1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

NEW! URGENT SVCHost.exe error

Discussion in 'Virus & Other Malware Removal' started by n_morzaria, Sep 10, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. n_morzaria

    n_morzaria Thread Starter

    Joined:
    Sep 10, 2003
    Messages:
    10
    hello ALl,

    I have rescently just installed Windows 2000 on my old hard drive. I have completely re-formatted the hard drive so, at the moment it has nothing on.
    But after only about 5 minutes on the internet, I get an error message saying that SVCHOST.EXE has crashed.

    I have tried the fixing tools for the W32Blast WORM, and the Fizzer WORM, but the software (from symantec) says my HD is clean and doesnt have the worm on it!

    Please help quickly


    The drwtsn32.log is as follows:





    Application exception occurred:
    App: svchost.exe (pid=380)
    When: 9/10/2003 @ 20:02:59.059
    Exception number: c0000096 (privileged instruction)

    *----> System Information <----*
    Computer Name: HDL-PC1
    User Name: SYSTEM
    Number of Processors: 1
    Processor Type: x86 Family 6 Model 7 Stepping 3
    Windows 2000 Version: 5.0
    Current Build: 2195
    Service Pack: None
    Current Type: Uniprocessor Free
    Registered Organization: HDL
    Registered Owner: YM

    *----> Task List <----*
    0 Idle.exe
    8 System.exe
    132 smss.exe
    156 csrss.exe
    152 winlogon.exe
    204 services.exe
    216 lsass.exe
    380 svchost.exe
    408 SPOOLSV.exe
    440 svchost.exe
    492 DLLHOST.exe
    508 mstask.exe
    632 explorer.exe
    792 IEXPLORE.exe
    784 wmplayer.exe
    916 drwtsn32.exe
    0 _Total.exe

    (01000000 - 01005000)
    (77F80000 - 77FF9000)
    (77DB0000 - 77E0A000)
    (77E80000 - 77F36000)
    (77D40000 - 77DAF000)
    (77A50000 - 77B45000)
    (77F40000 - 77F7C000)
    (77E10000 - 77E75000)
    (76190000 - 761CC000)
    (78000000 - 78046000)
    (77C10000 - 77C6D000)
    (75030000 - 75044000)
    (75020000 - 75028000)
    (77BE0000 - 77BEF000)
    (74FF0000 - 75002000)
    (77980000 - 779A4000)
    (75050000 - 75058000)
    (74FD0000 - 74FE1000)
    (75010000 - 75017000)
    (77840000 - 7784C000)
    (777E0000 - 777E8000)
    (77950000 - 77979000)
    (777F0000 - 777F5000)
    (77830000 - 7783E000)
    (77CC0000 - 77D40000)
    (779B0000 - 77A45000)

    State Dump for Thread Id 0x178

    eax=00000001 ebx=00000000 ecx=00076948 edx=00000000 esi=00000000 edi=00000048
    eip=77f8fb68 esp=0006fc38 ebp=0006fca8 iopl=0 nv up ei pl zr na po nc
    cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246


    function: ZwReadFile
    77f8fb5d b8a1000000 mov eax,0xa1
    77f8fb62 8d542404 lea edx,[esp+0x4] ss:00add20f=????????
    77f8fb66 cd2e int 2e
    77f8fb68 c22400 ret 0x24
    77f8fb6b 55 push ebp
    77f8fb6c 8bec mov ebp,esp
    77f8fb6e 56 push esi
    77f8fb6f 8b7508 mov esi,[ebp+0x8] ss:00add27e=????????
    77f8fb72 8b4608 mov eax,[esi+0x8] ds:00a6d5d6=????????
    77f8fb75 25ffff0000 and eax,0xffff
    77f8fb7a 0d0000efcd or eax,0xcdef0000
    77f8fb7f 894608 mov [esi+0x8],eax ds:00a6d5d6=????????
    77f8fb82 f60578e3fc7702 ds:77fce378=00
    test byte ptr [NlsAnsiCodePage+0x6aa (77fce378)],0x2
    77f8fb89 0f85499c0100 jne RtlDeleteTimerQueueEx+0xa16 (77fa97d8)
    77f8fb8f 8b4610 mov eax,[esi+0x10] ds:00a6d5d6=????????

