Techs-on-Call Computer Blog Keeping you informed about the world of computer issues

Recently, I cleaned a computer that was infected with two rootkits, one in the Master Boot Record (MBR) and the other that dread UAC rootkit. These rootkits were modifying files as they were executed or when the file performed some action it did not like. For example, on this person's computer, the rootkits corrupted McAfee files and would corrupt anti-malware scanners like HijackThis when it tried to scan. The MBR rootkit was very nasty. I actually had to use virtual Windows XP in my Windows 7 computer because RootRepeal was not fully compatible with Windows 7, which is all I have right now. After I successfully remove the rootkit, I had to do an in-place upgrade (commonly called a repair installation) of Windows XP to repair the damaged system files. After the in-place upgrade, I would receive the following message after every boot: (This is from the Event monitor)

Application popup: svchost.exe - Application Error : The instruction at "0x00cb06d1" referenced memory at "0x00000000". 
The memory could not be "written".

Event Type:	Information
Event Source:	Application Popup
Event Category:	None
Event ID:	26
Date:		8/28/2009
Time:		8:37:01 AM
User:		N/A
Computer:	*****
Description:
Application popup: svchost.exe - Application Error : The instruction at "0x00cb06d1" referenced memory at "0x00000000". 
The memory could not be "written".

Click on OK to terminate the program
Click on CANCEL to debug the program

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Of course, a quick Google search did not turn up anything related to svchost.exe and 00cb06d1. So I had to determine myself what was causing the problem. In this case. It was the Windows Image Acquisition service. Setting that service to manual caused this error to disappear. But what if your problem is slightly different but still involves the svchost.exe file? How do you fix the problem?

You must know that svchost.exe is an important Windows system file. It enables certain other Windows' activities by loading the data need for those activities into memory. Therefore, quite often svchost.exe is called automatically on startup. Looking at the Windows services list, you can get an idea of which one might be causing the problem. When this error occurs, do not click OK or CANCEL. Instead, look at the list of services [RUN -> services.msc in Windows XP, or just type service in the search box on the start menu in Windows Vista/7]. Find a service that says STARTING. Then click OK on the svchost.exe error window and then press F5 on the services window to refresh. If that service that once said STARTING now says nothing beside it, you found the problem. Use a search engine to find out how to repair that particular problem.