• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1616
  • Last Modified:

Generic Host Process for Win32 Services notice comes up each time I boot.

This message comes up and repeats typically 8-10 times each time I re-boot.  It does not occur when boot in Safe Mode.  I have downloaded the MS Hotfix for this problem but it does no good.  I have Trend PC-cillin as my antivirus protection, I use Spybot and Ad-Aware but they found nothing.  I have followed the threads of others in Experts-Excahnge but can find nothing that works for me.  Any ideas?
Nick 11-5-06
  • 13
  • 11
  • 10
  • +1
4 Solutions
Marc ZCommented:
What is the exact wording of the Notice that you receive?
What version of Windows?  XP Home or Pro SP2? Media Center?
Did you see this previous thread?
"Svchost.exe Application Error and Generic Host Process for Win32 Services has encountered a problem":

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

ncallinanAuthor Commented:
Thank you for your reply -  sorry for the delay in rplying but I am in a different time zone.  I have solved treh problem of the Generic Host Services message by turning off the DEP that was causing the  message.  I dont know why the problem occurred but I have at least stopped the message.

I had thought that the constant attempts by the program to work and the constant sutting down of the program by DEP was accounting for the very slow access I have to the computer and its files.  However, now I have solved the one problem, the other is still there.

The computer is taking ages to access programs and even longer to access files.  Sometimes a couple of minutes of the swinging flashlight as it looks for files.  Do you havre any leads on this?
Marc ZCommented:
Start with this.
Download and run Process Explorer to view what is using your Processes.  http://www.sysinternals.com/Utilities/ProcessExplorer.html

Then we'll Download and run Hijack This http://www.tomcoyote.org/hjt/
Post the log to this site, http://www.hijackthis.de/ hit Analyze, Save the analysis link and post the link's address here at EE.
That will give us 3 days to look at the log.
ncallinanAuthor Commented:
The HijackThis log is at the following address:

I ran the Process Explorer.  What do you want me to do with the results?

Marc ZCommented:

The hijack this that you linked to requires a Login which I do not want or use.  If you could paste it in the above hijackthis.de link and hit Analyze and then Save The Analysis and copy/paste THAT link here it would be helpful.

As far as Process Explorer, it's not really a run and look at results kind of program.  YOU have to watch it to see WHAT process is actually causing this "The computer is taking ages to access programs and even longer to access files."

So, start up Process Explorer, then do whatever you do to cause that swinging flashlight and watch Process Explorer.  What Process or Program seems to slow down your system?

How much free space on your hard drive?
ncallinanAuthor Commented:
Sorry for the misunderstanding.  Here is the result of the Analyze:


One explanation: the Polycom programs relate to a Skype USB speaker phone.

Looking at what seems to use the most CPU when I am trying toaccess files, the System Idle Process and procexp.exe are the stand out numbers.

Hope this helps.
Marc ZCommented:
System Idle is just what your computer is doing when it is not working.  The number should be relatively high until you really start doing something.

OK, to me, your hijackthis log looks pretty good except for the fact that you have a lot of programs starting up at boot up. This would certainly slow down boot up but it really shouldn't slow down accessing of files except for maybe a resident av shield or spyware resident shield.
You might want to take a look at some programs that show up in the Systray and see if you can stop them from loading on startup through their preferences or settings.
By the way, how much memory?

You're no doubt aware that often problems are caused by too many programs running unnecessarily in the background.  You could take a look at the SCU, select Start > Run and type MSCONFIG.   Select the Startup tab.
It's still *conceivable* that you have a virus problem.  You may wish to consider temporarily disabling your Trend PC-cillin antivirus protection and trying at least two of these free virus scanners.  No one scanner can guarantee finding & fixing everything:
Hello nca

(((((((Option 1)))))))))))

just to confirm, run this online virus scan >> http://housecall.trendmicro.com/
It will clean and remove the viruses, which case error

Generic Host Process Error at Startup

Generic Host Process, Win32 service - Geeks to Go!
(((((((((Option 3)))))))))

sure that nTCDMps.DLL is an undesirable program. Here is what I recommend:

(0) If you have XP Home Edition, first boot in safe mode.

