Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Generic Host Process for Win32 Services error

Status
Not open for further replies.
bdoub1eu

bdoub1eu

IS-IT--Management
Dec 10, 2003
440
US
First let me say thanks in advance for the help!

Our CFO came to me last week and said his machine has been freezing up and in turn, he will get frustrated and reboot it. On the reboot, he will receive the "Generic Host Process for Win32 Services" error and eventually he can get back into the OS.

The error signature is below:

szAppName: svchost.exe
szAppVer: 0.0.0.0
szModName: unknown
szModVer: 0.0.0.0
offset: 00000000

In this error he also receives errors pertaining to the files:

C:\DOCUME~1\JONATH~1\LOCALS~1\Temp\WER3.tmp.dir00\svchost.exe.mdmp|

C:\DOCUME~1\JONATH~1\LOCALS~1\Temp\WER3.tmp.dir00\appcompat.txt

Heap=C:\DOCUME~1\JONATH~1\LOCALS~1\Temp\WER3.tmp.dir00\svchost.exe.hdmp

I've done some research and there is alot of info pointing to the blaster virus...I have confirmed that he indeed has the patch installed and any instances of this virus has been removed from the registry, so I don't think that is the case. Anyone else, I would probably just reimage the machine, but this guy will want a detailed answer as to why we have to do that...Any help is greatly appreciated.
 
Sort by date Sort by votes
Hi,
There are more than just the blaster virus that would cause these symptoms.
Download stinger(search google) and run a quick scan.
May also be worth doing a full upto date online scan.

"Sometimes I do not know but I try hard"- R.F. Haughty 1923
 
Upvote 0 Downvote
He has malware/virus.
Using "lookalike" files to regular system files is being quite common.

Winlogon, Winlogin, Svchost, and others.

If you follow the steps in my FAQ: faq608-4650 you can resolve the issue.

In particular, do the cleanup steps recommended, then run Hijack this and look for HKCU\...Run entries that reference SVCHOST in any directory OTHER than C:\Windows\System32.

The online virus scans mentioned in the FAQ should identify by name the malware, and a Google will likely get you the information on direct removal steps.

But do all the cleanup steps recommend, Steps #1 -- #4.

faq608-4650
 
Upvote 0 Downvote
We do have Symantec Corporate Antivirus 8.1 on all the client machines and a scan was performed on his machine last Thursday and came up empty. Besides viruses, what else would cause these symptoms?
 
Upvote 0 Downvote
He does have Spybot Search and Destroy on his machine...
 
Upvote 0 Downvote
I cannot count the number of times that people with this issue have said "I have NAV with current defintions (or McAfee or something else).

This is not a true virus, in the way in which Norton Corporate views a virus. They have gotten better, but the fact of the matter is that is malware: you have deliberately introduced through opening an email message or a poor choice of website as a link an agent that now is causing you problems.

1. Do steps #2-#3 in FAQ: faq608-4650

2. Then post a "Hijack This" log here:

There was this morning on NBC Today's show a representative from the antivirul community saying they are swamped with calls just for "Bagle32" worm infections.
 
Upvote 0 Downvote
Unfortunately, this did not fix the problem, although I appreciate your help...Any more ideas?
 
Upvote 0 Downvote
I did find out some more information...

This only happens about once every two weeks and only when he tries to open an attachment...Usually in the form of an excel spreadsheet.

I know everything points to a virus, but I just can't find anything.
 
Upvote 0 Downvote
I too am getting this error and I’m fairly confident that it’s not a virus or malware. This is what’s happening with winxp pro on a domain.

1. User turns on their pc and logs in for the first time today
2. Login takes a long time 3-5min
3. User starts to work can get to email
4. Cannot get to any mapped drives
5. Looking at the even log the first error is usually [DCOM got error "The pipe state is invalid. " attempting to start the service netman with]
6. Followed by 20-30 errors of failed services in the system event logs.
7. To restore the mapped drives the user shuts down and restarts
8. After a restart the drives are usually available and the user receives the Generic Host Process for Win32 Services error
 
Upvote 0 Downvote
This is not happening to all of our xp pc’s but a good number of them. Below is a evenlog of one of the pc’s. Also I just tried

To disable this "feature" and restore your domain logons to their normal speed, open the MMC and add the group policy snap-in. Under Computer Configuration-->Administrative Templates-->System-->Logon, change "Always wait for the network at computer startup and logon" to ENABLED.

