svchost.exe - Application error. The instruction at "0x00b096bc" referenced memory a

[djpanic]

The instruction at "0x00b096bc" referenced memory at "0x0000000000". The memory could not be written. That 's the error message. Well, the one that pops up the most. Anyone know how or where to decipher these 0x00??? If i boot in safe mode with networking, everything is fine. Everything was fine about a week or so ago. Scanned with everything under the sun - no spyware or viruses. Uninstalled most recent updates since if I disabled all services and had no problems (but no network access either). Now I got things working, but if I open My computer, I get the flashlight, then the memory error. If I right click on an icon and hit send to, i get the memory error.

Any and all suggestions are much appreciated, thanks!

 

[kitty500cat]

Hopefully the problem can be determined by analyzing your minidumps.

Go into the folder C:\WINDOWS\Minidump (try accessing it from Run instead of going into My Computer). Attach 5 or 6 of your latest minidumps (located in that folder) into this thread.

Regards

 

[djpanic]

minidump folders/files

There's no minidump folder or files anywhere on c:

 

[kitty500cat]

Taken from here:

Go to the Control Panel and follow these steps:

1. System Icon
2. Advanced Tab
3. Startup and Recovery -> Settings
4. Enable Write an Event to the system log
5. Disable Automatically Restart
6. Select the following debugging information:
   • Small memory dump (64 Kb)
   • Small Dump Directory : %SystemRoot%\Minidump
7. Confirm all and restart the computer.

Then see if the crash happens again, and if it does, see if minidumps exist.

Regards

 

[djpanic]

Advanced settings

All of those settings were correct. The App log has alot of Autoenrollment Event 15 errors and the System log has a Ton of event ID's such as 29, 14, 59, 32, 5719, 7035, 26, 7034, 7035, 10010, 40960, 40961 are the majority of them. Sources ranging from SideBySide? to DCOM, Service Control Mgr, Application Popup (ID 26. I checked permissions and login is in Admin group). I'm thinking a reformat may be the only option at this point... :-((

 

[kitty500cat]

Sounds like we'll have to let somebody more experienced than I am take it from here.

Regards

 

[N3051M]

Ok. First we make sure its not a malware hiding itself under the name svchost.. have a read of this and post a hjt log as an attachment.

https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

Did you install anything recent on your PC?

When you receive an error, make a note on what time it happened and try and match with whatever event viewer (start>run eventvwr) logs at that exact moment. Google the error codes of the report or post it here.

 

[djpanic]

Hijackthis

no new hardware or software installs....


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:27:28 AM, on 5/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Documents and Settings\Warren.BLUEFISH\Desktop\Examination v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nytimes.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - DisabledByAS{1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136916911156
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bluefish.local
O17 - HKLM\Software\..\Telephony: DomainName = bluefish.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bluefish.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = bluefish.local
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

--
End of file - 6357 bytes

 

[gully]

I'm not sure if this gonna work... try remove skype, and aol toolbar. I googled this error and found almost similar to this thread. Have you try to fix your registry?

 

[N3051M]

get hjt to fix:

O2 - BHO: (no name) - DisabledByAS{1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)

You need an AV software. I suggest downloading and installing Avast Home free edition or AVG Free. Google for them. Same with firewall, choose Kerio Personal Firewall or Zonealarm.. these suggestions will help prevent any sort of virus outbreak in the future.

did you find anything on event viewer?