asked on

Generic Win32 Host / SVChost Errors

I have a laptop running Windows XP SP2, just recently I noticed that whenever I boot the machine I get a Generic Win32 error message and a svchost error message. I have run several spyware checks and virus scans with no luck. Looking into the Event logs it appears that my Generic Host failure is caused by a Service Control Manager Event ID: 7032. There's little information regarding the svchost other than it simply failed.

Any ideas?

ASKER CERTIFIED SOLUTION

rpggamergirl

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

dowhatyoudo22

ASKER

Here is a copy of my Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 8:43:47 AM, on 4/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\1E\SMSWakeup40\minislv.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
c:\program files\verizon wireless\vzaccess manager\venturi\Client\ventc.exe
C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\SgLogPlayer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Mdavies\LOCALS~1\Temp\Temporary Directory 1 for hijackthis_199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://infosource.hrh.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://infosource.hrh.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by HRH of Metro Washington
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SgeEcView] "C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe"
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 3.0\\RegistryController.exe"
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EdWizard] "C:\Program Files\Utimaco\SafeGuard Easy\EdWizard.exe" as
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://infosource.hrh.com
O15 - Trusted Zone: http://www.sagitta-online.com
O15 - Trusted Zone: http://*.travelers.com
O15 - Trusted Zone: http://*.travelerspc.com
O15 - Trusted Zone: http://www.sagitta-online.com (HKLM)
O15 - Trusted Zone: http://*.travelers.com (HKLM)
O15 - Trusted Zone: http://*.travelerspc.com (HKLM)
O16 - DPF: {0006F063-0000-0000-C000-000000000046} (Microsoft Office Outlook View Control) - https://wp4.sagitta-online.com/hrhma/Sagitta/active/outlctlx.CAB
O16 - DPF: {133FB0BC-5EB8-11D2-AA17-00104B0753B3} (Artizan.Artiload) - https://wp4.sagitta-online.com/hrhma/Sagitta/active/Artiload.CAB
O16 - DPF: {16A31F60-60A4-4E06-A23F-0F7682A6A2C9} (AMSIDvalet.IDbot) - https://wp4.sagitta-online.com/hrhma/Sagitta/active/AMSIDvalet.CAB
O16 - DPF: {16AF6C10-0D0A-4B65-8866-ABE32D26F256} (AmsInet Control) - https://wp4.sagitta-online.com/hrhma/Sagitta/active/AMSInet.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {42B9A659-1A02-11D3-A58E-00104B0753B3} (PageMaster.Controler) - https://wp4.sagitta-online.com/hrhma/Sagitta/active/PageMaster.CAB
O16 - DPF: {44705D5B-A145-11D4-9DD0-00805F010928} (GetWord.AMSDocument) - https://wp4.sagitta-online.com/hrhma/Sagitta/active/GetWord.CAB
O16 - DPF: {4EEE32DD-0DA0-11D1-9716-0000C0C9767A} (SeaReach 3.0 Application Object) - https://eforms65.sagitta-online.com/AMSeForms/rakis.cab
O16 - DPF: {51562FAD-DC70-11D2-BFF0-00105A97F884} (AMSCopyMergeControl.AMSCopyMerge) - https://wp4.sagitta-online.com/hrhma/Sagitta/active/AMSCopyMerge.CAB
O16 - DPF: {629F093A-068F-48BE-B8F7-C510302F6AE2} (AeFHistCtrl.AeFHisFrm) - https://eforms65.sagitta-online.com/AMSeForms/AeFHist.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172872757365
O16 - DPF: {7823A620-9DD9-11CF-A662-00AA00C066D2} (PopupMenu Object) - https://eforms65.sagitta-online.com/AMSeForms/iemenu.cab
O16 - DPF: {943FDFA6-C7FE-11D2-AA17-3C3A09C10000} (AMSTransfer.main) - https://wp4.sagitta-online.com/hrhma/Sagitta/active/AMSTransfer.CAB
O16 - DPF: {A1B77D23-31EE-11D2-AA17-00104B0753B3} (asynchtree.tree) - https://wp4.sagitta-online.com/hrhma/Sagitta/active/asynchtree.CAB