    *----> Stack Back Trace <----*

    FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
    0006FCA8 77DC86D3 00000048 0006FD80 00000216 0006FCD0 ntdll!ZwReadFile
    0006FCD4 77DC9431 00000048 0006FD80 00000216 0006FD0C advapi32!SetSecurityDescriptorSacl
    0006FD50 77DC9182 00000048 0006FD80 00000216 000746F0 advapi32!StartServiceCtrlDispatcherW
    0006FFB0 0100113D 000746F0 00500043 00000049 77E87903 advapi32!StartServiceCtrlDispatcherW
    0006FFF0 00000000 010010B8 00000000 000000C8 00000100 svchost!<nosymbols>

    *----> Raw Stack Dump <----*
    0006fc38 65 49 e8 77 48 00 00 00 - 00 00 00 00 00 00 00 00 eI.wH...........
    0006fc48 00 00 00 00 80 fc 06 00 - 80 fd 06 00 16 02 00 00 ................
    0006fc58 00 00 00 00 00 00 00 00 - 0c fd 06 00 da 48 e8 77 .............H.w
    0006fc68 80 fd 06 00 00 00 00 00 - 01 00 00 00 08 55 07 00 .............U..
    0006fc78 94 fd 06 00 00 00 00 00 - 70 00 00 00 08 47 07 00 ........p....G..
    0006fc88 7c 01 00 00 00 00 00 00 - 60 fc 06 00 40 fd 06 00 |.......`[email protected]
    0006fc98 40 fd 06 00 fd 13 ea 77 - 20 f3 e9 77 ff ff ff ff @......w ..w....
    0006fca8 d4 fc 06 00 d3 86 dc 77 - 48 00 00 00 80 fd 06 00 .......wH.......
    0006fcb8 16 02 00 00 d0 fc 06 00 - 00 00 00 00 08 55 07 00 .............U..
    0006fcc8 80 fd 06 00 00 00 00 00 - 00 00 00 00 50 fd 06 00 ............P...
    0006fcd8 31 94 dc 77 48 00 00 00 - 80 fd 06 00 16 02 00 00 1..wH...........
    0006fce8 0c fd 06 00 f0 46 07 00 - 00 00 00 00 00 f0 fd 7f .....F..........
    0006fcf8 62 97 d4 77 48 47 07 00 - 94 fd 06 00 00 00 00 00 b..wHG..........
    0006fd08 3c fd 06 00 00 00 00 00 - 00 00 00 00 00 00 00 00 <...............
    0006fd18 b8 4e 07 00 08 47 07 00 - 88 01 00 00 70 00 65 00 .N...G......p.e.
    0006fd28 32 00 00 00 01 00 00 00 - c5 95 dc 77 00 00 00 00 2..........w....
    0006fd38 ec fc 06 00 48 47 07 00 - a0 ff 06 00 8b 19 db 77 ....HG.........w
    0006fd48 e8 99 dc 77 ff ff ff ff - b0 ff 06 00 82 91 dc 77 ...w...........w
    0006fd58 48 00 00 00 80 fd 06 00 - 16 02 00 00 f0 46 07 00 H............F..
    0006fd68 50 46 07 00 00 f0 fd 7f - 03 00 00 00 00 00 00 00 PF..............

    State Dump for Thread Id 0x188

    eax=00082668 ebx=00000000 ecx=00085904 edx=00000000 esi=77f90328 edi=0042fe84
    eip=77f90333 esp=0042fe70 ebp=0042fe8c iopl=0 nv up ei pl nz na po nc
    cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206


    function: ZwDelayExecution
    77f90328 b832000000 mov eax,0x32
    77f9032d 8d542404 lea edx,[esp+0x4] ss:00e9d447=????????
    77f90331 cd2e int 2e
    77f90333 c20800 ret 0x8
    77f90336 33c0 xor eax,eax
    77f90338 e99ac6ffff jmp RtlCopySid+0x64 (77f8c9d7)
    77f9033d 23d1 and edx,ecx
    77f9033f 8a06 mov al,[esi] ds:77f90328=b8
    77f90341 8807 mov [edi],al ds:0042fe84=80
    77f90343 8a4601 mov al,[esi+0x1] ds:789fd8fe=??
    77f90346 884701 mov [edi+0x1],al ds:00e9d45a=??
    77f90349 8a4602 mov al,[esi+0x2] ds:789fd8fe=??
    77f9034c c1e902 shr ecx,0x2
    77f9034f 884702 mov [edi+0x2],al ds:00e9d45a=??
    77f90352 83c603 add esi,0x3

