Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Generic Service Host Problems


  • Please log in to reply
4 replies to this topic

#1 Drighten

Drighten

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 29 November 2006 - 08:17 PM

Hello;

I have been getting the Generic Service Host problem, when using internet and email, and have been trying to find the answers on many forums, including bleeping. The most sense answer has been supplied by Buckeye Sam on these forums, but I believe the solutions will be specific to individual computers as I do not have some of the lines shown in the other fella's Combofix log. Mine follows:

Thom - 06-11-29 19:42:12.33 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Thom\Desktop\Seldom"

((((((((((((((((((((((((((((((( Files Created from 2006-10-29 to 2006-11-29 ))))))))))))))))))))))))))))))))))


2006-11-28 11:02 <DIR> d-------- C:\WINDOWS\Updates
2006-11-28 10:41 <DIR> d-------- C:\Program Files\Trend Micro
2006-11-26 16:05 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2006-11-17 09:18 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-29 06:14 -------- d-------- C:\Program Files\Symantec AntiVirus
2006-11-28 12:44 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-11-28 12:27 -------- d-------- C:\Program Files\Registry Mechanic
2006-11-22 07:14 -------- d-------- C:\Program Files\Movie Maker
2006-11-20 18:17 40 ---hs---- C:\Documents and Settings\Thom\Application Data\.zreglib
2006-11-17 11:01 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-14 14:29 -------- d-------- C:\Program Files\Empty Temp Folders 2.8.3
2006-11-11 13:10 -------- d---s---- C:\Documents and Settings\Thom\Application Data\Microsoft
2006-11-03 05:17 -------- d-------- C:\Program Files\Lavasoft Ad-Aware
2006-10-20 13:04 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-20 13:04 -------- d-------- C:\Program Files\Magellan
2006-10-18 14:33 -------- d-------- C:\Program Files\Ipswitch
2006-10-18 14:33 -------- d-------- C:\Documents and Settings\Thom\Application Data\Ipswitch
2006-10-18 14:09 -------- d-------- C:\Documents and Settings\Thom\Application Data\GlobalSCAPE
2006-10-17 10:56 -------- d-------- C:\Program Files\SlySoft


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SiS Tray"="C:\\WINDOWS\\System32\\sistray.EXE"
"SiS KHooker"="C:\\WINDOWS\\System32\\khooker.exe"
"SiS7012Utility"="\"C:\\WINDOWS\\System32\\SiSAudUt.exe\" -wdm"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\j2re1.4.2_04\\bin\\jusched.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"RegistryMechanic"=""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="file:///C:/DOCUME~1/Thom/LOCALS~1/Temp/msohtml1/01/clip_image001.gif"
"SubscribedURL"="file:///C:/DOCUME~1/Thom/LOCALS~1/Temp/msohtml1/01/clip_image001.gif"
"FriendlyName"=""
"Flags"=dword:00002001
"Position"=hex:2c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:dc,ff,d1,02,f3,99,83,7c,70,9a,80,7c,ff,ff,ff,ff,66,9a,\
80,7c,66,9a,80,7c

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,ea,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-11-29 19:43:08.03
C:\ComboFix.txt ... 06-11-29 19:43

Edited by Drighten, 29 November 2006 - 08:33 PM.


BC AdBot (Login to Remove)

 


#2 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:11:12 PM

Posted 02 December 2006 - 06:38 AM

Hello Drighten
Please post any error messages that appear in the Event Viewer under Administrative Tools.
"2007 & 2008 Windows Shell/User Award"

#3 Drighten

Drighten
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 06 December 2006 - 03:55 PM

I get the error:

W32Time (category: None) (Event: 29) (User: N/A)

AND:

W32Time (category: None) (Event: 17) (User: N/A)

anywhere from two to four error lines stating:

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 29
Date: 11/16/2006
Time: 6:56:06 AM
User: N/A
Computer: VIKING
Description:
The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

AND:

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 17
Date: 11/16/2006
Time: 6:56:06 AM
User: N/A
Computer: VIKING
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Is this what you need?

#4 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:10:12 PM

Posted 06 December 2006 - 04:19 PM

This link addresses your first issue. It is the last ID number in the list. If you are able to get resolution with that one. I would address the second issue with them if the first fix does not solve the problem.

Be (time synchronization) Safe

Da Bleepin AniMod, Animal

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#5 Drighten

Drighten
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 07 December 2006 - 05:44 AM

Okay. The previously posted events are not the appropriate events. I had the service host problem this morning and got the event error from that. It is as follows:

Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 12/7/2006
Time: 5:19:36 AM
User: N/A
Computer: VIKING
Description:
Faulting application svchost.exe, version 5.1.2600.2180,
faulting module netapi32.dll, version 5.1.2600.2180,
fault address 0x0000a3c0.

For more information, see Help
and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 73 76 63 ure svc
0018: 68 6f 73 74 2e 65 78 65 host.exe
0020: 20 35 2e 31 2e 32 36 30 5.1.260
0028: 30 2e 32 31 38 30 20 69 0.2180 i
0030: 6e 20 6e 65 74 61 70 69 n netapi
0038: 33 32 2e 64 6c 6c 20 35 32.dll 5
0040: 2e 31 2e 32 36 30 30 2e .1.2600.
0048: 32 31 38 30 20 61 74 20 2180 at
0050: 6f 66 66 73 65 74 20 30 offset 0
0058: 30 30 30 61 33 63 30 000a3c0


I will check microsofts fwlink, but the link for the other ones I posted were no help at all. I will see if they do any better on this one and report back.

Alright - I checked microsofts fwlinks for event solutions, and they list nothing for an event ID 1000 that affects svchost.exe and/or netapi32.dll.

Anyone have any ideas?

Edited by Drighten, 07 December 2006 - 06:11 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users