(1) Right click on the file nTCDMps.DLL in Windows Explorer or My Computer, select Properties

(2) Click on the Security tab.

(3) Click on the Advanced button.

(4) Uncheck the box labeled "Inherit from Parent...", then click "Remove"

(5) Close all windows.

(6) Reboot.

This will render the file harmless and prevent it from running. It will give you time to clean up your system. (Note: Don't delete the dll yet, it may get recreated if you do).

Note: If you don't see the Security tab in file Properties, and you have XP Pro, go into Windows Explorer -> Tools -> Folder Options -> View and un-check the box labeled "Use Simple File Sharing..."

After doing the above, do a search in Regedit for E8DCB362-347B-4191-B9E0-8A8C12D2ED91. It will be interesting to see how that DLL was/is getting launched.


(((((((((((((((( Option 1 )))))))))))))))))

Svchost.exe" (Generic Host Process for Win32 Services) is an integral part of Windows OS. It cannot be stopped or restarted manually. It manages 32-bit DLLs and other services. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. In normal conditions multiple instances of Svchost.exe run at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.
The svchost.exe file is located in the c:\windows\System32 folder. In other cases, svchost.exe is a virus, spyware, trojan or worm!
Svchost is a generic host process that hosts services run from DLLs. During development, it's customary to separate new or changing services to increase the reliability and ease of troubleshooting; thus, on a beta OS version, you see more svchost processes running than on a release version.

To find out what's inside each copy of svchost.exe, use the Resource Kit Support Tools' tlist.exe (with the -s switch). (You need to install the Support Tools from \support\tools on your product CD-ROM; they don't install by default.) Below is sample output from the tlist command:
C:\>tlist -s
0 System Process
4 System
176 smss.exe
208 csrss.exe Title:
172 winlogon.exe Title: NetDDE Agent
256 services.exe Svcs: Eventlog,PlugPlay
268 lsass.exe Svcs: Netlogon,PolicyAgent,ProtectedStorage,SamSs
320 svchost.exe Svcs: RpcSs
420 svchost.exe Svcs: AudioSrv,Browser,CryptSvc,Dhcp,dmserver,
480 svchost.exe Svcs: Dnscache
500 svchost.exe Svcs: LmHosts,Messenger,RemoteRegistry,SSDPSRV,WebClient
544 spoolsv.exe Svcs: Spooler
660 DKService.exe Svcs: Diskeeper
800 svchost.exe Svcs: winmgmt
1092 explorer.exe Title: Program Manager
1244 ctfmon.exe Title:
900 ISATRAY.EXE Title: IsaTray
1344 NAVAPW32.EXE Title: Norton AntiVirus Auto-Protect
1212 FRONTPG.EXE Title: Microsoft FrontPage - D:\asp
428 NAVAPSVC.EXE Svcs: NAV Auto-Protect
1376 ALERTSVC.EXE Svcs: NAV Alert
1372 PowerDVD.exe Title: PowerDVD
444 OUTLOOK.EXE Title: Tasks - Microsoft Outlook
1268 msmsgs.exe Title:
1436 MDM.EXE Title: OleMainThreadWndName
632 WINWORD.EXE Title: DDE Server Window
1404 IEXPLORE.EXE Title: Q250320 - Description of Svchost.exe -
Microsoft Internet Explorer
1348 cmd.exe Title: E:\WINDOWS\System32\cmd.exe - tlist -s
1428 tlist.exe

Many services, drivers, and modules load at system startup and are essential to system operation. Even though they show up in Task Manager, they're still critical.

The svchosts are defined in the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost.

