Constant svchost.exe application errors

[Cyndee Meystel]

I have 2 computers network through a NetGear router with Earthlink DSL.
Every time I loaded IE (or anything else that access the web) both computers
get constant SVCHOST.Exe application errors. The text of the message on one
system is:
"The instruction at "0x009a96bc" referenced memory at "0x0000000". The
memory could not be "written".

On the other system it is:
"The instruction at "0x00ab96bc" referenced memory at "0x0000000". The
memory could not be "written".

Someone suggest that:
"With IE closed, right click the IE icon on the desktop and select
Properties. In the window that opens, click the Advanced tab and scroll down
to where it shows "Enable third party browser extensions (requires
restart)". Is that checked. if so, uncheck it and click Ok to close the
window."

After unchecking "enable third party browser extensions" the problem is
better and I am not getting the error when accessing the web using a link or
a favorite, but I get it when typing in an address in the address bar, and I
also see that I get this error when not accessing the web in any way, but
accessing a network place (from one computer to the other) or My Computer.

These are WindowsXP systems (one is professional and one is home) fully
patched through SP2. I just ran Ad-Aware with updated definitions and all it
found were some tracking cookies (which I've removed). I've got Norton Anti
Virus 2004 with current virus definitions and ran a full system scan on both
systems and they were clean. These systems are connected with a router and
Norton Internet Security with its firewall is also running. I have also
tried turning all of that off, but it didn't make a difference.

I have done extensive searches looking for solutions to this problem and
they all point to a worm or virus, but none of my scans show any of those.

Does anyone have any idea what else to look for and how to cure this? I am
at the end of my rope over this and don't know what to do.

Thanks.

 

[Chuck]

I have 2 computers network through a NetGear router with Earthlink DSL.
Every time I loaded IE (or anything else that access the web) both computers
get constant SVCHOST.Exe application errors. The text of the message on one
system is:
"The instruction at "0x009a96bc" referenced memory at "0x0000000". The
memory could not be "written".

On the other system it is:
"The instruction at "0x00ab96bc" referenced memory at "0x0000000". The
memory could not be "written".

Someone suggest that:
"With IE closed, right click the IE icon on the desktop and select
Properties. In the window that opens, click the Advanced tab and scroll down
to where it shows "Enable third party browser extensions (requires
restart)". Is that checked. if so, uncheck it and click Ok to close the
window."

After unchecking "enable third party browser extensions" the problem is
better and I am not getting the error when accessing the web using a link or
a favorite, but I get it when typing in an address in the address bar, and I
also see that I get this error when not accessing the web in any way, but
accessing a network place (from one computer to the other) or My Computer.

These are WindowsXP systems (one is professional and one is home) fully
patched through SP2. I just ran Ad-Aware with updated definitions and all it
found were some tracking cookies (which I've removed). I've got Norton Anti
Virus 2004 with current virus definitions and ran a full system scan on both
systems and they were clean. These systems are connected with a router and
Norton Internet Security with its firewall is also running. I have also
tried turning all of that off, but it didn't make a difference.

I have done extensive searches looking for solutions to this problem and
they all point to a worm or virus, but none of my scans show any of those.

Does anyone have any idea what else to look for and how to cure this? I am
at the end of my rope over this and don't know what to do.

Cyndee,

AdAware and Norton AntiVirus are not the only security tools that you should be
using. Some will say not even the best choices.

Try one or more of these free online virus scans, which should complement your
protection by NAV:
<http://www.bitdefender.com/scan/license.php>
<http://www.pandasoftware.com/activescan>
<http://www.ravantivirus.com/scan/>
<http://housecall.trendmicro.com/housecall/start_corp.asp>

Now check for, and learn to defend against, additional problems - adware,
crapware, spyware.

Start by downloading each of the following additional free tools:
CWShredder <http://www.majorgeeks.com/download4086.html>
CoolWWWSearch.SmartSearch (v1/v2) MiniRemoval
<http://www.majorgeeks.com/download4113.html>
HijackThis <http://www.majorgeeks.com/download.php?det=3155>
LSP-Fix and WinsockXPFix <http://www.cexx.org/lspfix.htm>
Spybot S&D <http://www.safer-networking.org/index.php?page=download>
Stinger <http://us.mcafee.com/virusInfo/default.asp?id=stinger>

Create a separate folder for HijackThis, such as C:\HijackThis - copy the
downloaded file there. Spybot S&D has an install routine - run it. The other
downloaded programs can be copied into, and run from, any convenient folder.

First, run Stinger. Have it remove any problems found.

Next, close all Internet Explorer and Outlook windows, and run
CoolWWWSearch.SmartSearchMiniRemoval, then CWShredder. Have the latter fix all
problems found.

Next, run AdAware again. First update it ("Check for updates now"), configure
for full scan (<http://www.lavahelp.com/howto/fullscan/>), then scan. When
scanning finishes, remove all Critical Objects found.

Next, run Spybot S&D. First update it ("Search for updates"), then run a scan
("Check for problems"). Trust Spybot, and delete everything ("Fix Problems")
that is displayed in Red.

Then, run HijackThis ("Scan"). Do NOT make any changes immediately. Save the
HJT Log.
<http://forums.spywareinfo.com/index.php?showtopic=227>

Finally, have your HJT log interpreted by experts at one or more of the
following security forums (and please post a link to your forum posts, here):
Aumha: <http://forum.aumha.org/index.php>
Net-Integration: <http://forums.net-integration.net/>
Spyware Info: <http://forums.spywareinfo.com/>
Spyware Warrior: <http://spywarewarrior.com/index.php>
Tom Coyote: <http://forums.tomcoyote.org/>

If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix and / or WinsockXPFIx.

