aslaksen_h
asked on
Generic Host Process for Win32 Services has encountered a problem and needs to close on AV and Ad-Aware clean PC
Hi everybody,
I have a Dell Inspiron 600m laptop running Windows XP SP2 with Symantec AntiVirus, Symantec Client Firewall, Ad-Aware SE Professional and Ad-Watch SE Professional. I have scanned for viruses and windows update is up to date.
Over the last few days I've started getting the following message quite regularly:
Generic Host Process for Win32 Services has encountered a problem and needs
to close. We are sorry for the inconvenience.
szAppName : svchost.exe szAppVer : 5.1.2600.2180 szModName : ntdll.dll
szModVer : 5.1.2600.2180 offset : 00018fea
The machine starts up nicely, but the message either appears while I'm using IE, or when I'm leaving the computer alone. I'm usually able to close the apps, but sometimes I'm not able to shut down properly, and have to shut down by holding the power button down.
The boot up time has increased dramatically, too. I get the screen background quickly, but it takes more than a minute before the taskbar appears.
I vaguley remember that it occured once in a while in the past, but the last week it has started happening several days each day. I have not installed anything significant recently. If all else fails, I will start using system restore, but I'm a bit reluctant, because I'm not sure how far back to go.
I've looked at some of the suggestions on the web, but most of them apply to blaster or other virus problems, which I have already eliminated.
Thanks in advance!
Helmer
I have a Dell Inspiron 600m laptop running Windows XP SP2 with Symantec AntiVirus, Symantec Client Firewall, Ad-Aware SE Professional and Ad-Watch SE Professional. I have scanned for viruses and windows update is up to date.
Over the last few days I've started getting the following message quite regularly:
Generic Host Process for Win32 Services has encountered a problem and needs
to close. We are sorry for the inconvenience.
szAppName : svchost.exe szAppVer : 5.1.2600.2180 szModName : ntdll.dll
szModVer : 5.1.2600.2180 offset : 00018fea
The machine starts up nicely, but the message either appears while I'm using IE, or when I'm leaving the computer alone. I'm usually able to close the apps, but sometimes I'm not able to shut down properly, and have to shut down by holding the power button down.
The boot up time has increased dramatically, too. I get the screen background quickly, but it takes more than a minute before the taskbar appears.
I vaguley remember that it occured once in a while in the past, but the last week it has started happening several days each day. I have not installed anything significant recently. If all else fails, I will start using system restore, but I'm a bit reluctant, because I'm not sure how far back to go.
I've looked at some of the suggestions on the web, but most of them apply to blaster or other virus problems, which I have already eliminated.
Thanks in advance!
Helmer
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
>> It found two infected files, but it didn't give any details
not even told about the filenames or paths.... or the trojan\virus with which they are infected :-?
not even told about the filenames or paths.... or the trojan\virus with which they are infected :-?
ASKER
No! However, I must confess that I just installed Ad-Watch, and I'm having some trouble with the way it blocks pop ups, so if it tried to give me that info in a pop-up I may have missed it.
Helmer
Helmer
ASKER
Hi,
I decided to buy and install Trend PC-cillin Internet Security. Unfortunately, that led to blue screens with the following message
STOP 0x0000007f (0x00000008, 0x00000000, 0x00000000, 0x00000000)
In the end I gave up, uninstalled Trend and switched back to Symantec.
It seems to me that reinstalling Symantec Client Security solved the original problem (at least so far). However, it seems to me that a lot of problems over the past year have been related to Symantec, so I would like to switch to Trend.
I will start another question regarding the Trend problem.
Thanks!
Helmer
I decided to buy and install Trend PC-cillin Internet Security. Unfortunately, that led to blue screens with the following message
STOP 0x0000007f (0x00000008, 0x00000000, 0x00000000, 0x00000000)
In the end I gave up, uninstalled Trend and switched back to Symantec.
It seems to me that reinstalling Symantec Client Security solved the original problem (at least so far). However, it seems to me that a lot of problems over the past year have been related to Symantec, so I would like to switch to Trend.
I will start another question regarding the Trend problem.
Thanks!
Helmer
ASKER
Sorry, the error was
STOP 0x0000007f (0x00000008, 0x80042000, 0x00000000, 0x00000000)
STOP 0x0000007f (0x00000008, 0x80042000, 0x00000000, 0x00000000)
hmmmm may be you are not uninstalling Symantec completely from the system..... :-?
but let's see what we can do to solve this problem! :)
but let's see what we can do to solve this problem! :)
ASKER
Hi,
Good point! I'll put the comments in the new question, OK?
Helmer
Good point! I'll put the comments in the new question, OK?