    *----> Stack Back Trace <----*

    FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
    0042FE8C 761939B9 0001D8A8 00000000 000006B3 00000002 ntdll!ZwDelayExecution
    0042FEB8 76191B02 00000000 00074EC4 00000000 01003000 rpcss!<nosymbols>
    0042FF84 0100157B 00000001 00074EC0 00000000 00074EB8 rpcss!<nosymbols>
    76191954 0000B4EC 33565300 5D8957DB 019DE8FC 358B0000 svchost!<nosymbols>

    *----> Raw Stack Dump <----*
    0042fe70 ab 4b e8 77 00 00 00 00 - 84 fe 42 00 00 00 00 00 .K.w......B.....
    0042fe80 a8 d8 01 00 80 dd e0 b7 - ff ff ff ff b8 fe 42 00 ..............B.
    0042fe90 b9 39 19 76 a8 d8 01 00 - 00 00 00 00 b3 06 00 00 .9.v............
    0042fea0 02 00 00 00 00 00 00 00 - 94 02 00 00 0a 76 03 00 .............v..
    0042feb0 0a 76 03 00 6f 80 06 00 - 84 ff 42 00 02 1b 19 76 .v..o.....B....v
    0042fec0 00 00 00 00 c4 4e 07 00 - 00 00 00 00 00 30 00 01 .....N.......0..
    0042fed0 d8 4e 41 80 50 88 8a 81 - 00 52 8a 81 c4 2c 9d b9 .NA.P....R...,..
    0042fee0 6e da 44 80 04 00 00 00 - 28 84 87 81 eb 57 49 80 n.D.....(....WI.
    0042fef0 80 f3 06 00 02 00 00 00 - c4 4e 07 00 00 00 00 00 .........N......
    0042ff00 c0 46 07 00 00 00 00 00 - 01 00 00 00 19 00 02 00 .F..............
    0042ff10 7c 27 50 c0 84 00 00 00 - 00 00 00 00 00 00 00 00 |'P.............
    0042ff20 84 00 00 00 01 00 00 00 - 00 20 50 c0 60 6d 8b 85 ......... P.`m..
    0042ff30 20 90 85 85 00 00 00 00 - b0 91 85 85 68 32 07 00 ...........h2..
    0042ff40 46 02 00 00 86 d6 42 80 - 00 2f 06 80 80 91 85 85 F.....B../......
    0042ff50 20 90 85 85 70 2c 9d b9 - 01 10 f4 77 00 20 50 c0 ...p,.....w. P.
    0042ff60 00 00 00 00 d5 aa e8 77 - ce 4e 07 00 01 00 00 00 .......w.N......
    0042ff70 80 00 00 00 ff ff ff ff - c0 46 07 00 ca 46 07 00 .........F...F..
    0042ff80 00 00 00 00 54 19 19 76 - 7b 15 00 01 01 00 00 00 ....T..v{.......
    0042ff90 c0 4e 07 00 00 00 00 00 - b8 4e 07 00 ec ff 42 00 .N.......N....B.
    0042ffa0 b8 4e 07 00 00 00 00 00 - d3 95 dc 77 01 00 00 00 .N.........w....

    State Dump for Thread Id 0x174

    eax=00000998 ebx=00453418 ecx=00000005 edx=00000000 esi=00000000 edi=00000001
    eip=77f90aaf esp=0049f65c ebp=0049f694 iopl=0 nv up ei pl zr na po nc
    cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246


    function: NtNotifyChangeKey
    77f90aa4 b85f000000 mov eax,0x5f
    77f90aa9 8d542404 lea edx,[esp+0x4] ss:00f0cc33=????????
    77f90aad cd2e int 2e
    77f90aaf c22800 ret 0x28