But the 3-5min wait was right after reboot and I received the same sequence of errors



APPLICATION LOGS

Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 6/24/2004
Time: 9:54:01 AM
User: N/A
Computer: [ComputerName]
Description:
Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

For more information, see Help and Support Center at Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 20 30 2e ure 0.
0018: 30 2e 30 2e 30 20 69 6e 0.0.0 in
0020: 20 75 6e 6b 6e 6f 77 6e unknown
0028: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0030: 20 61 74 20 6f 66 66 73 at offs
0038: 65 74 20 30 30 30 30 30 et 00000
0040: 30 30 30 000





SYSTEM LOGS

Event Type: Information
Event Source: EventLog
Event Category: None
Event ID: 6006
Date: 6/23/2004
Time: 5:03:37 PM
User: N/A
Computer: [ComputerName]
Description:
The Event log service was stopped.

For more information, see Help and Support Center at Data:
0000: ff 00 00 00 ÿ...

Event Type: Information
Event Source: EventLog
Event Category: None
Event ID: 6009
Date: 6/24/2004
Time: 9:53:46 AM
User: N/A
Computer: [ComputerName]
Description:
Microsoft (R) Windows (R) 5.01. 2600 Service Pack 1 Uniprocessor Free.

For more information, see Help and Support Center at
Event Type: Information
Event Source: EventLog
Event Category: None
Event ID: 6005
Date: 6/24/2004
Time: 9:53:46 AM
User: N/A
Computer: [ComputerName]
Description:
The Event log service was started.

For more information, see Help and Support Center at
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 6/24/2004
Time: 9:55:55 AM
User: NT AUTHORITY\SYSTEM
Computer: [ComputerName]
Description:
DCOM got error "The pipe state is invalid. " attempting to start the service netman with arguments "" in order to run the server:
{BA126AD1-2166-11D1-B1D0-00805FC1270E}

For more information, see Help and Support Center at

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10010
Date: 6/24/2004
Time: 9:56:24 AM
User: NT AUTHORITY\SYSTEM
Computer: [ComputerName]
Description:
The server {1BE1F766-5536-11D1-B726-00C04FB926AF} did not register with DCOM within the required timeout.

For more information, see Help and Support Center at

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7022
Date: 6/24/2004
Time: 9:56:32 AM
User: N/A
Computer: [ComputerName]
Description:
The Server service hung on starting.

For more information, see Help and Support Center at
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Date: 6/24/2004
Time: 9:56:32 AM
User: N/A
Computer: [ComputerName]
Description:
The Computer Browser service depends on the Server service which failed to start because of the following error:
After starting, the service hung in a start-pending state.

For more information, see Help and Support Center at
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 6/24/2004
Time: 9:56:32 AM
User: N/A
Computer: [ComputerName]
Description:
The Network Connections service failed to start due to the following error:
The pipe state is invalid.

For more information, see Help and Support Center at
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 6/24/2004
Time: 9:56:32 AM
User: N/A
Computer: [ComputerName]
Description:
The Network Location Awareness (NLA) service failed to start due to the following error:
The pipe state is invalid.

For more information, see Help and Support Center at
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 6/24/2004
Time: 9:56:32 AM
User: N/A
Computer: [ComputerName]
Description:
The Terminal Services service failed to start due to the following error:
The pipe state is invalid.