Similar issues :

((((((((((((((( option 2 )))))))))))))))))

Try this:

Hold down the keys CTRL and ALT with left hand and while holding them down tap the DEL key.  This brings up the task manager.   Select the processes tab. Hopefully the "Mem usage column is visible but if it is not configure it up from the options heading.

Now click on the heading until the heavy users come to the top.  Now, who is he memory hog, or which program
((((((((((((((( Option 3 )))))))))))))

I would recommend that you boot to Safe Mode and run all those programs repeatedly until each of them reports no detections.
Then run msconfig from the run dialog, under Services select Hide MS Services and disable all others. Disable all Startup items. Reboot and see what happens then.
You should also download Hijack This (prob best to enable your AV in msconfig and reboot first):
and run the log files through the following tools:
1. Boot into windows with non-MS services and startup items disabled
2. Enable 'Normal Startup' in msconfig but exit WITHOUT restarting.
3. Then run HJT and parse through above sites.
(((((((((((( option 4 ))))))))))))))))))

I have copied the article from my Windows Problems database below:

A Description of Svchost.exe in Windows XP
The information in this article applies to:
Microsoft Windows XP Professional

This article was previously published under Q314056
For a Microsoft Windows 2000 version of this article, see 250320.

This article describes Svchost.exe and its functions. Svchost.exe is a generic host process name for services that run from dynamic-link libraries (DLLs).
The Svchost.exe file is located in the %SystemRoot%\System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. Multiple instances of Svchost.exe can run at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can run, depending on how and where Svchost.exe is started. This allows for better control and easier debugging.

Svchost.exe groups are identified in the following registry key:

Each value under this key represents a separate Svchost group and is displayed as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service names that are extracted from the following registry key, whose Parameters key contains a ServiceDLL value:

To view the list of services that are running in Svchost:
Click Start on the Windows taskbar, and then click Run.
In the Open box, type CMD, and then press ENTER.
Type Tasklist /SVC, and then press ENTER.
Tasklist displays a list of active processes. The /SVC switch shows the list of active services in each process. For further information about a process, type the following command, and then press ENTER:
Tasklist /FI "PID eq processID" (with the quotation marks)

The following example of Tasklist output shows two instances of Svchost.exe that are running.
   Image Name         PID      Services
   System Process        0     N/A
   System                8     N/A    
   Smss.exe            132     N/A
   Csrss.exe           160     N/A
   Winlogon.exe        180     N/A
   Services.exe        208     AppMgmt,Browser,Dhcp,Dmserver,Dnscache,
   Lsass.exe            220    Netlogon,PolicyAgent,SamSs
   Svchost.exe          404    RpcSs
   Spoolsv.exe          452    Spooler
   Cisvc.exe            544    Cisvc
   Svchost.exe          556    EventSystem,Netman,NtmsSvc,RasMan,
   Regsvc.exe           580    RemoteRegistry
   Mstask.exe           596    Schedule
   Snmp.exe             660    SNMP
   Winmgmt.exe          728    WinMgmt
   Explorer.exe         812    N/A
   Cmd.exe             1300    N/A
   Tasklist.exe        1144    N/A
The registry setting for the two groupings for this example are as follows:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost:
Netsvcs: Reg_Multi_SZ: EventSystem Ias Iprip Irmon Netman Nwsapagent Rasauto Rasman Remoteaccess SENS Sharedaccess Tapisrv Ntmssvc
RApcss :Reg_Multi_SZ: RpcSs

Last Reviewed: 8/6/2002
Keywords: kbinfo KB314056
ncallinanAuthor Commented:
Thanks everyone for all the great advice. Please excuse a little delay as I process the information and try the fixes.  Not helped as I have some travel coming up.  I will be back as soon as I can.
ncallinanAuthor Commented:
I am now back where I can work on the problem, which has not gone away.  I am progressively trying various of the suggestions from the thread.  One think I do notice - watching the CPU usage while I hit My Computer (which takes a couple of minutes to produce the File structure) at all times the System Idle Process is running as the heaviest CPU user.  It is 99 most of the time dropping down to say 75 only for a second when Explorer or other programs kick in.  During the delay with the swinging torch, it is the only program using CPU.  Does this sound right?

