
1652 ctfmon.exe
 816 msmsgs.exe
2368 avgrsx.exe
3680 avgemc.exe
4024 wscntfy.exe
4088 alg.exe
3848 Error 0x8007012B
2612 drwtsn32.exe

*----> Module List <----*
(0000000000670000 - 0000000000935000: C:\WINDOWS\system32\xpsp2res.dll
(0000000001000000 - 0000000001006000: C:\WINDOWS\system32\svchost.exe
(000000005ad70000 - 000000005ada8000: C:\WINDOWS\system32\UxTheme.dll
(000000005b860000 - 000000005b8b5000: C:\WINDOWS\system32\NETAPI32.dll
(000000005cb70000 - 000000005cb96000: C:\WINDOWS\system32\ShimEng.dll
(000000005d090000 - 000000005d12a000: C:\WINDOWS\system32\comctl32.dll
(00000000662b0000 - 0000000066308000: C:\WINDOWS\system32\hnetcfg.dll
(0000000068000000 - 0000000068036000: C:\WINDOWS\system32\rsaenh.dll
(000000006f880000 - 000000006fa4a000: C:\WINDOWS\AppPatch\AcGenral.DLL
(0000000071a50000 - 0000000071a8f000: C:\WINDOWS\system32\mswsock.dll
(0000000071a90000 - 0000000071a98000: C:\WINDOWS\System32\wshtcpip.dll
(0000000071aa0000 - 0000000071aa8000: c:\windows\system32\WS2HELP.dll
(0000000071ab0000 - 0000000071ac7000: c:\windows\system32\WS2_32.dll
(0000000071ad0000 - 0000000071ad9000: C:\WINDOWS\system32\WSOCK32.dll
(0000000071bf0000 - 0000000071c03000: C:\WINDOWS\system32\SAMLIB.dll
(0000000074f70000 - 0000000074f76000: c:\windows\system32\ICAAPI.dll
(0000000075110000 - 000000007512f000: c:\windows\system32\mstlsapi.dll
(00000000760f0000 - 0000000076143000: c:\windows\system32\termsrv.dll
(0000000076360000 - 0000000076370000: C:\WINDOWS\system32\WINSTA.dll
(0000000076390000 - 00000000763ad000: C:\WINDOWS\system32\IMM32.DLL
(00000000769c0000 - 0000000076a74000: C:\WINDOWS\system32\USERENV.dll
(0000000076a80000 - 0000000076ae4000: c:\windows\system32\rpcss.dll
(0000000076b20000 - 0000000076b31000: c:\windows\system32\ATL.DLL
(0000000076b40000 - 0000000076b6d000: C:\WINDOWS\system32\WINMM.dll
(0000000076bc0000 - 0000000076bcf000: C:\WINDOWS\system32\REGAPI.dll
(0000000076c30000 - 0000000076c5e000: C:\WINDOWS\system32\WINTRUST.dll
(0000000076c90000 - 0000000076cb8000: C:\WINDOWS\system32\IMAGEHLP.dll
(0000000076d60000 - 0000000076d79000: C:\WINDOWS\system32\iphlpapi.dll
(0000000076e10000 - 0000000076e35000: c:\windows\system32\adsldpc.dll
(0000000076f50000 - 0000000076f58000: C:\WINDOWS\system32\WTSAPI32.dll
(0000000076f60000 - 0000000076f8c000: C:\WINDOWS\system32\WLDAP32.dll
(0000000076fd0000 - 000000007704f000: C:\WINDOWS\system32\CLBCATQ.DLL
(0000000077050000 - 0000000077115000: C:\WINDOWS\system32\COMRes.dll
(0000000077120000 - 00000000771ab000: C:\WINDOWS\system32\OLEAUT32.dll
(00000000773d0000 - 00000000774d3000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
(00000000774e0000 - 000000007761d000: C:\WINDOWS\system32\ole32.dll
(0000000077690000 - 00000000776b1000: C:\WINDOWS\system32\NTMARTA.DLL
(00000000776c0000 - 00000000776d2000: c:\windows\system32\AUTHZ.dll
(0000000077920000 - 0000000077a13000: c:\windows\system32\SETUPAPI.dll
(0000000077a80000 - 0000000077b15000: C:\WINDOWS\system32\CRYPT32.dll
(0000000077b20000 - 0000000077b32000: C:\WINDOWS\system32\MSASN1.dll
(0000000077b40000 - 0000000077b62000: C:\WINDOWS\system32\Apphelp.dll
(0000000077be0000 - 0000000077bf5000: C:\WINDOWS\system32\MSACM32.dll
(0000000077c00000 - 0000000077c08000: C:\WINDOWS\system32\VERSION.dll
(0000000077c10000 - 0000000077c68000: C:\WINDOWS\system32\msvcrt.dll
(0000000077c70000 - 0000000077c94000: C:\WINDOWS\system32\msv1_0.dll
(0000000077cc0000 - 0000000077cf2000: c:\windows\system32\ACTIVEDS.dll
(0000000077dd0000 - 0000000077e6b000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e70000 - 0000000077f02000: C:\WINDOWS\system32\RPCRT4.dll
(0000000077f10000 - 0000000077f59000: C:\WINDOWS\system32\GDI32.dll
(0000000077f60000 - 0000000077fd6000: C:\WINDOWS\system32\SHLWAPI.dll
(0000000077fe0000 - 0000000077ff1000: C:\WINDOWS\system32\Secur32.dll
(000000007c800000 - 000000007c8f6000: C:\WINDOWS\system32\kernel32.dll
(000000007c900000 - 000000007c9af000: C:\WINDOWS\system32\ntdll.dll
(000000007c9c0000 - 000000007d1d7000: C:\WINDOWS\system32\SHELL32.dll
(000000007e410000 - 000000007e4a1000: C:\WINDOWS\system32\USER32.dll