    *----> Stack Back Trace <----*

    FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
    0049F694 7619AC08 80000003 00000001 00000005 0000017C ntdll!NtNotifyChangeKey
    0049F6B8 7619A996 00453418 0049F6E0 0049F798 00454824 rpcss!<nosymbols>
    0049F6D4 7619A6E7 004533C8 00000001 0049F6F4 0049F788 rpcss!<nosymbols>
    0049F6F8 7619A7C4 004533C8 9BA05972 0049F788 00000010 rpcss!<nosymbols>
    0049F73C 761A1E9D 761BB058 00000000 0049F788 7619A918 rpcss!<nosymbols>
    0049F798 761A1936 0045EC48 0049F7BC 7619F6D8 0049F7E0 rpcss!<nosymbols>
    0049F7E4 761A2758 00000002 0049F800 0009E594 0049F908 rpcss!<nosymbols>
    0049F8C4 77D45178 00090B98 0009E560 0009E580 0049F910 rpcss!<nosymbols>
    0049F8F4 77DA1586 761A2704 0049FAA8 00000007 00000000 rpcrt4!NdrServerInitialize
    0049FD0C 77DA1937 00000000 00000000 00090C90 0049FD24 rpcrt4!NdrStubCall2
    0049FD28 77D453E2 00090C90 000820F0 00090C90 00000000 rpcrt4!NdrServerCall2
    0049FD60 77D452EF 76197574 00090C90 0049FE0C 00090C90 rpcrt4!NdrServerInitialize
    0049FDB8 77D45215 00000004 00000000 0049FE0C 00000000 rpcrt4!NdrServerInitialize
    0049FDD8 77D4638F 00090C90 00000000 0049FE0C 77F8AA7D rpcrt4!NdrServerInitialize
    0049FE10 77D45F5A 00090A58 00079440 800B0006 00000002 rpcrt4!NdrConformantArrayFree
    0049FE28 77D4B60E 00090B98 0049FE50 00090A58 0049FF6C rpcrt4!NdrConformantArrayFree
    0049FF74 77D4B407 77D4B7BF 00079440 00690072 FFFFFFFF rpcrt4!RpcBindingSetOption
    0049FFA8 77D4B771 00079618 0049FFEC 77E92CA8 00079640 rpcrt4!RpcBindingSetOption
    0049FFB4 77E92CA8 00079640 00690072 FFFFFFFF 00079640 rpcrt4!RpcBindingSetOption
    0049FFEC 00000000 77D4B759 00079640 00000000 000000C8 kernel32!CreateFileA

    *----> Raw Stack Dump <----*
    0049f65c 1f 9e db 77 80 01 00 00 - 7c 01 00 00 00 00 00 00 ...w....|.......
    0049f66c 00 00 00 00 b8 20 e0 77 - 05 00 00 00 01 00 00 00 ..... .w........
    0049f67c 00 00 00 00 00 00 00 00 - 01 00 00 00 01 00 00 00 ................
    0049f68c 18 34 45 00 00 00 00 00 - b8 f6 49 00 08 ac 19 76 .4E.......I....v
    0049f69c 03 00 00 80 01 00 00 00 - 05 00 00 00 7c 01 00 00 ............|...
    0049f6ac 01 00 00 00 02 00 00 00 - c8 33 45 00 d4 f6 49 00 .........3E...I.
    0049f6bc 96 a9 19 76 18 34 45 00 - e0 f6 49 00 98 f7 49 00 ...v.4E...I...I.
    0049f6cc 24 48 45 00 00 48 45 00 - f8 f6 49 00 e7 a6 19 76 $HE..HE...I....v
    0049f6dc c8 33 45 00 01 00 00 00 - f4 f6 49 00 88 f7 49 00 .3E.......I...I.
    0049f6ec 58 b0 1b 76 00 00 00 00 - 00 00 00 00 3c f7 49 00 X..v........<.I.
    0049f6fc c4 a7 19 76 c8 33 45 00 - 72 59 a0 9b 88 f7 49 00 ...v.3E.rY....I.
    0049f70c 10 00 00 00 00 00 00 00 - 00 00 00 00 44 f7 49 00 ............D.I.
    0049f71c 38 f7 49 00 98 f7 49 00 - 20 ee 45 00 48 ec 45 00 8.I...I. .E.H.E.
    0049f72c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0049f73c 98 f7 49 00 9d 1e 1a 76 - 58 b0 1b 76 00 00 00 00 ..I....vX..v....
    0049f74c 88 f7 49 00 18 a9 19 76 - 20 ee 45 00 00 00 00 00 ..I....v .E.....
    0049f75c 7d 1e 1a 76 50 b0 1b 76 - 88 f7 49 00 18 a9 19 76 }..vP..v..I....v
    0049f76c 20 ee 45 00 73 1c 1a 76 - 88 f7 49 00 20 ee 45 00 .E.s..v..I. .E.
    0049f77c a4 fa 49 00 00 f8 49 00 - 48 ec 45 00 72 59 a0 9b ..I...I.H.E.rY..
    0049f78c a8 f6 cf 11 a4 42 00 a0 - c9 0a 8f 39 e4 f7 49 00 .....B.....9..I.

