svchost.exe constantly crashing

Microsoft Microsoft windows vista home p...
November 16, 2009 at 01:54:05
Specs: Windows Vista Home Premium w/SP2
I'm cleaning up from a virus I got a couple days ago. I've undone most of the damage and my system is now clean, but I'm still getting constant "Host Process for Windows Services has stopped working" errors. Another thing the virus did was to disable my windows update by changing the value in a registry from 0x2 to 0x4, but changing that seemed to fix it.

Problem signature:
Problem Event Name: APPCRASH
Application Name: svchost.exe
Application Version: 6.0.6001.18000
Application Timestamp: 4ae916cd
Fault Module Name: svchost.exe
Fault Module Version: 6.0.6001.18000
Fault Module Timestamp: 4ae916cd
Exception Code: c0000005
Exception Offset: 000019fc
OS Version: 6.0.6002.
Locale ID: 1033
Additional Information 1: e3cf
Additional Information 2: d42237859197873da486d40409b96ff9
Additional Information 3: 6465
Additional Information 4: bf5e4c6357912355529dc6530c027b50

The instance of svchost.exe pops up for only a second before crashing but I was able to use a program called Process Explorer to catch some additional information about it. It listed no services that it was running. It appeared as a child service (presuming that's the nomenclature for the reverse of a parent service) of another svchost.exe.

The parent svchost.exe was running the following services if it matters: application experience, background intelligent transfer service, certificate propagation, computer browser, extensible authentication protocol, ike and authip ipsec keying module, ip helper, multimedia class scheduler, network security, remote access connection manager, secondary logon, server, shell hardware detection, system event notification service, task scheduler, terminal services configuration, themes, user profile services, windows management instrumentation, and windows update

There are a few things I need to know. Is it normal for an instance of svchost.exe to run as a child service of another svchost? Which of this information is pertinent and what useful information have I left out? And, of course, how can I fix the problem or prevent the error message?

See More: svchost.exe constantly crashing

Report •

November 16, 2009 at 13:41:50
You may have a rogue service running, or the virus (sounds more like a trojan?) might have taken over a little used service. Your cleanup may have deleted something the service relies on to run. I'd suggest running HiJackThis, or better still in this case McAfee Rootkit Detective (free on their site) to expose the culprit. I've removed several similar viruses and trojans (not from my PC, I hasten to add) recently, and may be able to help further if you don't find a cure.

Report •

November 16, 2009 at 15:17:37
McAfee Rootkit Detective doesn't work on Vista. HiJackThis helped me catch a reference in registry to a Virtumonde executable that SpyBot, Spyware Doctor, and AVG hadn't caught, so thanks for that. Unfortunately this still doesn't address the error message. I double checked the logs from each of the scanners I ran and none of the files deleted could account for this (as far as I know.)

I had turned AVG system tray off because it causes an annoying bug ever since update 9.0 that causes fullscreen games to minimize. I then followed a link from a friend to a site with the viruses on it. Immediately upon seeing some malware program pop up on my computer I hit the reset button, went to safe mode, disabled all startup items in msconfig and all non-microsoft services, then went back to regular mode. Nine minutes after logging back in I got the first of the error messages.

I don't think it very likely, but could disabling a non-microsoft service through msconfig cause the error? I've already tried an sfc/scannow. Going to try a repair installation now.

Edit: It was easy enough to check, so I turned the services back on and restarted, but still get the error.

Report •

November 17, 2009 at 03:40:10
"McAfee Rootkit Detective doesn't work on Vista" - it does on my friend's PC, and is advertised as running under Vista - it's why I suggested it. You may have a process running that recognises it and prevents it running. Try renaming the program and running it again. Check your System logs - if a service failed to start, there should be a corresponding message in there.

Report •

Related Solutions

November 17, 2009 at 03:44:37
I've resolved this by re-installing windows (bleh). Thank you for the help.

Report •

Ask Question