Generic host process for win32 services has encountered a problem and needs to close.

no problem, thanks

 

Actually, something interesting I've just noticed is that straight after a fresh restart, if I look in my task manager, there are several instances of "svchost.exe." This has always been the case, however, if I click "end process" on this one particular instance, it produces the same message that you'd see from the old "W32.Blaster.Worm" virus. The "RPC DCOM blah blah your PC will shutdown in 0:45 seconds" etc. The svchost.exe I end which triggers this is usually around the 4700k memory usage mark.

Is this normal? Would this happen on an un-infected computer?

highlighted is the instance which, if closed, will trigger the shutdown message.

 

oh, I might as well add that if I go to the command prompt and type "tasklist" it produces the error:

"ERROR: The RPC server is unavailable "

(I realise I might be barking up the wrong tree here but I figured I'd add it just in case it saves some time)

 

Hi Alex

Thanks, The more info we can get the better

Did you install this program?
CPU Z
cpuz: \??\C:\DOCUME~1\Alex1\LOCALS~1\Temp\Rar$EX19.875\c puz.sys (manual start)

It seems to monitor CPU usage among other things.

Geri

 

CPU Z? not that I'm aware of...

 

Hi Alex
Please go to this page and see if you recognize it...
http://www.cpuid.com/cpuz.php

And here is a screen shot... ( Click on screen shot right side of page)
http://www.majorgeeks.com/download425.html

If you did not install it, look for it in add/remove programs.
Don't know if this could be causing your problem, but if anything it is slowing your computer down.

Let me check on a few things before uninstalling it.
Geri

 

Hi Alex
Lets do a online scan just for a second precaution.

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Geri

 

Alex
Lets also run a search on svchost.
Click on start, search, search files and folders. type in svchost click find.
Lets make sure they are all in the correct file paths.
(see attachment below)

Let me know if there is a different file path with any of them.
Geri

 

Hi,
I started a thread about the same subject today, not realizing that this one was here. I'm desparate!!

I did that search you said to do and this is what I came up with:

SVCHOST.EX_

(the icon next to it was a coloured circle)

I've done everything over the last couple of days to try and get rid of whatever it is that keeps shutting my internet down.

dalaner

 

Here's the scan from Panda Scan:


Incident Status Location

Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Possible Virus. Not disinfected C:\WINDOWS\Downloaded Installations\{C32ACEF8-937B-40BC-84B0-FB81EE655AB4}\Sunbelt CounterSpy.msi[unk_0076]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\xefelctr.default\cookies.txt[.cdfreaks.com/]
Spyware:Cookie/Versiontracker Not disinfected C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\xefelctr.default\cookies.txt[.versiontracker.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\xefelctr.default\cookies.txt[adserver.filefront.com/]
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\xefelctr.default\cookies.txt[fe.lea.lycos.de/]
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\xefelctr.default\cookies.txt[fe.lea.lycos.fr/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\f07bk2gh.Alex\cookies.txt[.adopt.hbmediapro.com/]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Alex1\Desktop\SmitfraudFix\Process.exe
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Alex1\Cookies\alex1@atdmt[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Alex1\Cookies\alex1@bs.serving-sys[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Alex1\Cookies\alex1@serving-sys[2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Alex1\Cookies\alex1@counter3.sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Alex1\Cookies\alex1@sextracker[2].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Alex1\Cookies\alex1@cs.sexcounter[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Alex1\Cookies\alex1@2o7[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Alex1\Application Data\Mozilla\Firefox\Profiles\uwl7f72z.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Alex1\Application Data\Mozilla\Firefox\Profiles\uwl7f72z.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Alex1\Application Data\Mozilla\Firefox\Profiles\uwl7f72z.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Alex1\Application Data\Mozilla\Firefox\Profiles\uwl7f72z.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Alex1\Application Data\Mozilla\Firefox\Profiles\uwl7f72z.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Alex1\Application Data\Mozilla\Firefox\Profiles\uwl7f72z.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Alex1\Application Data\Mozilla\Firefox\Profiles\uwl7f72z.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Alex1\Application Data\Mozilla\Firefox\Profiles\uwl7f72z.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Alex1\Application Data\Mozilla\Firefox\Profiles\uwl7f72z.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Alex1\Application Data\Mozilla\Firefox\Profiles\uwl7f72z.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Alex1\Application Data\Mozilla\Firefox\Profiles\uwl7f72z.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Alex1\Application Data\Mozilla\Firefox\Profiles\uwl7f72z.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Alex1\Application Data\Mozilla\Firefox\Profiles\uwl7f72z.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Alex1\Application Data\Mozilla\Firefox\Profiles\uwl7f72z.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Alex1\Application Data\Mozilla\Firefox\Profiles\uwl7f72z.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Alex1\Application Data\Mozilla\Firefox\Profiles\uwl7f72z.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Alex1\Application Data\Mozilla\Firefox\Profiles\uwl7f72z.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Alex1\Application Data\Mozilla\Firefox\Profiles\uwl7f72z.default\cookies.txt[.uol.com.br/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Alex1\Application Data\Mozilla\Firefox\Profiles\uwl7f72z.default\cookies.txt[de.uol.com.br/]

 

http://www.alxproductions.com/searchsvc.JPG

 

Hi Alex
I have a friend looking in here.
Please give him any information he may want and follow his instuctions if he gives you any.
His name is "noahdfear ".