    State Dump for Thread Id 0x18c

    eax=778321fe ebx=00000003 ecx=7ffdd000 edx=00000000 esi=77f87e6c edi=00000003
    eip=77f87e77 esp=004efd24 ebp=004efd70 iopl=0 nv up ei pl zr na po nc
    cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246


    function: ZwWaitForMultipleObjects
    77f87e6c b8e9000000 mov eax,0xe9
    77f87e71 8d542404 lea edx,[esp+0x4] ss:00f5d2fb=????????
    77f87e75 cd2e int 2e
    77f87e77 c21400 ret 0x14
    77f87e7a 668b08 mov cx,[eax] ds:778321fe=8b55
    77f87e7d 40 inc eax
    77f87e7e 40 inc eax
    77f87e7f 8945a4 mov [ebp+0xa4],eax ss:00f5d346=????????
    77f87e82 6685c9 test cx,cx
    77f87e85 75f3 jnz RtlExpandEnvironmentStrings_U+0x26 (77f8e57a)
    77f87e87 663930 cmp [eax],si ds:778321fe=8b55
    77f87e8a 75ee jnz ZwFsControlFile+0x54 (77f8bf7a)
    77f87e8c 40 inc eax
    77f87e8d 40 inc eax
    77f87e8e 8945a4 mov [ebp+0xa4],eax ss:00f5d346=????????

    *----> Stack Back Trace <----*

    FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
    004EFD70 77E9E68A 004EFD48 00000001 00000000 00000000 ntdll!ZwWaitForMultipleObjects
    004EFFB4 77E92CA8 00000004 0007E324 7FFDD000 0007EA38 kernel32!WaitForMultipleObjects
    004EFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!CreateFileA

    State Dump for Thread Id 0x1bc

    eax=00000000 ebx=00000000 ecx=00000009 edx=00000000 esi=00079440 edi=0008f090
    eip=77f82eec esp=0057fe28 ebp=0057ff74 iopl=0 nv up ei pl nz na po nc
    cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206


    function: ZwReplyWaitReceivePortEx
    77f82ee1 b8ac000000 mov eax,0xac
    77f82ee6 8d542404 lea edx,[esp+0x4] ss:00fed3ff=????????
    77f82eea cd2e int 2e
    77f82eec c21400 ret 0x14

    *----> Stack Back Trace <----*

    FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
    0057FF74 77D4B407 77D4B7BF 00079440 00000000 00000000 ntdll!ZwReplyWaitReceivePortEx
    0057FFA8 77D4B771 00080E78 0057FFEC 77E92CA8 000815D0 rpcrt4!RpcBindingSetOption
    0057FFB4 77E92CA8 000815D0 00000000 00000000 000815D0 rpcrt4!RpcBindingSetOption
    0057FFEC 00000000 77D4B759 000815D0 00000000 000000C8 kernel32!CreateFileA