Next fix i will try is the nTCDMps.DLL treatment suggested by jalilthe1.  The first word in his posting are missing - I assume he was saying "I am sure that nTCDMps.DLL is an undesirable program." although it could have been " I am not sure..."


   > at all times the System Idle Process is running as the heaviest CPU user < 
That's normal.  The System Idle Process is supposed to have a high CPU usage rate at idle. This process accounts for *unused* system time.

     > nTCDMps.DLL <
Yes, it appears undesirable.   See the suggestion by r-k  08/09/2005 in this previous E_E thread.
Took another look at your issue & noticed that there had been some confusion with r-k's excellent instructions in the last url. You may well have spotted it, but if not, note that it states that steps (1) to (6) are crucial in disabling the ntcdmps.dll file, whether you're running XP Home *or*  Pro.
Marc ZCommented:
Keep in mind also that the real result of that above EE thread is an actual reformat and reinstall of the system.

That may have to be your option also.

You turned off DEP, fully?
Marc ZCommented:
Do you know where your nTCDMps came from?  There is no reference to it out on the net other then in the above posting, that I can find.  Do you have the location on your system?

And when you are running ProcessExplorer, is ntcdmps or ntcdm running or showing any activity?
ncallinanAuthor Commented:
I booted in Safe Mode.  I then searched for nTCDMps using the most extensive options in "Look For" in "My Computer" (I have Windows XP Pro).  No finds.  In ProcessExplorer, there is no listing for either.  So I guess i will have to try other things.

As for DEP, I have clicked to turn off the only program listed in the check box, namely Generic Host Services.
Marc ZCommented:

I hope you don't mind, but could you rerun Hijack This and Copy Paste the log to Here.  The previous analysis from Hijackthis.de has expired and I can't reference it anymore.  
You can upload files relevant to a question using ee-stuff web site:
You must login using your EE user name and password to visit that page correctly. Login at http://www.ee-stuff.com/login.php  Then please copy paste the link here so I can see that log again.

By the way, nTCDMps may be a hidden file.
To view All Files and Folders
Open My Computer, select Tools->Folder Options, go to View Tab, under the Advanced Settings scroll down and select "Show Hidden files and Folders" and Uncheck "Hide Extensions for known File Types" and "Hide Protected Operating System Files (recommended)" then OK out of it.
Marc ZCommented:
One more quick question.  Is this your computer or a work computer?
ncallinanAuthor Commented:
It is my personal "work computer" in my one-man SOHO office - i.e. it is not connected to a company network.  I have a home network.  I do connect to hotel networks when travelling - usually with an ethernet connection rather than wireless - but the problem started without my doing so.
I had already done the thing with hidden files and there is no record of the files.  The only name similar is "ntdtcsetup.log" in case this is of interest.
I will do the Hijack This routine as requested and paste the link.
ncallinanAuthor Commented:
Marc ZCommented:
So you are your own IT person.  No problem.

Your hijackthis log looks clean.

One thing, you mentioned you do have a home network.  By any chance, do you have any Networked Drives?  It is possible that your system is just trying to confirm whether or not you are hooked up to the network and trying to access or search those available drives or printers.

You could try going in to those Folder Options again and this time Uncheck the first one under Advanced - "Automatically search for Network Folders and Printers."

Anything interesting in the "ntdtcsetup.log" ?
ncallinanAuthor Commented:
You got it!  An amateur IT guy - that's why I am asking the Experts!  I must say I have learned a lot in the exercise.

I have done the Folder Options and unchecked the Automatically search for Network Folders and Printers.  I do have a networked printer but no networked drive as such, although there is a backup drive attached to one comuter in the network (three total).  