For more information, see Help and Support Center at

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 6/24/2004
Time: 9:56:32 AM
User: N/A
Computer: [ComputerName]
Description:
The Windows Audio service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 6/24/2004
Time: 9:56:32 AM
User: N/A
Computer: [ComputerName]
Description:
The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 6/24/2004
Time: 9:56:32 AM
User: N/A
Computer: [ComputerName]
Description:
The DHCP Client service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 6/24/2004
Time: 9:56:32 AM
User: N/A
Computer: [ComputerName]
Description:
The Logical Disk Manager service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 6/24/2004
Time: 9:56:32 AM
User: N/A
Computer: [ComputerName]
Description:
The Error Reporting Service service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 6/24/2004
Time: 9:56:32 AM
User: N/A
Computer: [ComputerName]
Description:
The COM+ Event System service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7031
Date: 6/24/2004
Time: 9:56:32 AM
User: N/A
Computer: [ComputerName]
Description:
The Help and Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

For more information, see Help and Support Center at

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 6/24/2004
Time: 9:56:32 AM
User: N/A
Computer: [ComputerName]
Description:
The Server service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7031
Date: 6/24/2004
Time: 9:56:32 AM
User: N/A
Computer: [ComputerName]
Description:
The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

For more information, see Help and Support Center at

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 6/24/2004
Time: 9:56:32 AM
User: N/A
Computer: [ComputerName]
Description:
The Messenger service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 6/24/2004
Time: 9:56:32 AM
User: N/A
Computer: [ComputerName]
Description:
The Removable Storage service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 6/24/2004
Time: 9:56:32 AM
User: N/A
Computer: [ComputerName]
Description:
The Task Scheduler service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 6/24/2004
Time: 9:56:32 AM
User: N/A
Computer: [ComputerName]
Description:
The Secondary Logon service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 6/24/2004
Time: 9:56:32 AM
User: N/A
Computer: [ComputerName]
Description:
The System Event Notification service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 6/24/2004
Time: 9:56:32 AM
User: N/A
Computer: [ComputerName]
Description:
The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 6/24/2004
Time: 9:56:32 AM
User: N/A
Computer: [ComputerName]
Description:
The System Restore Service service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7031
Date: 6/24/2004
Time: 9:56:32 AM
User: N/A
Computer: [ComputerName]
Description:
The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

For more information, see Help and Support Center at
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 6/24/2004
Time: 9:56:32 AM
User: N/A
Computer: [ComputerName]
Description:
The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7031
Date: 6/24/2004
Time: 9:56:32 AM
User: N/A
Computer: [ComputerName]
Description:
The Upload Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

For more information, see Help and Support Center at


Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 6/24/2004
Time: 9:56:32 AM
User: N/A
Computer: [ComputerName]
Description:
The Windows Time service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7031
Date: 6/24/2004
Time: 9:56:32 AM
User: N/A
Computer: [ComputerName]
Description:
The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

For more information, see Help and Support Center at

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 6/24/2004
Time: 9:56:32 AM
User: N/A
Computer: [ComputerName]
Description:
The Portable Media Serial Number service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 6/24/2004
Time: 9:56:32 AM
User: N/A
Computer: [ComputerName]
Description:
The Wireless Zero Configuration service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at
Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7035
Date: 6/24/2004
Time: 9:56:32 AM
User: NT AUTHORITY\SYSTEM
Computer: [ComputerName]
Description:
The Network Connections service was successfully sent a start control.

For more information, see Help and Support Center at
 
Upvote 0 Downvote
If I saw Event Log you posted, I would do a clean install.
I wish I could think of quicker solution, but without blinking I would do a clean install.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

hamburg18w
  • Locked
  • Question
Task Host is Stopping the Shutdown
Replies
1
Views
391
Ign3us
Ign3us
bobadams52
  • Locked
  • Question
error 12 program swcocx in mas90
Replies
0
Views
186
bobadams52
bobadams52
Deniall
  • Locked
  • Question
AutoHotKey for a very simple task 1
Replies
5
Views
295
Deniall
Deniall
Deniall
  • Locked
  • Question
Hyperlink error in email handling 1
Replies
10
Views
257
mikrom
mikrom
pjw001
  • Locked
  • Question
Windows 11 File Explorer Preview Pane for PDF files
Replies
2
Views
160
pjw001
pjw001

Part and Inventory Search

Sponsor

Back
Top