    *----> Raw Stack Dump <----*
    0057fe28 94 b5 d4 77 9c 00 00 00 - 54 ff 57 00 00 00 00 00 ...w....T.W.....
    0057fe38 d8 5d 08 00 58 ff 57 00 - 00 4c 07 00 78 0e 08 00 .]..X.W..L..x...
    0057fe48 d0 15 08 00 50 87 8a 81 - 28 00 40 00 00 00 00 00 ....P...([email protected]
    0057fe58 10 03 00 00 08 03 00 00 - 63 15 00 00 00 00 00 00 ........c.......
    0057fe68 02 6c 01 00 f8 87 00 e1 - 00 00 00 00 00 00 00 00 .l..............
    0057fe78 06 02 00 00 16 e6 44 80 - 01 00 00 00 5e 00 00 00 ......D.....^...
    0057fe88 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
    0057fe98 d6 05 00 00 13 cf 90 2c - d7 05 00 00 13 cf 90 2c .......,.......,
    0057fea8 d8 05 00 00 13 cf 90 2c - d9 05 00 00 13 cf 90 2c .......,.......,
    0057feb8 da 05 00 00 13 cf 90 2c - db 05 00 00 13 cf 90 2c .......,.......,
    0057fec8 dc 05 00 00 13 cf 90 2c - dd 05 00 00 13 cf 90 2c .......,.......,
    0057fed8 de 05 00 00 13 cf 90 2c - df 05 00 00 13 cf 90 2c .......,.......,
    0057fee8 e0 05 00 00 13 cf 90 2c - e1 05 00 00 13 cf 90 2c .......,.......,
    0057fef8 e2 05 00 00 13 cf 90 2c - e3 05 00 00 13 cf 90 2c .......,.......,
    0057ff08 e4 05 00 00 13 cf 90 2c - e5 05 00 00 13 cf 90 2c .......,.......,
    0057ff18 e6 05 00 00 13 cf 90 2c - e7 05 00 00 13 cf 90 2c .......,.......,
    0057ff28 e8 05 00 00 13 cf 90 2c - 14 00 00 00 00 00 00 00 .......,........
    0057ff38 14 00 00 00 00 00 00 00 - 46 02 00 00 86 d6 42 80 ........F.....B.
    0057ff48 00 2f 06 80 a0 a9 a0 85 - 40 a8 a0 85 07 00 0e 80 ./[email protected]
    0057ff58 00 a2 2f 4d ff ff ff ff - 50 fe 57 00 07 00 0e 80 ../M....P.W.....

    State Dump for Thread Id 0x260

    eax=009df820 ebx=80020000 ecx=00452878 edx=00000000 esi=00079440 edi=00085b28
    eip=77f82eec esp=009dfe28 ebp=009dff74 iopl=0 nv up ei pl nz na po nc
    cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206


    function: ZwReplyWaitReceivePortEx
    77f82ee1 b8ac000000 mov eax,0xac
    77f82ee6 8d542404 lea edx,[esp+0x4] ss:0144d3ff=????????
    77f82eea cd2e int 2e
    77f82eec c21400 ret 0x14

    *----> Stack Back Trace <----*

    FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
    009DFF74 77D4B407 77D4B7BF 00079440 FFFFFFFF 0049FAA0 ntdll!ZwReplyWaitReceivePortEx
    009DFFA8 77D4B771 0008BA40 009DFFEC 77E92CA8 0008C9A8 rpcrt4!RpcBindingSetOption
    009DFFB4 77E92CA8 0008C9A8 FFFFFFFF 0049FAA0 0008C9A8 rpcrt4!RpcBindingSetOption
    009DFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!CreateFileA

    State Dump for Thread Id 0x378

    eax=0009bb08 ebx=0009bb5a ecx=00a5fd00 edx=00000000 esi=000746c0 edi=00a5f860
    eip=00a5f863 esp=00a5f768 ebp=00580046 iopl=0 nv up ei pl nz ac po nc
    cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000216


    function: <nosymbols>
    00a5f84a 7ce1 jl 00a6b72d
    00a5f84c be329409f9 mov esi,0xf9099432
    00a5f851 3a6bb6 cmp ch,[ebx+0xb6] ds:00b09130=??
    00a5f854 d7 xlat
    00a5f855 9f lahf
    00a5f856 4d dec ebp
    00a5f857 8571da test [ecx+0xda],esi ds:014cd2d6=????????
    00a5f85a c681bf321dc6b3 mov byte ptr [ecx+0xc61d32bf],0xb3 ds:c6c32fbf=??
    00a5f861 5a pop edx
    00a5f862 f8 clc
    FAULT ->00a5f863 ec in al,dx
    00a5f864 bf32fcb38d mov edi,0x8db3fc32
    00a5f869 1cf0 sbb al,0xf0
    00a5f86b e8c841a6df call e04c3a38
    00a5f870 ebcd jmp 00a6bb3f
    00a5f872 c28836 ret 0x3688
    00a5f875 7490 jz 00a67807
    00a5f877 7f89 jg 00a65302
    00a5f879 5a pop edx
    00a5f87a e67e out 7e,al
    00a5f87c 0c24 or al,0x24
    00a5f87e 7cad jl 00a6b72d

