Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

a suspicious message


  • Please log in to reply
9 replies to this topic

#1 monica_farcas

monica_farcas

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 07 May 2005 - 12:31 PM

My operating system is Windows Xp and a couple of days ago I started to receive this message when I enter Windows:

Generic Host Process for Win32 Services
encountered a problem and needed to close.

What can I get rid of it without formating the computer and what does it mean?

I appreciate a solution for this problem.
Thanks a lot.

Monica


Mod Edit: This will be moved to a more appropriate Forum.

Edited by scarlett, 07 May 2005 - 12:33 PM.


BC AdBot (Login to Remove)

 


#2 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:08:26 PM

Posted 07 May 2005 - 08:49 PM

Hi monica_farcas,

Does this fit your problem?

This error occurs when you start Windows XP. There sometimes is a mention of a problem when you shutdown late at night. The error is reported to have happened the night before. It comes in the form a a Microsoft Error report.

************************************************

Can you tell me what software you have on your computer?

Do you have? Internet Explorer 6, Firefox, Microsoft Office, JSE2 runtime enviroment, Adobe reader 7, Quicktime, Macromedia suite, Microsoft C++, Microsoft Money, Macromedia Shockwave, Real Player basic, PrintMaster, ZoneAlarm, WinZip, ATI control panel, loaded on your computer?

I am looking for something you and others have in common.

************************************************
Now, I need you to download HighjackThis. This program will allow me to see what processes you have running on your computer. Please do the following:
Create a directory on your hardrive to save HijackThis.exe. A directory like c:\hijackthis. If you do not do this, you will not be able to use the backup/restore features.

Download HijackThis from:

HijackThis Download Site

Save this file into the directory you made previously and then run the program named hijackthis.exe. When the program opens click on the Config button, then click on the Misc Tools button, and click on the Check for update online button. When it completes checking/applying updates press the back button.

Now click on the Scan button and when it is finished click on the Save Log button. A Notepad window will open with the contents of this log. Click on Edit then click on Select all. Then click on Edit and then Click on Copy.

Create a reply to this post here and right click in message area and select paste to paste the log into the post.

DO NOT fix any entries!

To see a tutorial with screenshots on using HijackThis you can click on the link below:

How to use HijackThis to remove Browser Hijackers, Malware, & Spyware

I am not a HJT team member yet, but I would like to use your log for information in determining the cause of this problem. Please do not use HJT to fix anything.



Thanks

Rigel

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#3 monica_farcas

monica_farcas
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 10 May 2005 - 01:53 PM

Dear Mr. Rigel,

Thanks a lot for your quick answer. I really appreciate it.

Until now that message didnít appear but I would like to be sure that my computer is ok and I donít have to format it or I wonít have further inconveniences.

I have loaded on my computer: Internet Explorer 6, Microsoft Office, Adobe reader 6, J2SE Runtime Environment 5.0 Update 2, Java 2 Runtime Environment SE v1.4.2._06, Macromedia Shockwave, Winrar, ATI control panel.

Besides these mentioned above I have: Nero, Opera, Kaspersky, Ad-Aware SE Personal, Microsoft antispyware, Windows Media Player and much more.

I have download HighJackThis as you told me and the information that you have requested it is presented below. Please tell me what I can do next.

Thanks a lot and hope to talk to you soon.
Best regards,
Monica

Logfile of HijackThis v1.99.1
Scan saved at 21:39:54, on 10.05.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\WebCam\M1000\M1000Mnt.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\Babylon\Babylon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\YHsmiles\YHsmiles.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\oDC\oDC.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
F3 - REG:win.ini: run=hpfsched
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Babylon Client] D:\Babylon\Babylon.exe -AutoStart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [YHsmiles] C:\Program Files\YHsmiles\YHsmiles.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A53193E2-651C-485D-8A15-B7FB7E1B37DA}: NameServer = 193.231.237.2,193.231.189.9
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

#4 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:08:26 PM

Posted 10 May 2005 - 03:25 PM

Hi monica,

Thank you for the post. Please do one other thing for me. There should be a link - something in blue - that allows you to see more information about your error. This will be in the window that appears when the error occurs. Can you post that info for me. It should mention something about the AppName, ModName, or Version?

I have found instances where AppName, ModName, or Version all displayed 0's or 0.0.0.0. If that is your case, I have heard Microsoft is working on a fix. It seems there are a several people who have this problem.

Thanks again for supplying the information!

Rigel

PS... At this time, I don't think formating is necessary.

Edited by rigelslight, 10 May 2005 - 03:34 PM.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#5 monica_farcas

monica_farcas
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 11 May 2005 - 12:01 PM

Dear Mr. Rigel,

Thanks a lot for your quick reply. Unfortunately (or fortunately) that message didnít appear again so I canít give you further details.
I remember that this message appeared before formatting my PC and it appeared 2 times after that. Thatís why I was afraid that something is wrong and I was hoping that the log file can give you more details.
If that message will appear once more I will print screen it and I will try to post it.

Please let me know what I can do further.
Thank you again and hope to talk to you soon.

Sincerely yours,
Monica

#6 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:08:26 PM

Posted 11 May 2005 - 03:35 PM

Thanks Monica,

Let's see what we find out from the error report.

Thanks,

Rigel

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#7 monica_farcas

monica_farcas
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 21 May 2005 - 03:25 AM

Dear Mr. Rigel,

This error has appeared ten minutes ago and this time I had time to copy everything. I looked for AppName, ModName, or Version all displayed 0's or 0.0.0.0 and I found something.

So I will write it down:

Generic Host Process for Win32 Services
Error signature

szAppName: svchost.exe
szAppVer:0.0.0.0 szModName: unknown
szModVer: 0.0.0.0 offset: 00000000

To view technical information about the error report:

The following files will be included in this error report:
C:DOCUME~1MonicaLOCALS~1TempWERccaf.dir00svchost.exe.mdmp
C:DOCUME~1MonicaLOCALS~1TempWERccaf.dir00appcompat.txt

Maybe it's important to mention that I observed that after receiving this error windows has started to update and after update of course my computer was automatically restarted and that error didn't appear once more.

Thank you again for your support and I impatiently wait your opinion.

Best regards,
Monica

#8 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:08:26 PM

Posted 21 May 2005 - 10:13 PM

Hi monica,

Here is what I have discovered...

The error you are experiencing is related to hardware, but is not always the same piece of hardware for every user. Many users have cured this problem by installing their printer, and reinstalling it using updated drivers. USB cameras, or other USB devices may also be causing the error. So...

Concentrate on USB devices, and then one at a time replace the drivers for each. Replace those for your printer, or camera first, and then follow through with the others. I wish I could be more specific for you Monica, but this error affects a wide group of hardware.

If that doesn't do it, you may wish to extend the replacements to your other components. Even though this maybe lots of work, the good thing is your computer will be in better shape with the updated drivers.

Good luck with the replacements,

Rigel

PS... Let us hear back if this solved the problem... :thumbsup:

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#9 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:08:26 PM

Posted 22 May 2005 - 06:08 PM

Monica!

Microsoft has released a fix for the Generic Hosts Process error.

http://support.microsoft.com/?kbid=894391

Select the download that matches your system.

Good luck and take care.

Rigel

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#10 monica_farcas

monica_farcas
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 12 August 2005 - 02:22 PM

Dear Mr. Rigel,

I used your advice in removing and installing the drivers for my camera and for my printer and since then (22 of May) I didn't have problem with this error. :thumbsup:
Today that error appeared once more and I will try your second advice - the solution offered by Microsoft and I will let you know if something will change.

Thanks again for your support. :flowers:
Best regards,
Monica




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users