The My Computer access takes 35-40 seconds to show files and then a further delay if I immediately click on a folder to show sub -folders , although, if I wait for half a minute or so before clicking on sub-folders, there is no delay.  Also, periodically, programs hang for about the same time before resuming.  This often happens when I am switching programs or saving a file.

THe ndtcsetup.log is very long.  I have attached only the contents of the last entry.  It means nothing to me as I dont know what it does.

DTC Setup[3:54:6]: Setup started - [DATE:11,12,2006 TIME: 03:54 pm]
DTC Setup[3:54:6]: ********************************************************************************
DTC Setup[3:54:6]: Start OC_INIT_COMPONENT Component = dtc
DTC Setup[3:54:6]: INF VERSION (dtc) = 2001,12,4414,42
DTC Setup[3:54:6]: Instantiating CMasterNT5Wks
DTC Setup[3:54:6]: Installed DTC product version =
DTC Setup[3:54:6]: DTC Installation Mode = MAINTENANCE
DTC Setup[3:54:6]: DTC Maintnenance Mode = ADD_REMOVE
DTC Setup[3:54:6]: End OC_INIT_COMPONENT Return Value = 0
DTC Setup[3:54:8]: Start OC_QUERY_STATEComponent = dtc Subcomponent = dtc
DTC Setup[3:54:8]: Subcomponent dtc state: O-,C-,R+
DTC Setup[3:54:8]: End OC_QUERY_STATE Return Value = 0
DTC Setup[3:54:9]: Start OC_QUERY_CHANGE_SEL_STATE Component = dtc Subcomponent = dtc
DTC Setup[3:54:9]: Subcomponent dtc state: O+,C+,R+
DTC Setup[3:54:9]: End OC_QUERY_CHANGE_SEL_STATE Return Value = 1
DTC Setup[3:54:9]: Start OC_QUERY_CHANGE_SEL_STATE Component = dtc Subcomponent = dtc
DTC Setup[3:54:9]: Subcomponent dtc state: O+,C+,R+
DTC Setup[3:54:9]: End OC_QUERY_CHANGE_SEL_STATE Return Value = 1
DTC Setup[3:54:10]: Start OC_CALC_DISK_SPACE Component = dtc Subcomponent = dtc
DTC Setup[3:54:10]: End OC_CALC_DISK_SPACE Return Value = 0
DTC Setup[3:54:11]: Start OC_QUEUE_FILE_OPS Component = dtc Subcomponent =
DTC Setup[3:54:11]: End OC_QUEUE_FILE_OPS Return Value = 0
DTC Setup[3:54:11]: Start OC_QUEUE_FILE_OPS Component = dtc Subcomponent = dtc
DTC Setup[3:54:11]: Subcomponent dtc state: O+,C+,R+
DTC Setup[3:54:11]: DRID-39105  -> Path: C:\Documents and Settings\All Users\Start Menu\Programs\
DTC Setup[3:54:11]: End OC_QUEUE_FILE_OPS Return Value = 0
DTC Setup[3:54:11]: Start OC_QUERY_STEP_COUNT Component = dtc Subcomponent =
DTC Setup[3:54:11]: End OC_QUERY_STEP_COUNT Return Value = 0
DTC Setup[3:54:11]: Start OC_QUERY_STEP_COUNT Component = dtc Subcomponent = dtc
DTC Setup[3:54:11]: End OC_QUERY_STEP_COUNT Return Value = 0
DTC Setup[3:54:11]: Start OC_ABOUT_TO_COMMIT_QUEUE Component = dtc Subcomponent =
DTC Setup[3:54:11]: No PendingFileRenameOperations
DTC Setup[3:54:11]: End OC_ABOUT_TO_COMMIT_QUEUE Return Value = 0
DTC Setup[3:54:12]: Start OC_ABOUT_TO_COMMIT_QUEUE Component = dtc Subcomponent = dtc
DTC Setup[3:54:12]: Subcomponent dtc state: O+,C+,R+
DTC Setup[3:54:12]: End OC_ABOUT_TO_COMMIT_QUEUE Return Value = 0
DTC Setup[3:54:14]: Start OC_COMPLETE_INSTALLATION Component = dtc Subcomponent =
DTC Setup[3:54:14]: No PendingFileRenameOperations
DTC Setup[3:54:14]: End OC_COMPLETE_INSTALLATION Return Value = 0
DTC Setup[3:54:14]: Start OC_COMPLETE_INSTALLATION Component = dtc Subcomponent = dtc
DTC Setup[3:54:14]: Subcomponent dtc state: O+,C+,R+
DTC Setup[3:54:14]: End OC_COMPLETE_INSTALLATION Return Value = 0
DTC Setup[3:54:14]: Start OC_QUERY_STATEComponent = dtc Subcomponent = dtc
DTC Setup[3:54:14]: Subcomponent dtc state: O+,C+,R+
DTC Setup[3:54:14]: End OC_QUERY_STATE Return Value = 0
DTC Setup[3:54:18]: Start OC_CLEANUP Component = dtc
DTC Setup[3:54:18]: End OC_CLEANUP Return Value = 0
DTC Setup[3:54:18]: ********************************************************************************
DTC Setup[3:54:18]: Setup finished - [DATE:11,12,2006 TIME: 03:54 pm]
Marc ZCommented:
I have the same ndtcsetup.log file on my system.  After looking at it a little bit, I believe it has something to do with Windows Updates.  Although My last file date was 11/02/2006 and I ran a windows update today to check and no change, although in my System Event Viewer, I did come across an update with the same time frame as my log.  I think this is a file we don't have to worry about.