    *----> Stack Back Trace <----*

    FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
    00580046 FFF80000 0050FFFF 00500058 06400058 00000058 <nosymbols>
    000F0058 00000000 00000000 00000000 00000000 00000000 <nosymbols>

    *----> Raw Stack Dump <----*
    00a5f768 c0 13 00 01 c0 46 07 00 - 90 90 90 90 90 90 90 90 .....F..........
    00a5f778 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90 90 ................
    00a5f788 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90 90 ................
    00a5f798 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90 90 ................
    00a5f7a8 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90 90 ................
    00a5f7b8 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90 90 ................
    00a5f7c8 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90 90 ................
    00a5f7d8 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90 90 ................
    00a5f7e8 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90 90 ................
    00a5f7f8 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90 90 ................
    00a5f808 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90 eb ................
    00a5f818 19 5e 31 c9 81 e9 89 ff - ff ff 81 36 80 bf 32 94 .^1........6..2.
    00a5f828 81 ee fc ff ff ff e2 f2 - eb 05 e8 e2 ff ff ff 03 ................
    00a5f838 53 06 1f 74 57 75 95 80 - bf bb 92 7f 89 5a 1a ce S..tWu.......Z..
    00a5f848 b1 de 7c e1 be 32 94 09 - f9 3a 6b b6 d7 9f 4d 85 ..|..2...:k...M.
    00a5f858 71 da c6 81 bf 32 1d c6 - b3 5a f8 ec bf 32 fc b3 q....2...Z...2..
    00a5f868 8d 1c f0 e8 c8 41 a6 df - eb cd c2 88 36 74 90 7f .....A......6t..
    00a5f878 89 5a e6 7e 0c 24 7c ad - be 32 94 09 f9 22 6b b6 .Z.~.$|..2..."k.
    00a5f888 d7 4c 4c 62 cc da 8a 81 - bf 32 1d c6 ab cd e2 84 .LLb.....2......
    00a5f898 d7 f9 79 7c 84 da 9a 81 - bf 32 1d c6 a7 cd e2 84 ..y|.....2......

    State Dump for Thread Id 0x294

    eax=761a2cb9 ebx=00000000 ecx=00000000 edx=00000000 esi=77f90328 edi=00a9fe6c
    eip=77f90333 esp=00a9fe58 ebp=00a9fe74 iopl=0 nv up ei pl nz na po nc
    cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206


    function: ZwDelayExecution
    77f90328 b832000000 mov eax,0x32
    77f9032d 8d542404 lea edx,[esp+0x4] ss:0150d42f=????????
    77f90331 cd2e int 2e
    77f90333 c20800 ret 0x8
    77f90336 33c0 xor eax,eax
    77f90338 e99ac6ffff jmp RtlCopySid+0x64 (77f8c9d7)
    77f9033d 23d1 and edx,ecx
    77f9033f 8a06 mov al,[esi] ds:77f90328=b8
    77f90341 8807 mov [edi],al ds:00a9fe6c=c0
    77f90343 8a4601 mov al,[esi+0x1] ds:789fd8fe=??
    77f90346 884701 mov [edi+0x1],al ds:0150d442=??
    77f90349 8a4602 mov al,[esi+0x2] ds:789fd8fe=??
    77f9034c c1e902 shr ecx,0x2
    77f9034f 884702 mov [edi+0x2],al ds:0150d442=??
    77f90352 83c603 add esi,0x3

    *----> Stack Back Trace <----*

    FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
    00A9FE74 761A2ED7 0001BC24 00000000 0042FB50 77D4E7D7 ntdll!ZwDelayExecution
    00A9FFB4 77E92CA8 00000000 0042FB50 77D4E7D7 00000000 rpcss!<nosymbols>
    00A9FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!CreateFileA

