Startup error In XP Home [HijackThis Log]

Every few days or so when my PC boots up I get this message popping up.

Generic host process for Win32 encountered a problem and need to close.

the error sig points at the svchost.exe file and it says these two files will be included in the error report....svchost.exe and appcompat.txt.


If I just ignore this and carry on as normal my machine seems to be working OK....If I reboot I usually don't get the error message again for a day or two.

Can anyone tell me how to get rid of this please and any info. on what it's about would be gratefully received.

 

No Pete...I don't have a printer installed.

I have a usb game controller and a usb modem.

 

Take a look at This Thread that deals with a similar situation and gives more detail. You may want to take one of the actions recommended there and post your results here.

 

Thanks Newt.....I did the svchost.txt thing you described here is the text file...WITHOUT THE ERROR.

Image Name PID Services
========================= ====== =============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 400 N/A
csrss.exe 456 N/A
winlogon.exe 488 N/A
services.exe 532 Eventlog, PlugPlay
lsass.exe 544 PolicyAgent, ProtectedStorage, SamSs
ati2evxx.exe 688 Ati HotKey Poller
svchost.exe 708 DcomLaunch, TermService
svchost.exe 792 RpcSs
svchost.exe 832 AudioSrv, BITS, Browser, CryptSvc, Dhcp,
ERSvc, EventSystem,
FastUserSwitchingCompatibility, helpsvc,
lanmanserver, lanmanworkstation, Netman,
Nla, RasMan, Schedule, seclogon, SENS,
SharedAccess, ShellHWDetection, srservice,
TapiSrv, Themes, TrkWks, W32Time, winmgmt,
wscsvc, wuauserv, WZCSVC
svchost.exe 896 Dnscache
svchost.exe 980 LmHosts, SSDPSRV, WebClient
CCSETMGR.EXE 1100 ccSetMgr
SNDSrvc.exe 1112 SNDSrvc
CCEVTMGR.EXE 1136 ccEvtMgr
ati2evxx.exe 1168 N/A
explorer.exe 1264 N/A
spoolsv.exe 1436 Spooler
CCPROXY.EXE 1548 ccProxy
NAVAPSVC.EXE 1632 navapsvc
NPROTECT.EXE 1692 NProtectService
SAVSCAN.EXE 1728 SAVScan
SMAgent.exe 1860 SoundMAX Agent Service (default)
symlcsvc.exe 1936 Symantec Core LC
wdfmgr.exe 1960 UMWdf
SymWSC.exe 2040 SymWSC
atiptaxx.exe 356 N/A
gsicon.exe 408 N/A
dslagent.exe 424 N/A
CCAPP.EXE 132 N/A
PDVDServ.exe 744 N/A
jusched.exe 868 N/A
MsgPlus.exe 956 N/A
realsched.exe 1012 N/A
IMApp.exe 2080 N/A
wscntfy.exe 2396 N/A
alg.exe 2752 ALG
firefox.exe 3684 N/A
cmd.exe 2732 N/A
tasklist.exe 2836 N/A
wmiprvse.exe 1412 N/A


As usual,when I actually want the error to show it ain't but as soon as it does do I just post the text file here again??

 

Yup. Just post it here.

The easy way to do a quick check is by service name and contents. For instance, you have

svchost.exe 708 DcomLaunch, TermService

so easy enough to check a 2nd run and see if you still have a svchost.exe running those processes. Same for all the other instances.

If you have killed a Generic Host Process and all your svchost.exe instances are still running and have the same contents, you have killed a baddie that is somewhat broken and giving that error message.

Otherwise, you will either see a svchost.exe instance that is missing and can assume that some piece of it is causing your error.

 

Hello again Newt.....I've still not had the error again yet.

I generated another svchost.txt file this morning and it was identical to the one posted above.

 

Here is the taslist after the error.....I hope you remember about me Newt.