Helmer
sure :)
Check your hardware memory (google for memcheck...).
Check all your background apps (use Security Task Manager for this http://www.neuber.com/taskmanager)
Inform about about svchost.exe (on http://file.net http://file.net/process/svchost.exe.html)
Check all your background apps (use Security Task Manager for this http://www.neuber.com/taskmanager)
Inform about about svchost.exe (on http://file.net http://file.net/process/svchost.exe.html)
Did Panda clean the files? Suggest MS AntiSpyware beta (2 anti spyware programs are much better than 1).. But it lookes like the a virus infection to me.. but try Hijack this http://www.spywareinfo.com/~merijn/files/hijackthis.zip and see if anything is out of the ordinary
post log here.. but this reminds me of MSBlaster virus/worm
Wouldn't have an HP printer btw would you?
post log here.. but this reminds me of MSBlaster virus/worm
Wouldn't have an HP printer btw would you?
ASKER
Hi,
Thanks for your comments. In the end I gave up, reformated, found a way to deal with the Trend problem (it was an incompatibiliby between the Intel wireless driver and the Cisco VPN). I think the old problem was a combination of a Symantec problem and possibly a virus that Symantec didn't detect.
By the way, yes, I have a HP printer. Why?
Helmer
Thanks for your comments. In the end I gave up, reformated, found a way to deal with the Trend problem (it was an incompatibiliby between the Intel wireless driver and the Cisco VPN). I think the old problem was a combination of a Symantec problem and possibly a virus that Symantec didn't detect.
By the way, yes, I have a HP printer. Why?
Helmer
For some reason, there is a problem with some HP printer software that is causing a DEP exception whch also shuts down the system. Took me a minute to figure out about your 'trend problem' AS far as symantec goes.. when it works it is great.. BUT when it doesn't.. it is a real pain to remove entirely and start from scratch. That and after starting from scratch, it seems like one must go to liveupdate too many times to count to get it updated. Symantec uninstall doesn't uninstall unfortunately and the Hindi tech support personell want $39.95US for everything that is covered on their cryptic website. Try searching for the product removal tool and not get a virus removal tool (in many languages) (I'm not impressed at all with Symantec, can you guess)
Of all the software that I've encountered, Symantec NIS when it installs and works it is great.. a failed install or an uninstal can cause enormous amounts of grief.. and at $50/hr (my billable cost) 3 hours wasted on hold or dealing with a person reading a script is not cost effective as the most I'm going to recieve is maybe $45 to fix the problem.
Of all the software that I've encountered, Symantec NIS when it installs and works it is great.. a failed install or an uninstal can cause enormous amounts of grief.. and at $50/hr (my billable cost) 3 hours wasted on hold or dealing with a person reading a script is not cost effective as the most I'm going to recieve is maybe $45 to fix the problem.
I experienced the same problem after installing an update via LiveReg to Norton's NIS 2003. Also, my virus definition subscription expired the day before... long story short, I had to remove the extra 512mb memory i installed on my laptop (hp pavilion zt1150, running winxphe sp1 version 2002 with all updates installed), then i deleted NIS, rolled back the system to before installing the latest LiveReg update, and now things seem to be working again.
Check this out.
urls.youthizens.com
urls.youthizens.com
I experienced the same problem after installing an update via LiveReg to Norton's NIS 2003.
For some reason, there is a problem with some HP printer software that is causing a DEP exception whch also shuts down the system. Took me a minute to figure out about your 'trend problem' AS far as symantec goes.. when it works it is great.. BUT when it doesn't.. it is a real pain to remove entirely and start from scratch. That and after starting from scratch, it seems like one must go to liveupdate too many times to count to get it updated.
Suggest MS AntiSpyware beta (2 anti spyware programs are much better than 1).. But it lookes like the a virus infection to me.. but try Hijack this http://www.softwaretohardware.com/archive/index.php/f-5.html and see if anything is out of the ordinary
post log here.. but this reminds me of MSBlaster virus/worm
For some reason, there is a problem with some HP printer software that is causing a DEP exception whch also shuts down the system. Took me a minute to figure out about your 'trend problem' AS far as symantec goes.. when it works it is great.. BUT when it doesn't.. it is a real pain to remove entirely and start from scratch. That and after starting from scratch, it seems like one must go to liveupdate too many times to count to get it updated.
