I'm still conviced the solution I posted is the correct solution, because my own office PC WinXP SP3 with 0 hotfix installed set as DMZ is hit by this problem too & the problem was solved by the KB958644 update.

You seemed to be concentrating on the "szAppName:svchost.exe or svchost.exe.mdmp" instead of the more obvious "szModName:netapi32.dll" module shown in the first screenshot.




The previous crash with the netapi32.dll attack 2 years ago causes some PC's Realtek sound driver to hang, & the whole WinXP theme to reverting to basic theme when the error box is closed.

This post has been edited by Hattori: Nov 5 2008, 08:55 PM

Having the latest patches would always be a good idea and might be related to this problem. The KB958644 patch is new and should definitely be installed to overcome the associated vulnerabilities. The previous patch link you had provided in the thread is for an older patch with netapi32.dll version that the topic starter already had installed. So having them install it again wasn't really helping. Running windows update to get everything up to date would be a good idea to see if it solves the problem. However attacks against netapi32.dll vulnerabilities should effect more services, specifically lanmanserver and any of the many other services that frequently run in the same svchost.exe process, not just a svchost full of third party services.