Help - Search - Members - Calendar
Full Version: Generic Service Host Problems
BleepingComputer.com > Internet & Networking > Web Browsing/Email and Other Internet Applications
   
Drighten
Nov 29 2006, 08:17 PM
Hello;

I have been getting the Generic Service Host problem, when using internet and email, and have been trying to find the answers on many forums, including bleeping. The most sense answer has been supplied by Buckeye Sam on these forums, but I believe the solutions will be specific to individual computers as I do not have some of the lines shown in the other fella's Combofix log. Mine follows:

Thom - 06-11-29 19:42:12.33 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Thom\Desktop\Seldom"

((((((((((((((((((((((((((((((( Files Created from 2006-10-29 to 2006-11-29 ))))))))))))))))))))))))))))))))))


2006-11-28 11:02 <DIR> d-------- C:\WINDOWS\Updates
2006-11-28 10:41 <DIR> d-------- C:\Program Files\Trend Micro
2006-11-26 16:05 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2006-11-17 09:18 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-29 06:14 -------- d-------- C:\Program Files\Symantec AntiVirus
2006-11-28 12:44 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-11-28 12:27 -------- d-------- C:\Program Files\Registry Mechanic
2006-11-22 07:14 -------- d-------- C:\Program Files\Movie Maker
2006-11-20 18:17 40 ---hs---- C:\Documents and Settings\Thom\Application Data\.zreglib
2006-11-17 11:01 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-14 14:29 -------- d-------- C:\Program Files\Empty Temp Folders 2.8.3
2006-11-11 13:10 -------- d---s---- C:\Documents and Settings\Thom\Application Data\Microsoft
2006-11-03 05:17 -------- d-------- C:\Program Files\Lavasoft Ad-Aware
2006-10-20 13:04 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-20 13:04 -------- d-------- C:\Program Files\Magellan
2006-10-18 14:33 -------- d-------- C:\Program Files\Ipswitch
2006-10-18 14:33 -------- d-------- C:\Documents and Settings\Thom\Application Data\Ipswitch
2006-10-18 14:09 -------- d-------- C:\Documents and Settings\Thom\Application Data\GlobalSCAPE
2006-10-17 10:56 -------- d-------- C:\Program Files\SlySoft


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SiS Tray"="C:\\WINDOWS\\System32\\sistray.EXE"
"SiS KHooker"="C:\\WINDOWS\\System32\\khooker.exe"
"SiS7012Utility"="\"C:\\WINDOWS\\System32\\SiSAudUt.exe\" -wdm"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\j2re1.4.2_04\\bin\\jusched.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"RegistryMechanic"=""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="file:///C:/DOCUME~1/Thom/LOCALS~1/Temp/msohtml1/01/clip_image001.gif"
"SubscribedURL"="file:///C:/DOCUME~1/Thom/LOCALS~1/Temp/msohtml1/01/clip_image001.gif"
"FriendlyName"=""
"Flags"=dword:00002001
"Position"=hex:2c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:dc,ff,d1,02,f3,99,83,7c,70,9a,80,7c,ff,ff,ff,ff,66,9a,\
80,7c,66,9a,80,7c

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,ea,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-11-29 19:43:08.03
C:\ComboFix.txt ... 06-11-29 19:43
acklan
Dec 2 2006, 06:38 AM
Hello Drighten
Please post any error messages that appear in the Event Viewer under Administrative Tools.
Drighten
Dec 6 2006, 03:55 PM
I get the error:

W32Time (category: None) (Event: 29) (User: N/A)

AND:

W32Time (category: None) (Event: 17) (User: N/A)

anywhere from two to four error lines stating:

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 29
Date: 11/16/2006
Time: 6:56:06 AM
User: N/A
Computer: VIKING
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

AND:

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 17
Date: 11/16/2006
Time: 6:56:06 AM
User: N/A
Computer: VIKING
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Is this what you need?
Animal
Dec 6 2006, 04:19 PM
This link addresses your first issue. It is the last ID number in the list. If you are able to get resolution with that one. I would address the second issue with them if the first fix does not solve the problem.

Be (time synchronization) Safe

Da Bleepin AniMod, Animal
Drighten
Dec 7 2006, 05:44 AM
Okay. The previously posted events are not the appropriate events. I had the service host problem this morning and got the event error from that. It is as follows:

Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 12/7/2006
Time: 5:19:36 AM
User: N/A
Computer: VIKING
Description:
Faulting application svchost.exe, version 5.1.2600.2180,
faulting module netapi32.dll, version 5.1.2600.2180,
fault address 0x0000a3c0.

For more information, see Help
and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 73 76 63 ure svc
0018: 68 6f 73 74 2e 65 78 65 host.exe
0020: 20 35 2e 31 2e 32 36 30 5.1.260
0028: 30 2e 32 31 38 30 20 69 0.2180 i
0030: 6e 20 6e 65 74 61 70 69 n netapi
0038: 33 32 2e 64 6c 6c 20 35 32.dll 5
0040: 2e 31 2e 32 36 30 30 2e .1.2600.
0048: 32 31 38 30 20 61 74 20 2180 at
0050: 6f 66 66 73 65 74 20 30 offset 0
0058: 30 30 30 61 33 63 30 000a3c0


I will check microsofts fwlink, but the link for the other ones I posted were no help at all. I will see if they do any better on this one and report back.

Alright - I checked microsofts fwlinks for event solutions, and they list nothing for an event ID 1000 that affects svchost.exe and/or netapi32.dll.

Anyone have any ideas?
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.