Suggest MS AntiSpyware beta (2 anti spyware programs are much better than 1).. But it lookes like the a virus infection to me.. but try Hijack this http://www.softwaretohardware.com/archive/index.php/f-5.html and see if anything is out of the ordinary
post log here.. but this reminds me of MSBlaster virus/worm
My boot time has increased dramatically after mcafee scan, now receive a process error 0x7fc at 2044, and thread error 0x74c at 1868, win 2k os
SYMPTOMS
After you install security update 873333 (MS05-012), you experience the following problems:• You may receive the following error message after you start the computer:
Generic Host Process for Win32 Services Error
Note This problem only occurs in Microsoft Windows XP Service Pack 2 (SP2).
• File names are not displayed in e-mail messages that include file attachments when the following conditions are true:• The file name contains double-byte character set (DBCS) characters.
• The file name is longer than 42 characters.
Note This problem only occurs when the e-mail message format is Rich Text.
• An application that implements the IMallocSpy debugging interface may experience heap corruption after you install security update 873333. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
894194 An application that implements the IMallocSpy debugging interface may experience heap corruption after you install security update 873333
For more information about security release MS05-012, click the following article number to view the article in the Microsoft Knowledge Base:
873333 MS05-012: Vulnerability in OLE and COM could allow remote code execution
RESOLUTION : http://support.microsoft.com/default.aspx?scid=kb;en-us;894391
After you install security update 873333 (MS05-012), you experience the following problems:• You may receive the following error message after you start the computer:
Generic Host Process for Win32 Services Error
Note This problem only occurs in Microsoft Windows XP Service Pack 2 (SP2).
• File names are not displayed in e-mail messages that include file attachments when the following conditions are true:• The file name contains double-byte character set (DBCS) characters.
• The file name is longer than 42 characters.
Note This problem only occurs when the e-mail message format is Rich Text.
• An application that implements the IMallocSpy debugging interface may experience heap corruption after you install security update 873333. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
894194 An application that implements the IMallocSpy debugging interface may experience heap corruption after you install security update 873333
For more information about security release MS05-012, click the following article number to view the article in the Microsoft Knowledge Base:
873333 MS05-012: Vulnerability in OLE and COM could allow remote code execution
RESOLUTION : http://support.microsoft.com/default.aspx?scid=kb;en-us;894391
After installing the latest Microsoft security updates, you may receive a "Generic Host Process for Win32 Services Error", and file names for email attachments may not display correctly.
After the security fix that fixes MS05-012 (security update 873333) is installed, you may recieve the following issues:
* Generic Host Process for Win32 Services Error
* File names are not displayed in e-mail messages that include file attachments.
This only happens when:
* The file name contains double-byte character set (DBCS) characters
* The file name is longer than 42 characters
You may get these issues in the following operating systems:
* Windows 2000
* Windows XP
* Windows Server 2003
To fix this issue, follow the instructions in the following Microsoft KB article:
http://support.microsoft.com/default.aspx/kb/894391
After the security fix that fixes MS05-012 (security update 873333) is installed, you may recieve the following issues:
* Generic Host Process for Win32 Services Error
* File names are not displayed in e-mail messages that include file attachments.
This only happens when:
* The file name contains double-byte character set (DBCS) characters
* The file name is longer than 42 characters
You may get these issues in the following operating systems:
* Windows 2000
* Windows XP
* Windows Server 2003
To fix this issue, follow the instructions in the following Microsoft KB article:
http://support.microsoft.com/default.aspx/kb/894391
I've just encountered the exact same problem with DEP constantly popping up windows referencing svchost.exe. This was happening on two networked PCs. They were sharing an HP PSC 2510. One was connected directly and sharing, the other connected via the first PC.
The problem persisted until I removed "HP Software Update." When I removed this, I got three more of those DEP pop-up windows, then nothing. Didn't even have to reboot.
Oh, and changing boot.ini to /noexecute=AlwaysOff had no effect whatsoever. Typical of Microsoft, following their documented procedure to disable DEP DOES NOT WORK! Grrrrrrrr.
Both PCs are running Windows XP Pro with SP2. Both are virus free, and substantially spyware-free.
The problem persisted until I removed "HP Software Update." When I removed this, I got three more of those DEP pop-up windows, then nothing. Didn't even have to reboot.
Oh, and changing boot.ini to /noexecute=AlwaysOff had no effect whatsoever. Typical of Microsoft, following their documented procedure to disable DEP DOES NOT WORK! Grrrrrrrr.
Both PCs are running Windows XP Pro with SP2. Both are virus free, and substantially spyware-free.
ASKER
Thanks for your quick response. Right after I posted I decided to try Panda ActiveScan <http://www.pandasoftware.com/activescan/com/activescan_principal.htm>. It found two infected files, but it didn't give any details. I then tried trendmicro, and it came out clean. Will see if Panda solved the problem. If not, will try uninstalling and reinstalling Norton as you suggested.
Thanks!
Helmer