Solved

Generic Win32 Host / SVChost Errors

Posted on 2007-04-04
7
750 Views
Last Modified: 2012-06-27
I have a laptop running Windows XP SP2, just recently I noticed that whenever I boot the machine I get a Generic Win32 error message and a svchost error message. I have run several spyware checks and virus scans with no luck. Looking into the Event logs it appears that my Generic Host failure is caused by a Service Control Manager Event ID: 7032. There's little information regarding the svchost other than it simply failed.

Any ideas?
0
Comment
Question by:dowhatyoudo22
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 500 total points
ID: 18850038
There has been a few cases that svchost errors are caused by windows auto-update software.
Try turning off auto-updates, reboot, and do a manual updates, then turn auto-updates back on again and see if that helps.

Some threads here with svchost.exe errors.
http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/Desktop_Anti-Virus/Q_22457701.html
0
 

Author Comment

by:dowhatyoudo22
ID: 18850051
Here is a copy of my Hijackthis log:



Logfile of HijackThis v1.99.1
Scan saved at 8:43:47 AM, on 4/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\1E\SMSWakeup40\minislv.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
c:\program files\verizon wireless\vzaccess manager\venturi\Client\ventc.exe
C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\SgLogPlayer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Mdavies\LOCALS~1\Temp\Temporary Directory 1 for hijackthis_199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://infosource.hrh.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://infosource.hrh.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by HRH of Metro Washington
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SgeEcView] "C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe"
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 3.0\\RegistryController.exe"
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EdWizard] "C:\Program Files\Utimaco\SafeGuard Easy\EdWizard.exe" as
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://infosource.hrh.com
O15 - Trusted Zone: http://www.sagitta-online.com
O15 - Trusted Zone: http://*.travelers.com
O15 - Trusted Zone: http://*.travelerspc.com
O15 - Trusted Zone: http://www.sagitta-online.com (HKLM)
O15 - Trusted Zone: http://*.travelers.com (HKLM)
O15 - Trusted Zone: http://*.travelerspc.com (HKLM)
O16 - DPF: {0006F063-0000-0000-C000-000000000046} (Microsoft Office Outlook View Control) - https://wp4.sagitta-online.com/hrhma/Sagitta/active/outlctlx.CAB
O16 - DPF: {133FB0BC-5EB8-11D2-AA17-00104B0753B3} (Artizan.Artiload) - https://wp4.sagitta-online.com/hrhma/Sagitta/active/Artiload.CAB
O16 - DPF: {16A31F60-60A4-4E06-A23F-0F7682A6A2C9} (AMSIDvalet.IDbot) - https://wp4.sagitta-online.com/hrhma/Sagitta/active/AMSIDvalet.CAB
O16 - DPF: {16AF6C10-0D0A-4B65-8866-ABE32D26F256} (AmsInet Control) - https://wp4.sagitta-online.com/hrhma/Sagitta/active/AMSInet.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {42B9A659-1A02-11D3-A58E-00104B0753B3} (PageMaster.Controler) - https://wp4.sagitta-online.com/hrhma/Sagitta/active/PageMaster.CAB
O16 - DPF: {44705D5B-A145-11D4-9DD0-00805F010928} (GetWord.AMSDocument) - https://wp4.sagitta-online.com/hrhma/Sagitta/active/GetWord.CAB
O16 - DPF: {4EEE32DD-0DA0-11D1-9716-0000C0C9767A} (SeaReach 3.0 Application Object) - https://eforms65.sagitta-online.com/AMSeForms/rakis.cab
O16 - DPF: {51562FAD-DC70-11D2-BFF0-00105A97F884} (AMSCopyMergeControl.AMSCopyMerge) - https://wp4.sagitta-online.com/hrhma/Sagitta/active/AMSCopyMerge.CAB
O16 - DPF: {629F093A-068F-48BE-B8F7-C510302F6AE2} (AeFHistCtrl.AeFHisFrm) - https://eforms65.sagitta-online.com/AMSeForms/AeFHist.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172872757365
O16 - DPF: {7823A620-9DD9-11CF-A662-00AA00C066D2} (PopupMenu Object) - https://eforms65.sagitta-online.com/AMSeForms/iemenu.cab
O16 - DPF: {943FDFA6-C7FE-11D2-AA17-3C3A09C10000} (AMSTransfer.main) - https://wp4.sagitta-online.com/hrhma/Sagitta/active/AMSTransfer.CAB
O16 - DPF: {A1B77D23-31EE-11D2-AA17-00104B0753B3} (asynchtree.tree) - https://wp4.sagitta-online.com/hrhma/Sagitta/active/asynchtree.CAB
O16 - DPF: {C4DD002B-53B1-11D2-AA17-00104B0753B3} (AsynchGrid.Grid) - https://wp4.sagitta-online.com/hrhma/Sagitta/active/AsynchGrid.CAB
O16 - DPF: {C87910BF-030D-4D9D-B1D9-A17936F3A863} (AMSEXInt.SagExCtl) - https://wp4.sagitta-online.com/hrhma/Sagitta/active/AMSEXInt.CAB
O16 - DPF: {D2152F13-9949-4A3A-9DDD-4E62BCD3862E} (AeFEmailProject.AeFEmailControl) - https://eforms65.sagitta-online.com/AMSeForms/aefem.cab
O16 - DPF: {DF29403F-0E3C-46D2-9035-5CE999EFC10F} (AeFPrintDialog Control) - https://eforms65.sagitta-online.com/AMSeForms/amseforms.cab
O16 - DPF: {E5F3552D-6AEC-11D0-A8A1-0000C0B3632C} (LanYard 3.0 Application Object) - https://eforms65.sagitta-online.com/AMSeForms/rakis.cab
O16 - DPF: {E64DAB43-9B91-11D4-A857-00C04F21F657} (Skylon 1.0 Application Object) - https://eforms65.sagitta-online.com/AMSeForms/rakis.cab
O16 - DPF: {EDF59A80-77FB-4368-920E-27904A98172D} (AeFClCtrl.AeFFormsCl) - https://eforms65.sagitta-online.com/AMSeForms/amseforms.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4999/mcfscan.cab
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - https://eforms65.sagitta-online.com/AMSeForms/ikmenu.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = midatl.hrh.com
O17 - HKLM\Software\..\Telephony: DomainName = midatl.hrh.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = midatl.hrh.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = midatl.hrh.com
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: NotLog - C:\WINDOWS\SYSTEM32\SGLogEx.dll
O20 - Winlogon Notify: SGLogNotification - C:\WINDOWS\SYSTEM32\SGLogNotification.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: minislv - 1E Ltd - C:\Program Files\1E\SMSWakeup40\minislv.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SafeGuard Easy Control (SgeCtl) - Utimaco Safeware AG - C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
O23 - Service: SafeGuard SGLOG  Player (SgLogPlayer) - Utimaco Safeware AG - C:\WINDOWS\system32\SgLogPlayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Venturi Client (Venturi2) - Venturi Wireless - c:\program files\verizon wireless\vzaccess manager\venturi\Client\ventc.exe
O23 - Service: SafeGuard Easy Workstation Server (WksCfgSrv) - Utimaco Safeware AG - C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe

0
 
LVL 28

Expert Comment

by:burrcm
ID: 18850068
I would type this - Service Control Manager Event ID: 7032 - into Google and check for issues relating to programs you have installed. These can be difficult to pin down as the svchost processes have sub processes running below them any of which may have the real problem. A really useful tool is Process Explorer. It doesn't require installation, just run it to see the normally hidden details -
http://www.microsoft.com/technet/sysinternals/utilities/ProcessExplorer.mspx

Chris B
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 12

Expert Comment

by:ibu1
ID: 18850074
0
 

Author Comment

by:dowhatyoudo22
ID: 18850238
Ok, I've restarted the laptop about five times now (after turning off automatic updates) and I have yet to see the problem occur. However, I have another problem now. This laptop is on a domain and talks to its SMS services for updates, I'm affraid that turning and leaving automatic updates off may have fixed this problem but what about pulling updates?
0
 
LVL 28

Expert Comment

by:burrcm
ID: 18850351
I have seen updates cause issues if the time on the server is more than a few seconds different to the workstation. Try this at a command prompt or run line - net time \\<your domain server> /set /y

Chris B
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 18862980
Thanks for the points!

After pulling updates manually, and if the problem comes back when you turn auto-updates on, I'm afraid you'll be doing it manually till MS comes up with something on how to fix the issue.
I'm not sure if they have an answer to the auto-updates problem yet.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

There are 2 things you must have in order to connect to the internet behind a router, The "Gateway IP" of the router, which is usually something like 192.168.xxx.1, I've seen routers with default values of: 192.168.0.1, 192.168.1.1, 192.168.11.1, …
Migration of Exchange mailbox can be done with the ExProfre.exe tool. But at times, when the ExProfre.exe tool migrates the Exchange Server user profile, it results in numerous synchronization problems. Synchronization error messages appear in the e…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now