|
Svchost.exe crashing randomly - Need expert help! |
Post Reply 
|
Page <1 6789> |
| Author |
 Share Topic Printable Version Delicious Digg Facebook Furl Google MySpace Newsvine reddit StumbleUpon Translate Twitter Windows Live Yahoo Bookmarks Topic Search  Topic Options
|
||
molotov 
Moderator Group 
Joined: 04 October 2006 Online Status: Offline Posts: 17492 |
 Post Options
 Quote Reply
 Topic: Svchost.exe crashing randomly - Need expert help!Posted: 14 April 2008 at 2:58pm |
||
|
Apps and drivers generally get updated over time. What behavior may not have been present in an older version, may be present in a newer. So, simply running a particular software product before a problem happens does not necessarily remove that product from suspicion once a problem starts happening.
Which 3rd party DLLs are loaded into the address space of the NETSVCS SVCHOST instance? (Add the "Company Name" column to DLL view, sort by it, and ignore the "Microsoft" entries.)
|
|||
|
Daily affirmation:
net helpmsg 4006 |
|||
 |
|||
|
Jackcolt
Groupie 
Joined: 01 April 2008 Location: Denmark Online Status: Offline Posts: 73 |
Post Options
Quote Reply
Posted: 14 April 2008 at 1:56pm |
||
|
Haha, yeah, my idea was also it was caused by the interaction of different software components. And I was stunned when I discovered that formatting and changing Motherboard didn't fix it.
Yeah I can "references" in the lower pane of svchost.exe -netsvcs in PE to all my other running programs. The problem is: - I've used AVG Antivirus long before the crashing started - I started using PC Tools Firewall Plus after the crashing started. - I've always had Daemon Tools installed. I've also had a more advanced version installed which I once though might have caused it, as it would fit around my idea of when it started. Uninstalling it didn't help. - And I've had this graphics card along before the problem started. - Might be messenger as it's always running, but I'd imagine I'd hear more about the problem then. If none of your suggestions work, I might try to format the computer and then carefully monitor what I have installed. I'll also try to restructure how my folders are with the stuff I need to keep(perhaps some freak bug like the one with notepad where you can't write "this app will break") |
|||
|
|||
|
molotov
Moderator Group
Joined: 04 October 2006 Online Status: Offline Posts: 17492 |
Post Options
Quote Reply
Posted: 14 April 2008 at 1:40pm |
||
Given the regularity of the crashing SVCHOST instance, and the fact that you've not mentioned other problems with crashing applications or BSODs, I'm not inclined to think it's a hardware problem. It's possible it could be a bug in some OS component, but I'm hesitant to say that because there's no real proof. I don't recall any third party modules loaded into the address space of the crashing SVCHOST instance, so it's difficult to say that AV or other software that usually gets tossed into the address space of any / all processes is having an impact. In short, I would say that I think it's a software problem, caused by the interaction of various components. Pretty generic, huh...
 What AV / security software are you running, if any? Looks like "PC Tools Firewall Plus", and AVG Antivirus. Have you tried uninstalling these programs to see if there is an impact? (Of course, the software is meant to ensure the security of your system, so if you choose to uninstall, please be aware of the consequences...)
|
|||
|
Daily affirmation:
net helpmsg 4006 |
|||
|
|||
|
molotov
Moderator Group
Joined: 04 October 2006 Online Status: Offline Posts: 17492 |
Post Options
Quote Reply
Posted: 14 April 2008 at 1:30pm |
||
The idea is not to have the thread disappear, however...
1) Just a hunch, that's all. I can't put my finger on what made me type the suggestion.
Seems like giving it a shot would have a minimal impact...2) It's not necessarily a "CPU-related thing", though, in the context of "drivers or dual-core optimizers". And of course, setting the affinity won't solve the problem, or really get any closer to identifying it. But, if it stops the annoying crashes...
|
|||
|
Daily affirmation:
net helpmsg 4006 |
|||
|
|||
|
Jackcolt
Groupie
Joined: 01 April 2008 Location: Denmark Online Status: Offline Posts: 73 |
Post Options
Quote Reply
Posted: 14 April 2008 at 1:15pm |
||
|
I think my next approach would be to play around with the services. I'll first try to close them all and check for each closed service if it removes the thread.
Then as you say, I'll probably need to isolate the services. I'll probably plan around with making several groups(as isolating them all in their own group will create other errors) and then check out which one of those crashes.