O16 - DPF: {C4DD002B-53B1-11D2-AA17-00104B0753B3} (AsynchGrid.Grid) - https://wp4.sagitta-online.com/hrhma/Sagitta/active/AsynchGrid.CAB
O16 - DPF: {C87910BF-030D-4D9D-B1D9-A17936F3A863} (AMSEXInt.SagExCtl) - https://wp4.sagitta-online.com/hrhma/Sagitta/active/AMSEXInt.CAB
O16 - DPF: {D2152F13-9949-4A3A-9DDD-4E62BCD3862E} (AeFEmailProject.AeFEmailControl) - https://eforms65.sagitta-online.com/AMSeForms/aefem.cab
O16 - DPF: {DF29403F-0E3C-46D2-9035-5CE999EFC10F} (AeFPrintDialog Control) - https://eforms65.sagitta-online.com/AMSeForms/amseforms.cab
O16 - DPF: {E5F3552D-6AEC-11D0-A8A1-0000C0B3632C} (LanYard 3.0 Application Object) - https://eforms65.sagitta-online.com/AMSeForms/rakis.cab
O16 - DPF: {E64DAB43-9B91-11D4-A857-00C04F21F657} (Skylon 1.0 Application Object) - https://eforms65.sagitta-online.com/AMSeForms/rakis.cab
O16 - DPF: {EDF59A80-77FB-4368-920E-27904A98172D} (AeFClCtrl.AeFFormsCl) - https://eforms65.sagitta-online.com/AMSeForms/amseforms.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4999/mcfscan.cab
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - https://eforms65.sagitta-online.com/AMSeForms/ikmenu.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = midatl.hrh.com
O17 - HKLM\Software\..\Telephony: DomainName = midatl.hrh.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = midatl.hrh.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = midatl.hrh.com
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: NotLog - C:\WINDOWS\SYSTEM32\SGLogEx.dll
O20 - Winlogon Notify: SGLogNotification - C:\WINDOWS\SYSTEM32\SGLogNotification.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: minislv - 1E Ltd - C:\Program Files\1E\SMSWakeup40\minislv.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SafeGuard Easy Control (SgeCtl) - Utimaco Safeware AG - C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
O23 - Service: SafeGuard SGLOG Player (SgLogPlayer) - Utimaco Safeware AG - C:\WINDOWS\system32\SgLogPlayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Venturi Client (Venturi2) - Venturi Wireless - c:\program files\verizon wireless\vzaccess manager\venturi\Client\ventc.exe
O23 - Service: SafeGuard Easy Workstation Server (WksCfgSrv) - Utimaco Safeware AG - C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe

Chris B

I would type this - Service Control Manager Event ID: 7032 - into Google and check for issues relating to programs you have installed. These can be difficult to pin down as the svchost processes have sub processes running below them any of which may have the real problem. A really useful tool is Process Explorer. It doesn't require installation, just run it to see the normally hidden details -
http://www.microsoft.com/technet/sysinternals/utilities/ProcessExplorer.mspx

Chris B

Ibrahim Bazarwala

http://support.microsoft.com/kb/821690

dowhatyoudo22

ASKER

Ok, I've restarted the laptop about five times now (after turning off automatic updates) and I have yet to see the problem occur. However, I have another problem now. This laptop is on a domain and talks to its SMS services for updates, I'm affraid that turning and leaving automatic updates off may have fixed this problem but what about pulling updates?

Chris B

I have seen updates cause issues if the time on the server is more than a few seconds different to the workstation. Try this at a command prompt or run line - net time \\<your domain server> /set /y

Chris B

rpggamergirl

Thanks for the points!

After pulling updates manually, and if the problem comes back when you turn auto-updates on, I'm afraid you'll be doing it manually till MS comes up with something on how to fix the issue.
I'm not sure if they have an answer to the auto-updates problem yet.