Now, I haven't seen the nTCDMps.DLL  that we saw in the first Hijackthis log so I'm going to research this a little differently.
Marc ZCommented:
Is it just as slow if you disable the PC-Cillin?
Marc ZCommented:
Programs take longer than expected to start in Windows XP
From your HijackThis log (requested by mtz1of4) you appear to be running Internet Explorer7.
Did the problem arise at about the time of your IE upgrade?  
A particular version of IE 7 has been shown to be the reason for file/folder opening "sluggishness".  You may wish to consider temporarily uninstalling it, as it could be the possible cause of  your problem.
Hopefully you will not require this suggestion though if it's relevant, it's worth perusing Merete's comments dated 11/01/2006 03:58 G >>

"Unable to uninstall IE7 per MS instructions":
ncallinanAuthor Commented:
Got the succer!!  I have found the problem.  It was a HP printer program.  I tried to scan a document and the HP Director program wouldn't run.  After trying everything, I uninstalled all HP programs and then reloaded.  My Computer file acces problem was gone.

Many thanks to all of you who spent time helping me.  I learnt a lot.
You're welcome.  Thanks for the feedback, hopefully it'll help others with a similar problem.

As you appear to have answered the question yourself (and if the other guys agree?), you can retrieve your points.
Take a look at this link under the heading "I answered my question myself. What do I do?":
Then refer to this thread "Operating_Systems/WinXP/Q_22049623.html#a17959170", and ask for a refund posting a 0 points question here:
Marc ZCommented:
No objections from me.
ncallinanAuthor Commented:
I do not want to retreive my points.  As I said, I have learned a lot about the computer's operation and how to look at problems from you all.  I appreciate the time everyone took in pursuing my problem.  I will possibly use that knowledge in the future to solve another problem.  So consider my points as reward for that future solution.  Let me know what to do next.  -  Nick

We appreciate that, thank you!  
Well it's fairly straightforward if you select this next link & take a look under sub-heading   "More than one Expert helped solve my problem. What do I do?".    
If you have any problems don't hesitate to contact one of us again:

Thank you.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 13
  • 11
  • 10
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now