Finally, improve your chances for the future.

Harden your browser. There are various websites which will check for
vulnerabilities, here are three which I use.
http://www.jasons-toolbox.com/BrowserSecurity/
http://bcheck.scanit.be/bcheck/
https://testzone.secunia.com/browser_checker/

Block Internet Explorer ActiveX scripting from hostile websites (Restricted
Zone).
<https://netfiles.uiuc.edu/ehowes/www/main.htm> (IE-SpyAd)

Block known dangerous scripts from installing.
<http://www.javacoolsoftware.com/spywareblaster.html>

Block known spyware from installing.
<http://www.javacoolsoftware.com/spywareguard.html>

Make sure that the spyware detection / protection products that you use are
reliable:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Harden your operating system. Check at least monthly for security updates.
http://windowsupdate.microsoft.com/

Block possibly dangerous websites with a Hosts file. Three Hosts file sources I
use:
http://www.accs-net.com/hosts/get_hosts.html
http://www.mvps.org/winhelp2002/hosts.htm
(The third is included, and updated, with Spybot (see above)).

Maintain your Hosts file (merge / eliminate duplicate entries) with:
eDexter <http://www.accs-net.com/hosts/get_hosts.html>
Hostess <http://accs-net.com/hostess/>

Secure your operating system, and applications. Don't use, or leave activated,
any accounts with names or passwords with trivial (guessable) values. Don't use
an account with administrative authority, except when you're intentionally doing
administrative tasks.

Use common sense. Yours. Don't install software based upon advice from unknown
sources. Don't install free software, without researching it carefully. Don't
open email unless you know who it's from, and how and why it was sent.

Educate yourself. Know what the risks are. Stay informed. Read Usenet, and
various web pages that discuss security problems. Check the logs from the other
layers regularly, look for things that don't belong, and take action when
necessary.

And Cyndee, please don't contribute to the spread and success of email address
mining viruses. Learn to munge your email address properly, to keep yourself a
bit safer when posting to open forums. Protect yourself and the rest of the
internet - read this article.
http://www.mailmsg.com/SPAM_munging.htm

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

 

[Cyndee Meystel]

Thank you Chuck.

Since I posted the message I have run Hijaak this and posted the log to that
forum, and have also run Spybot (with latest definitions) and it didn't find
anything either.

I have printed out this message and will get to work on trying everything
else. If you have any other ideas, please let me know.

 

[Chuck]

Thank you Chuck.

Since I posted the message I have run Hijaak this and posted the log to that
forum, and have also run Spybot (with latest definitions) and it didn't find
anything either.

I have printed out this message and will get to work on trying everything
else. If you have any other ideas, please let me know.

Cyndee,

Which forum did you post to? Those of us here who follow HJT log analyses (I
don't think I'm the only one) would appreciate a link to your forum posts.

HJT log analyses could take as little as a couple hours, to as much as a week,
before useful answers are seen. So be patient, but persistent. I listed 5
forums - there are others too. And posting to multiple forums is seldom
discouraged.

I'll look in my notes for some other ideas.

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

 

[Cyndee Meystel]

I posted it in the PC Troubleshooting forum. The link to it is:
http://forums.spywareinfo.com/index.php?showtopic=27628
Thanks again.

 

[Cyndee Meystel]

I have now run EVERYTHING you suggested in your post, and NOTHING was found
on either system. At someone else's suggestion, I removed WinXP SP2 on 1
system, and that seems to have cured the problem, but now, on that system,
when you type a web address in the IE address bar it takes forever to go to
the new page. Any thoughts. Thanks again.

 

[Cyndee Meystel]

Just found part of the problem. I saw an old newsgroup post with the exact
problem but no solution. I emailed the author of the post to ask if he found
a solution, and this is what he told me:
"My problem turned out to be related to the HP PSC 2510 printer
driver.Disabling the Windows Image Acquistion service fixed the problem
immediately.However you lose the ability to access a digital camera. I
reinstalled the minimal printer drivers and re-enabled WIA now everything
works OK."

Around 3 weeks ago I received a beta unit of a new HP all-in-one for
testing. I don't know why it took 3 weeks for the problem to start, but it
did. I disabled Windows Image Acquisition Service and the problem is cured.
I am awaiting word from the HP beta department as to what they want me to do
regarding the drivers.

Thanks again.

 

[Chuck]

Just found part of the problem. I saw an old newsgroup post with the exact
problem but no solution. I emailed the author of the post to ask if he found
a solution, and this is what he told me:
"My problem turned out to be related to the HP PSC 2510 printer
driver.Disabling the Windows Image Acquistion service fixed the problem
immediately.However you lose the ability to access a digital camera. I
reinstalled the minimal printer drivers and re-enabled WIA now everything
works OK."

Around 3 weeks ago I received a beta unit of a new HP all-in-one for
testing. I don't know why it took 3 weeks for the problem to start, but it
did. I disabled Windows Image Acquisition Service and the problem is cured.
I am awaiting word from the HP beta department as to what they want me to do
regarding the drivers.

Thanks again.

Thanks for the update, Cyndee.

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

 

[Cyndee Meystel]

And thanks for your help
--
Cyndee Meystel

Thanks for the update, Cyndee.

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.