Image Name PID Services
========================= ====== =============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 392 N/A
csrss.exe 456 N/A
winlogon.exe 488 N/A
services.exe 532 Eventlog, PlugPlay
lsass.exe 544 PolicyAgent, ProtectedStorage, SamSs
ati2evxx.exe 688 Ati HotKey Poller
svchost.exe 708 DcomLaunch, TermService
svchost.exe 788 RpcSs
svchost.exe 828 AudioSrv, BITS, Browser, CryptSvc, Dhcp,
ERSvc, EventSystem,
FastUserSwitchingCompatibility, helpsvc,
lanmanserver, lanmanworkstation, Netman,
Nla, RasMan, Schedule, seclogon, SENS,
SharedAccess, ShellHWDetection, srservice,
TapiSrv, Themes, TrkWks, W32Time, winmgmt,
wscsvc, wuauserv, WZCSVC
svchost.exe 896 Dnscache
svchost.exe 984 LmHosts, SSDPSRV, WebClient
CCSETMGR.EXE 1112 ccSetMgr
SNDSrvc.exe 1124 SNDSrvc
ati2evxx.exe 1156 N/A
CCEVTMGR.EXE 1204 ccEvtMgr
explorer.exe 1240 N/A
spoolsv.exe 1456 Spooler
CCPROXY.EXE 1556 ccProxy
NAVAPSVC.EXE 1692 navapsvc
NPROTECT.EXE 1756 NProtectService
atiptaxx.exe 1800 N/A
gsicon.exe 1808 N/A
dslagent.exe 1816 N/A
CCAPP.EXE 1832 N/A
SAVSCAN.EXE 1888 SAVScan
PDVDServ.exe 1944 N/A
jusched.exe 1952 N/A
MsgPlus.exe 1980 N/A
realsched.exe 2000 N/A
SMAgent.exe 204 SoundMAX Agent Service (default)
symlcsvc.exe 276 Symantec Core LC
wdfmgr.exe 736 UMWdf
SymWSC.exe 1060 SymWSC
IMApp.exe 2060 N/A
wscntfy.exe 2676 N/A
alg.exe 2704 ALG
wuauclt.exe 2968 N/A
firefox.exe 3432 N/A
cmd.exe 3776 N/A
tasklist.exe 3784 N/A
wmiprvse.exe 3812 N/A

 

Didn't forget. Sick with a flu bug of some sort and not able to concentrate on the forums for a few days.

Assuming that this 'after' listing was when you'd gotten one of the "Generic host process for Win32 encountered a problem and need to close" messages I'd have to bet on a critter that is mimicing the normal windows process because a comparison of your tasklist output is identical except for a couple of the PIDs being different and that's normal.

From quicklinks in my signature, locate one or more of the online virus scanners and scan your system. Set the scan to tell you what is found and to offer you the option of dealing with it/them and then opt to have them cleaned or deleted. Even if you have an installed AV program, you can't really trust it at this point.

If you don't have current updated versions of Ad-aware, Spybot, and Microsoft Antispyware loaded, do so. Get current ref files then run each of them and clean what they find.

After completing all those scans, download the current version of Hijackthis, unzip it to a folder of it's own (c:\hjt or something), run it to scan and create a log, then post the log here.

Moving this thread to the Spyware Removal section.

 

Hello Newt...hope you're feeling better....I had a viral infection for 8 weeks...I think it's finally starting to clear up now....only the annoying cough left.

I ran RAV antivirus and it was clean.
I ran a Free online trojan scan and it was clean.
I ran Adaware and it found no new critical objects.
I ran Spybot and it showed nothing.
I also have installed Spyware Blaster.
I will post the Hijack this log below.

Logfile of HijackThis v1.99.1
Scan saved at 12:42:22, on 24/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [RemHelp] remhelp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F9F7747-C9A7-43F9-AE85-D41F5A333910}: NameServer = 194.74.65.68 194.72.9.38
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

 

Where are you Newt?