*----> State Dump for Thread Id 0x47c <----*

eax=0007fcc4 ebx=00000000 ecx=77de6f7e edx=00010000 esi=00000000 edi=000000bc
eip=7c90e4f4 esp=0007fc48 ebp=0007fcb0 iopl=0         nv up ei pl zr na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll -
function: ntdll!KiFastSystemCallRet
        7c90e4da e829000000       call    ntdll!RtlRaiseException (7c90e508)
        7c90e4df 8b0424           mov     eax,[esp]
        7c90e4e2 8be5             mov     esp,ebp
        7c90e4e4 5d               pop     ebp
        7c90e4e5 c3               ret
        7c90e4e6 8da42400000000   lea     esp,[esp]
        7c90e4ed 8d4900           lea     ecx,[ecx]
        7c90e4f0 8bd4             mov     edx,esp
        7c90e4f2 0f34             sysenter
        7c90e4f4 c3               ret
        7c90e4f5 8da42400000000   lea     esp,[esp]
        7c90e4fc 8d642400         lea     esp,[esp]
        7c90e500 8d542408         lea     edx,[esp+0x8]
        7c90e504 cd2e             int     2e
        7c90e506 c3               ret
        7c90e507 90               nop
        7c90e508 55               push    ebp
        7c90e509 8bec             mov     ebp,esp

Logfile of HijackThis v1.99.1
Scan saved at 18:53:19, on 17/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
Z:\Utilities\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WinNt32 - WinNt32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
Question by:jones_rcj
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2

Accepted Solution

Jk387 earned 50 total points
ID: 21812770
I would first make sure you didn't have the svchost.exe virus.  Go to control panel... administrative tools... services.  Make sure nothing is called svchost in the services list.  If it's not there then you most likely either didn't have it or you cleaned it.  If youa re still getting these errors after clearing out the viruses you are were talking about.  You may just want to run a quick system restore to a point earlier than the problem existed.  If that doesn't work or you cannot do it.  I would run a repair from your windows disc.  A lot of people don't like to do that sort of thing as a first step in troubleshooting something like this but I feel it's the quickest way to know that your system files are rebuilt and completely intact rather then playing around with other ideas first only to find out that you need to repair your system.
LVL 23

Assisted Solution

by:Mohamed Osama
Mohamed Osama earned 50 total points
ID: 21838728
those entries in the HJT log look bad

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\

O20 - Winlogon Notify: WinNt32 - WinNt32.dll (file missing)

Hijack this may not be able to remove them

so you should consider manually deleting them from the registry.

those are under the below key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

sometimes the report provided by microsoft does contain the fix or at least a pointer to the solution

if after SVCHOST.exe failure, a countdown prompt is displayed and as you say the computer is shutdown in 60 seconds , follow these steps before the computer reboots


type  shutdown -a

this should stop the countdown and allows you to further investigate the problem.


Author Comment

ID: 21873321
Thanks for your comments, I will try a repair this week and see how it goes, I'll also recheck the hijackthis issues once the rebuild has completed.

Author Closing Comment

ID: 31468258
Neither solution fixed the initial problem but both were helpful in taking action to resolving it. I ended up rebuilding the PC and restoring the profile. 50 points each for your advice. Cheers.

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
In this post we will be converting StringData saved within a text file into a hash table. This can be further used in a PowerShell script for replacing settings that are dynamic in nature from environment to environment.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question