I believe what is happening here (3 post now 3 different people) is something new and experts will be needed to figure this out.
and like I said, I am just a student.

Geri

 

I have also started to have the exact same problem of the "Generic Host Procecss for Win32 services" error appearing and disabling the internet so long as I click on either "debug ", "don't send error report" or "send ". Ignoring it allows me to continue surfing.
In my case, the problem started once I installed TalkTalk broadband on my computer.
Indeed this does seem to be a new problem -whenever I have googled the error message, the symptoms described are always been different, usually having something to do with HP printer software or problems with shutting down.
Any help you can give would be much appreciated!

 

No problem, Geri - thanks very much for all your help, I really appreciate it.

Alex D - I guess we're of the first lucky few to experience what seems to be a fresh new virus...

 

Hi Alex W, Alex D and dalaner,

I'd like for each of you to gather a few logs for me, and email them to me for comparison/review, so that I can try to find a common link(s) to this problem, or otherwise see what may be the cause for each of you.

1. Please create a new folder in Local Disk C: (the root of your drive) named Logs.

2. Click Start>run and type eventvwr then hit enter. You can alternatively right click My Computer and select Manage, then expand the Event Viewer category. Click Application, then Action>Save Log File As from the menu. Save it as yournameApplication (for me that would be noahdfearApplication) to the new Logs folder. Click System, then Action>Save Log File As and save as yournameSystem to the Logs folder. They should default to the .evt file type when saved.

3. Click Start>run and type msinfo32 then hit enter, or click Start>All Programs>Accessories>System Tools>System Information. Click Components, then File>Export and save it as yournameComponents (it should by default be saved as a text file) to the Logs folder. Click Software Environment, File>Export and save as yournameSoftware to the Logs folder.

4. Copy the following string of text.
regedit.exe /e c:\Logs\Uninstall.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall "
Click Start>Run and paste it in, then hit enter.

5. Open the Logs folder and verify that the 4 saved logs and the Uninstall.txt files are present. Close the folder then right click it and select Send To>Compressed (zipped) Folder, or use any zip program to zip it. Attach it to an email to me with the subject line RE:smitRem (this is so that it will get delivered to my Inbox and not sent to Junk)

noahdfearATmsnDOTcom (replace AT with @ and DOT with . )

I will post back with possible futher questions/instructions/suggestions as soon as I've had time to review them.


Alex D and dalaner,

I will be requesting that your posts be moved to a topic of it's own, in case further questions/instructions/suggestions differ.


Alex W,

The behavior of svchost.exe is normal, as is it's location(s). Tasklist is an XP Pro only option, unless you have obtained and placed a copy of the tasklist file in the system32 folder of Home Edition. Does your system fall under one of those categories?

Thank You!

 

Alex W,

One other thing........if this zip file is still present, please send it to me also. You may need to zip it first since the 875 extension may not get through the email filter(s).

C:\DOCUME~1\Alex1\LOCALS~1\Temp\Rar$EX19.875

 

Hi noahdfear and thanks.

I've just sent you an email via hotmail with the attachment.

I looked for the file "C:\DOCUME~1\Alex1\LOCALS~1\Temp\Rar$EX19.875 "

but couldn't find it.

 

Thanks Alex.......received!

Would you also do a search, the entire drive, for *.dmp files. If you find any dated at about the time you received one of the Gen host errors, please zip and send those as well.

 

I ran a search and found a number of .dmp files in a folder called C:\WINDOWS\Minidump

Arranging by "date modified," the most recent one found was dated July 25. The others dated back to around this time last year. I've sent them all to you in a zip, but am not sure if they meet your criteria.

 

Hi Alex,

What USB devices do you have, connected and disconnected? Are they working properly? Have a look in the device manager for any error symbols and let me know if there are any/for what device(s).

Please click Start>run and type services.msc then hit enter. Look for nsynas32 and right click>Start the service. Let me know if it starts, and if while running, the Generic Host errors stop. If not listed, click Start>run and type the following command and hit enter;

sc start nsynas32


Note the time when you do this, then look in the event viewer>system for error (Service Control Manager 7000) or information entries related to this service at that time. You can also open a command window (start>run and type cmd) then use the following command to see the status of the service;

sc query nsynas32