Frequent svchost.exe errors, same instruction address each time

D

Dave

I'm getting frequent (every 2-3 min) svchost.exe errors: same instruction
address is trying to access memory at 0x00000000. Is there a way to see what
program is trying to do this? McAfee quarantined something and this started
happening so I figure it's some sort of virus. Anyway to get rid of it
without re-install?

Thanks
 
G

Gerry

Dave

Please post copies of all Error and Warning Reports appearing in the
System and Application logs in Event Viewer relating to the last boot in
normal mode . No Information Reports or Duplicates please. Indicate
which also appear in a previous boot.

You can access Event Viewer by selecting Start, Control Panel,
Administrative Tools, and Event Viewer. When researching the meaning
of the error, information regarding Event ID, Source and Description
are important.

A tip for posting copies of Error Reports! Run Event Viewer and double
click on the error you want to copy. In the window, which appears is a
button resembling two pages. Click the button and close Event
Viewer.Now start your message (email) and do a paste into the body of
the message. Make sure this is the first paste after exiting from
Event Viewer.

--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
 
P

PA Bear [MS MVP]

Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/kb/827315

Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in
conjuction with some other utilities). HijackThis will NOT fix anything on
its own, but it will help you to both identify and remove any
hijackware/spyware with assistance from an expert. **Post your log to
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://aumha.net/viewforum.php?f=30, or another appropriate forum for review
by an expert in such matters, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
 
D

Dave

I cleared the logs before restart and there are 2 errors in application and 3
in system after starting up. It takes forever to start, and, about a minute
after this last application event, i get about 10 more every 3 seconds.
During these errors, I also get Data Prevention Execution errors. Then,
whenever I start a Windows Explorer window, I get another occurrence.

Application Events (first is first error in time after boot):

Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 9/30/2008
Time: 6:45:35 PM
User: N/A
Computer: 62GF7F1
Description:
Faulting application svchost.exe, version 5.1.2600.5512, faulting module
unknown, version 0.0.0.0, fault address 0x00de9eec.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 73 76 63 ure svc
0018: 68 6f 73 74 2e 65 78 65 host.exe
0020: 20 35 2e 31 2e 32 36 30 5.1.260
0028: 30 2e 35 35 31 32 20 69 0.5512 i
0030: 6e 20 75 6e 6b 6e 6f 77 n unknow
0038: 6e 20 30 2e 30 2e 30 2e n 0.0.0.
0040: 30 20 61 74 20 6f 66 66 0 at off
0048: 73 65 74 20 30 30 64 65 set 00de
0050: 39 65 65 63 9eec

Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1004
Date: 9/30/2008
Time: 6:46:39 PM
User: N/A
Computer: 62GF7F1
Description:
Faulting application svchost.exe, version 5.1.2600.5512, faulting module
unknown, version 0.0.0.0, fault address 0x00de9eec.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 73 76 63 ure svc
0018: 68 6f 73 74 2e 65 78 65 host.exe
0020: 20 35 2e 31 2e 32 36 30 5.1.260
0028: 30 2e 35 35 31 32 20 69 0.5512 i
0030: 6e 20 75 6e 6b 6e 6f 77 n unknow
0038: 6e 20 30 2e 30 2e 30 2e n 0.0.0.
0040: 30 20 61 74 20 6f 66 66 0 at off
0048: 73 65 74 20 30 30 64 65 set 00de
0050: 39 65 65 63 9eec


System Events:

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7022
Date: 9/30/2008
Time: 6:45:18 PM
User: N/A
Computer: 62GF7F1
Description:
The Windows Image Acquisition (WIA) service hung on starting.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 9/30/2008
Time: 6:48:02 PM
User: N/A
Computer: 62GF7F1
Description:
The Windows Image Acquisition (WIA) service terminated unexpectedly. It has
done this 1 time(s).

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10010
Date: 9/30/2008
Time: 6:48:22 PM
User: ACCT05\DFLAGG
Computer: 62GF7F1
Description:
The server {A1F4E726-8CF1-11D1-BF92-0060081ED811} did not register with DCOM
within the required timeout.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
 
A

AJR

Dave - svchost is a "host" (container) for servcices/files required by a
running application,

Regarding: "Faulting application svchost.exe, version 5.1.2600.5512,
faulting module
unknown, version 0.0.0.0, fault address 0x00de9eecding: "..." - note
reference to "fault module unknown" - it's the module causing the problem -
unfortunately it is not identified - Process Explorer (or maybe Task
Manager) may be of assistance.

Data Prevention Execution is notifying you of errors created by an
application attempting to access program code memory (Module in
svchost/WIA?). Default DEP settting provides system file protection.
 
J

John McGaw

Dave wrote:
snip...
System Events:

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7022
Date: 9/30/2008
Time: 6:45:18 PM
User: N/A
Computer: 62GF7F1
Description:
The Windows Image Acquisition (WIA) service hung on starting.
snip...
Click to expand...

Seeing the WIA (Windows Image Acquisition) service mentioned among the
errors would prompt me to temporarily disable it and try again. I may help
and it seems unlikely to hurt.

John McGaw
http://johnmcgaw.com
 
G

Gerry

Dave

This seems to be the error where the problem starts.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7022
Date: 9/30/2008
Time: 6:45:18 PM
User: N/A
Computer: 62GF7F1
Description:
The Windows Image Acquisition (WIA) service hung on starting.

Go to Start, Control Panel. Administrative Tools, Services and right
click on the WIA Service. Select Properties and check the Start Up type.
Mine is set to Start Automatically.

This link describes the service.
http://smallvoid.com/article/winnt-services-stisvc.html

You will see that the recommended setting is Manual but I changed mine
after getting problems years ago.


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
 
D

Dave

Thank you! I killed that service and the behavior stopped. Then I did a
search for that specific service, and found a problem associated with my
printer software installation which I had forgotten I performed (HP PSC
2510). HP had a patch for the problem and it's now gone.

They was linking the svchost error to the Windows Image Acquisition (WIA)
service which, at a glance, don't seem to relate to each other at all. Your
help was invaluable and I learned something about Windows!

Thanks again,
Dave
 
G

Gerry

Dave

That's a good result.


--



Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

svchost.exe - Application Error 4
svchost.exe -- application error the instruction at "0x745f2780" 2
svchost.exe - Application Error 3
svchost.exe error 2
Persistent error 4
svchost.exe problems 1
svchost.exe Inbound? 4
The instruction at "address" referenced memory at "address". The memory cannot be read. 6

Top