    State Dump for Thread Id 0x1d8

    eax=77d4b759 ebx=00007530 ecx=00000200 edx=00000000 esi=00075008 edi=00007530
    eip=77f8b520 esp=00adfebc ebp=00adfee4 iopl=0 nv up ei ng nz ac po cy
    cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000297


    function: ZwRemoveIoCompletion
    77f8b515 b8a8000000 mov eax,0xa8
    77f8b51a 8d542404 lea edx,[esp+0x4] ss:0154d493=????????
    77f8b51e cd2e int 2e
    77f8b520 c21400 ret 0x14
    77f8b523 8b4124 mov eax,[ecx+0x24] ds:00a6d7d6=????????
    77f8b526 39420c cmp [edx+0xc],eax ds:00a6d5d6=????????
    77f8b529 0f85bc370000 jne RtlAddAccessAllowedAce+0x1c (77f8eceb)
    77f8b52f ff4208 inc dword ptr [edx+0x8] ds:00a6d5d6=????????
    77f8b532 33c0 xor eax,eax
    77f8b534 c20400 ret 0x4

    *----> Stack Back Trace <----*

    FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
    00ADFEE4 77D5C3A7 0000005C 00ADFF1C 00ADFF0C 00ADFF14 ntdll!ZwRemoveIoCompletion
    00ADFF20 77D5BB26 00007530 00ADFF60 00ADFF5C 00ADFF70 rpcrt4!NdrServerMarshall
    00ADFF74 77D5BA15 77D4B7BF 00075008 00070778 00079AC8 rpcrt4!I_RpcBCacheAllocate
    00ADFFA8 77D4B771 00091078 00ADFFEC 77E92CA8 0008F418 rpcrt4!I_RpcBCacheAllocate
    00ADFFB4 77E92CA8 0008F418 00070778 00079AC8 0008F418 rpcrt4!RpcBindingSetOption
    00ADFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!CreateFileA





    Thanks All
    Neeraj

    p.s. after svchost.exe crashes I cant onen new windows, add/remove programs, open windows media player, or practically do anything!!
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Are you current in the Microsoft updates?
     
  3. n_morzaria

    n_morzaria Thread Starter

    Joined:
    Sep 10, 2003
    Messages:
    10
    i dont know..]

    where can i download them from??
    can i pleasse hav linkz?

    thankz
     
  4. NiteHawk

    NiteHawk

    Joined:
    Mar 9, 2003
    Messages:
    4,699
    Go to http://tomcoyote.org/hjt/ and download HiJackThis. Use Winzip to ]u]unzip[/u] it, then install and run it. To run, click the “Scan” button. When it's done the "Scan" button changes to "Save Log". Save the log file it creates (it should open in Notepad at that point). Copy and paste the results in your next post. IF you happen to be using a proxy server, please mention it in your post. Most of what it finds is harmless, so do not do anything yet. Someone will be glad to help you sort out any of the baddies that may be in there.
     
  5. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
  6. n_morzaria

    n_morzaria Thread Starter

    Joined:
    Sep 10, 2003
    Messages:
    10
    okay...

    well... i downloaded the new service pack...which told me to download at least service pack 2. so i installed service pack 2.

    left it on all day...

    when i came home at bout 4pm, it said, please restart computer.

    so i did,

    then during startup it went to a bule screen...CONSTANTLY. so i cud neva get back onto my computer.

    so my dad re-installed win2k again! from an upgrade of Win98!

    but still i get the error message after being online after only 5 mins or so


    please help quik

    Thanks
    Neeraj
     
  7. n_morzaria

    n_morzaria Thread Starter

    Joined:
    Sep 10, 2003
    Messages:
    10
    omg!!1 its dunn it agen!! only after 1 min now!!
     
  8. NiteHawk

    NiteHawk

    Joined:
    Mar 9, 2003
    Messages:
    4,699
    Go to http://tomcoyote.org/hjt/ and download HiJackThis. Use Winzip to unzip it, then install and run it. To run, click the “Scan” button. When it's done the "Scan" button changes to "Save Log". Save the log file it creates (it should open in Notepad at that point). Copy and paste the results in your next post. IF you happen to be using a proxy server, please mention it in your post. Most of what it finds is harmless, so do not do anything yet. Someone will be glad to help you sort out any of the baddies that may be in there.
     
  9. n_morzaria

    n_morzaria Thread Starter

    Joined:
    Sep 10, 2003
    Messages:
    10
    k thanks

    i will do that
     
  10. n_morzaria

    n_morzaria Thread Starter

    Joined:
    Sep 10, 2003
    Messages:
    10
    it dont seem to be doin it anymore, and i havent even downloaded that software yet!!

    but thanks every1 for all your help!!

    Thanks
    Neeraj
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/163775

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice