Strange problem

[enterman]

mk I keep getting these weird errors in vista ive nvr seen b4. They only come up once unless I reboot my comp. They come up at random times (sometimes 20min sometimes 6hours). This is what happens, 1st this 1 comes up (c Error 1) after clicking close the following comes up (c Error 2) when I click no after about 10 - 30 seconds windows will switch the theme to windows standard and if I go to change it back to Aero the list with themes has no aero in it or Vista Basic, just standard and below. The only way to get the comp back to normal is to restart it. Anyone ever seen this b4?

Error 1: Error 2:

Edited September 9, 2007 by enterman

[cluberti]

It sounds like the network services svchost.exe process is failing, and the Themes service (which runs in that svchost.exe process) is not restarting properly. When the problem occurs, and you're unable to run in Aero, can you chech to see if the Themes service is running or not?

[enterman]

It sounds like the network services svchost.exe process is failing, and the Themes service (which runs in that svchost.exe process) is not restarting properly. When the problem occurs, and you're unable to run in Aero, can you chech to see if the Themes service is running or not?

wo, u were right. When it happened I opened task manager and sure enough the theme service was stopped. I started it again and aero came right back on but non the less this is still an annoying issue. Any idea on how to fix this issue?

[cluberti]

wo, u were right. When it happened I opened task manager and sure enough the theme service was stopped. I started it again and aero came right back on but non the less this is still an annoying issue. Any idea on how to fix this issue?

Hard to say for sure yet, but let's get one thing fixed at a time . If it's not the themes service that's crashing the svchost.exe process, we can move it out temporarily to keep aero from dying on you by making a quick registry modification and a file copy:

1. In Windows Explorer, go to C:\Windows\system32\ and right-click the "svchost.exe" file there, and select "copy". Now, right-click an empty area somewhere else inside the C:\Windows\system32 folder and select "paste" to create a file called "copy of svchost.exe" - rename this file "svchost_themes.exe" (without the quotes, obviously).

2. In the registry, browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Themes, and double-click on the "ImagePath" value in the right-hand pane. Modify the current value (which should be "%SystemRoot%\System32\svchost.exe -k netsvcs") so that it reads "%SystemRoot%\System32\svchost_themes.exe -k netsvcs", and click "OK".

3. Reboot - this will move the "Themes" service into it's own svchost.exe process (now called svchost_themes.exe), so that if the svchost.exe process that keeps crashing does crash again, it won't take the Themes service down with it.

4. Now, download and install the debugging tools for windows, and install them to C:\Debuggers (take all other default options, just change the install path).

5. Create the directory C:\adplus.

6. Open a command prompt, and type the following command:

cscript adplus.vbs -crash -pn svchost.exe -quiet -o c:\adplus

This should attach the cdb.exe debugger to the svchost.exe process(es) running on your machine, and the next time one crashes, it should create data in C:\adplus that can be analyzed to see why the svchost.exe process is crashing.

[enterman]

I did what u said and everything worked out fine except for #6. I opened a command prompt, pasted "cscript adplus.vbs -crash -pn svchost.exe -quiet -o c:\adplus" (without the quotes) and I was greeted with a error which said: Input Error: Can not find script file "C:\Users\enterman\adplus.vbs". thx 4 ur help so far btw

EDIT: Just now a new error randomly came up, i didnt have time to take a screen of it but it said something like "IP Helper has closed" then the old host process error came up again but when I closed it this time aero stayed on (ty for that ).

Edited September 18, 2007 by cluberti

[cluberti]

EDIT: Just now a new error randomly came up, i didnt have time to take a screen of it but it said something like "IP Helper has closed" then the old host process error came up again but when I closed it this time aero stayed on (ty for that ).

Try this command:

cscript C:\debuggers\adplus.vbs -crash -pn svchost.exe -quiet -o C:\adplus (reboot before doing this, just to be safe).

[enterman]

EDIT: Just now a new error randomly came up, i didnt have time to take a screen of it but it said something like "IP Helper has closed" then the old host process error came up again but when I closed it this time aero stayed on (ty for that ).

Try this command:

cscript C:\debuggers\adplus.vbs -crash -pn svchost.exe -quiet -o C:\adplus (reboot before doing this, just to be safe).

alright that worked, ill report back when I have the chrash info thx

[enterman]

i uploaded everything that was added into the adplus folder after several crashes here: http://www.megaupload.com/?d=030OXSQZ

[cluberti]

Well, no dumps were created, only log files. Also, all the log files match up with running svchost.exe processes in the Process List file, so this captured no crashes. Can you try again and see if it generates any .dmp files next time? You may have to reboot and run the adplus command again.

[enterman]

sry ive taken so long 2 get back 2 u. Ive uped the dump file here: http://www.megaupload.com/?d=G92IT9ME

[enterman]

sry ive taken so long 2 get back 2 u. Ive uped the dump file here: http://www.megaupload.com/?d=G92IT9ME

anyone?

[cluberti]

Looks like it could be nvappfilter.dll (Nvidia network access manager) causing heap corruption (svchost crashes due to a debug breakpoint on a heapfree call on a heap that nvappfilter just wrote to, causing a status c0000374 - "STATUS_HEAP_CORRUPTION"):

0:047> .ecxr
eax=00000000 ebx=00000000 ecx=777b14cd edx=03e0f99d esi=01c50000 edi=01c59ec4
eip=777d2ea8 esp=03e0fbec ebp=03e0fc68 iopl=0		 nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000			 efl=00000206
ntdll!DbgBreakPoint:
777d2ea8 cc			  int	 3

0:047> kb
  *** Stack trace for last set context - .thread/.cxr resets it
ChildEBP RetAddr  Args to Child			  
03e0fbe8 7783f19c 03e02d22 01c59ec4 01c50000 ntdll!DbgBreakPoint
03e0fc68 7783fcef c0000374 7785cf50 03e0fcac ntdll!RtlReportCriticalFailure+0x2e
03e0fc78 7783fddd 00000002 03e02de6 00000000 ntdll!RtlpReportHeapFailure+0x21
03e0fcac 77802c89 00000009 01c50000 01c59ec4 ntdll!RtlpLogHeapFailure+0xa1
03e0fcd8 773d7a7e 01c50000 00000000 01c59ec4 ntdll!RtlFreeHeap+0x60
03e0fcec 10004f7c 01c50000 00000000 01c59ec4 kernel32!HeapFree+0x14
WARNING: Stack unwind information not available. Following frames may be wrong.
03e0fd74 77123891 00000c78 03e0fd90 773d7374 nvappfilter+0x4f7c
03e0fd94 6e23b372 00000c78 03681d5c 03e0fdb8 ws2_32!closesocket+0x85
03e0fda4 6e23aa4e 03681d5c 03681e28 03681d5c iphlpsvc!TeredoDestroySecondarySocket+0x2d
03e0fdb8 6e22cb94 03681d5c 03681488 03e0fddc iphlpsvc!DeviceStop+0x1f
03e0fdc8 6e23479c 03681d5c 00100002 03681488 iphlpsvc!TeredoStopDevice+0x21
03e0fddc 6e238807 03681488 777a3324 00000000 iphlpsvc!TeredoHibernateClient+0x53
03e0fdfc 6e238c18 00000001 777b371c 022e8da8 iphlpsvc!TeredoClientTimerCallbackUnderLock+0x180
03e0fe10 777a32fb 03e0fe70 03681488 022e8da8 iphlpsvc!TeredoClientTimerCallback+0x8d
03e0fe34 777fa2b8 03e0fe70 022e8e08 03e02e16 ntdll!TppTimerpExecuteCallback+0x14d
03e0ff5c 773d3833 002c66a8 03e0ffa8 777ca9bd ntdll!TppWorkerThread+0x522
03e0ff68 777ca9bd 002c66a8 03e02ee2 00000000 kernel32!BaseThreadInitThunk+0xe
03e0ffa8 00000000 777fa044 002c66a8 00000000 ntdll!_RtlUserThreadStart+0x23

I think enabling pageheap on this svchost.exe would be a good idea:

1. Download and install app verifier:

http://www.microsoft.com/downloads/details...;displaylang=en

2. Run app verifier, and select File > Add Application - type "svchost.exe" in the box (minus the quotes) and click "Open"

3. Select the "svchost.exe" image name from the list, and on the right hand side make sure everything is UNchecked under the "Basics" tree, then check the "Heaps" option.

4. Exit app verifier, and restart the computer.

5. Run the following command from a command prompt:

cscript C:\debuggers\adplus.vbs -crash -pn svchost.exe -quiet -o C:\adplus

The next time the issue occurs, adplus should generate another folder under C:\adplus, and this will hopefully catch the process or binary that actuallly corrupted the heap.

[enterman]

here u r: http://www.megaupload.com/?d=ZTIA87BS thx

[cluberti]

Neither of these dumps is of the process crashing, but terminating. We'll need to try again, it seems.

[shoguy]

I'd have to say I'm experiencing similar problems on Vista x64. I've gone through the steps of getting the debugger and whatnot setup so it's a matter of waiting at this point. Kinda like fishing although in this scenario the fish are jumping in the boat!

Here's a rundown of my hardware and drivers versions, maybe this will strike a cord with some folks.

Evga mobo with Nvidia 680i chipset. Running 15.08 driver package from nvidia, and P30 bios.

Geforce 8800Ultra. Running 163.69 (gone through several revisions of these and no luck)

SATA DVD Drive

2x SATA HD's in the Nvidia raid config (stripe)

When I get the dump I'll post it. I only have limited experience with the debugger. Only enough to get to the dump and see what's up. Hopefully someone can read more into it then I.

Thanks!