Yes 0) Tried and it reports no errors. 1) Might I ask why? Perhaps I have an application that might also "fit" within your hunch. 2) I'll try if nothing else works. It would seem unlikely as I'm quite sure I didn't install any CPU related(drivers or dual core optimizer) around the time it happened. 3) Yeah I'm going to try that when I get the time. Again, thanks for you time. EDIT: Yeah keeping just about all of the services closed doesn't remove a lot of threads... I just wanted you opinion on a thing. What kind of thing do you think could be causing this? Hardware all of sudden starting to fail(HDD/DVD-RW; or Periphirals) or an application I have installed? It happened without any hardware change would point to software... but it remaining after format would point to hardware? Maybe it's a file I have stored, which upon scanned by a services(or something... really just guessing) causes the error? Edited by Jackcolt - 14 April 2008 at 1:28pm |
|||
|
|||
|
molotov
Moderator Group
Joined: 04 October 2006 Online Status: Offline Posts: 17492 |
Post Options
Quote Reply
Posted: 14 April 2008 at 12:10pm |
||
|
I've poked around the dump quite a bit, but I haven't been able to come to any conclusions.
The thread is a worker thread. Multiple services may make use of it, but perhaps only one service is able to cause the worker thread to crash? Perhaps this thread will not exit in response to the stopping of a particular service. You may wish to further explore this approach to troubleshooting, ignoring the fact that the thread will not exit.
Does this mean that this specific thread stayed with the "original" netsvcs SVCHOST instance? The problem appears to be this line, in CRpcThread::WorkerLoop:
ESI is the pvParam passed to BaseThreadStart; ESI+8 contains 0. So, the instruction seems to be "call 0", which seems to get the thread into the situation that causes the crash - The instruction at "0x00000000" referenced memory at "0x00000000". The memory could not be "read" (Attempt to read from address 00000000) ESI doesn't contain any information that leads me to guess what pvParam may be / contain. It may contain an index into some cyclical queue that OLE / RPC worker threads pick work off of (speculation, of course).
So, where to go with this... In addition to the above discussion about stopping services, it may be worthwhile to try some of the below suggestions, one at a time...
0) If you run another chkdsk /r on your disks, are further errors reported?
1) Just a hunch, but I wonder if disabling the Themes service might have an impact on the problem.
2) One thought may be that this is a race condition. Would be interesting if you could use Process Explorer or Task Manager to set the affinity of the netsvcs SVCHOST instance to just one core. See how long you can run like that. Of course, this process (and any child processes) with many threads that would certainly seem to benefit from having another processor, would be only using one...
3) If neither of the above work, you might consider stopping / disabling as many unnecessary (for your usage) services that run in the NETSVCS instance, as you can. If you don't see any improvement, systematically begin isolating individual services into their own instance. Then, if that instance crashes, you would seem to have a good idea as to the service that is causing the problem. Don't worry about the faulting thread (ole32.dll!CRpcThreadCache::RpcWorkerThreadEntry) not appearing in the isolated service's SVCHOST instance - I would expect it to be created when / if it is required. (So, each instance of SVCHOST may have its own worker thread starting in ole32.dll!CRpcThreadCache::RpcWorkerThreadEntry.) Take careful notes, so you are able to back out of any changes you make.
Hopefully some of these ideas will prove worthwhile... Edited by molotov - 14 April 2008 at 12:10pm |
|||
|
Daily affirmation:
net helpmsg 4006 |
|||
|
|||
|
Jackcolt
Groupie
Joined: 01 April 2008 Location: Denmark Online Status: Offline Posts: 73 |
Post Options
Quote Reply
Posted: 13 April 2008 at 6:53am |
||
|
So it happened again. It's the longest run I've had before it crashed. It's really starting to get on my nerve.
Anyways, here is the full crash dump - I really hope you can find something. http://rapidshare.com/files/107155154/fulluser.rar |
|||
|
|||
|
Jackcolt
Groupie
Joined: 01 April 2008 Location: Denmark Online Status: Offline Posts: 73 |
Post Options
Quote Reply
Posted: 01 April 2008 at 2:07pm |
||
|
Well it seems it won't crash today... it might take a while as it's random... but usually it's once a day.
Anyways, I'll post when I get the full crash dump. Again, I thank you for using your time to help me. EDIT: I did some error checking on my two harddisks. My system harddisk had some index corruption, but they are fixed now. I don't suppose a corrupt index could cause this... specially because it still happens after a format. Unless an app creates that corruption. Guess time will tell. Edited by Jackcolt - 02 April 2008 at 9:23am |
|||
|
|||
|
molotov
Moderator Group
Joined: 04 October 2006 Online Status: Offline Posts: 17492 |
Post Options
Quote Reply
Posted: 01 April 2008 at 10:05am |
||
Small world...
Good to hear that it seems to have been helpful, or at least instructive.  Edited by molotov - 01 April 2008 at 10:07am |
|||
|
Daily affirmation:
net helpmsg 4006 |
|||
|
|||
|
Jackcolt
Groupie
Joined: 01 April 2008 Location: Denmark Online Status: Offline Posts: 73 |
Post Options
Quote Reply
Posted: 01 April 2008 at 10:01am |
||
|
I've configured Dr. Watson to make a full dump, and uploading to rapidshare will be no problem.
Now we will just have to wait. Again thanks for helping me. By the way, I actually just figured out that I've from your blog several times :D Your blog taught me how to isolate services. |
|||
|
|||
|
Post Reply
|
Page <1 6789> |
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
