svchost.exe 0x10003d58 reference memory not read

[Guest]

Hi,

I am getting "svchost.exe 0x10003d58 reference memory is not read" error
during shutdown. And also following error event :

07/08/2006 Source: nview_info
Type: Error Event ID: 1

Description:

The description for Event ID (1) in Source (nview_info) cannot be found. The
local computer may not have the necessary registry information or message DLL
files to display messages from a remote computer. You may be able to use the
/AUXSOURCE= flag to retrieve this description; se Help and Support for
details. The following information is part of the event: NVIEW : rundll32:
WAIT_TIMEOUT : (process 0x6e8) (thread 0x6ec) (wait 0x2) (pwait 0x1)


------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:08:53 AM, on 07/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Dit.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG Free\avgcc.exe
C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\KillWin\KillWin.exe
C:\Program Files\Java\j2re1.4.2_12\bin\jusched.exe
C:\WINDOWS\system32\mHotkey.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\CNYHKey.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\OO Software\CleverCache\ooccctrl.exe
C:\PROGRA~1\Nero\Nero PhotoShow 4\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\OO Software\CleverCache\ooccag.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WhatsRunning\WhatsRunning.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ca/ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.medionusa.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ca/ig
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O1 - Hosts: 127.0.0.2 clients.babylon.co.il
O1 - Hosts: 127.0.0.4 clients.babylon.co.il
O1 - Hosts: 127.0.0.5 clients.babylon.co.il
O1 - Hosts: 127.0.0.6 clients.babylon.co.il
O1 - Hosts: 127.0.0.7 clients.babylon.co.il
O1 - Hosts: 127.0.0.8 clients.babylon.co.il
O1 - Hosts: 127.0.0.9 clients.babylon.co.il
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} -
C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Google Web Accelerator Helper -
{69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web
Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Google Web Accelerator -
{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web
Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG Free\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] "C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [Kill Win] C:\KillWin\KillWin.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE"
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\j2re1.4.2_12\bin\jusched.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop
Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [XoftSpySE] C:\Program Files\XoftSpySE\xoftspy.exe -s
O4 - HKLM\..\Run: [ooccctrl.exe] C:\Program Files\OO
Software\CleverCache\ooccctrl.exe /tasktray
O4 - HKLM\..\Run: [MSConfig]
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\Nero
PhotoShow 4\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat
7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [WeatherEye] "C:\Program
Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash
/minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program
Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program
files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add to &Windows Live Favorites -
http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: EasyRead + - C:\Program Files\Easy
Read\ZoomIn.js
O8 - Extra context menu item: EasyRead - - C:\Program Files\Easy
Read\ZoomOut.js
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Snip to my eSnips account - C:\Program
Files\eSnips\res\SnipIt.htm
O8 - Extra context menu item: Translate Page into English - res://c:\program
files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Zoom In - {A0E6D3BD-A661-447D-8634-0751467857F3} -
C:\Program Files\Easy Read\ZoomIn.js
O9 - Extra button: Zoom Out - {AEBB571B-4C48-438D-808D-999F168CDECE} -
C:\Program Files\Easy Read\ZoomOut.js
O9 - Extra button: Favorites Search - {FF925300-80E6-11D4-A15B-FFF9086C1A3C}
- C:\PROGRA~1\DzSoft\Favorites Search\FavSeek.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.medionusa.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd -
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s.
- C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program
Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service
(LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common
Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software
GmbH - C:\Program Files\OO Software\CleverCache\ooccag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

If you give me an idea I'll appreciate

regards,

Erim

 

[OLDGREYWIZARD]

Erim,

I have the same problem. I have found out that it might be related to a
windows update autoinstall failure. The solution I found which seems to
work for some people is :

"I just resolved my issue by turning off automatic updates, reboot,
then manually going to windows updates and installing the updates,
turing on automatic updates, reboot.

It seems that code has to do with some sort of Pentium program error
detection. I would assume that my machine failed to autoinstall an
update and this error was the result...please try and I hope this helps
you out."

I hope this works for you.

Unfortunately the error prevents me from starting up the machine to
turn off the updates.
I've tried SAFE mode.

Any suggestions anyone?

Thanks

OLDGREYWIZARD