How can I get rid of it?

[Steven2006]

Hello to all fellow forum members,

I have encountered this pop-up message, "Generic host Process for Win 32 Service has encountered a problem and need to close down.....", whenever I am online. It usually appears after maybe 10/20 mins whenever i am online.

After I closed the pop-up window, everything except the Internet connection is fine-I was disconnected eventhough the connection icon is still indicating that the Internet connection is on. I tried to bring out the connecion window in order to reconnect, and it didn't work.

Anyone out there can give me some advices, and your help will be fully appreciated, thanks

Steven

[GX1_Man]

Did this just start or it has been going on for a while?

What spyware/virus protection are you using?

What Windows? What service pack? All Microsoft updates loaded?

Here's a good read:

http://www.computerhope.com/cgi-bin/yabb/YaBB.cgi?num=1149948530

[Steven2006]

Hi GXi_Man,

Thanks for your reply.

This problem just started about 3 days ago.
I am using ad-aware 6 and spybot-search and destroy. Besides that I have downloaded a program(FixBlast) to fix the so-called W32.Blaster.Worm virus, which have been known for causing this problem, unfortunately it didn't work.

I am using the Window xp professional.

Service pack???

I believe i don't all the MS updated loaded.

Thanks and looking forward to your advice.

Steven

[GX1_Man]

Service pack???
I believe i don't all the MS updated loaded.

You should have Service Pack 2 and all updates applied, at the least.

Look in Control Panel/System and see what it says right below your version of Windows.

Use Microsoft Update.

The key to this is using your prevention/removal tools in Safe Mode with System Restore turned off. Otherwise you can just reinfect yourself.

[Steven2006]

Hi GXi_Man,

Control Panel/System says -
Microsoft Windows XP
Professional
Version 2002
Service Pack 2

"Use Ms Update" means I have to download them from MS homepage?

"The key to this is using your prevention/removal tools in Safe Mode with System Restore turned off. Otherwise you can just reinfect yourself." - This part I am not quite sure that i am fully understood.

Could you pls list out the step(s) of doing it How do I get into the Safe Mode and how to turn off the System Restore..

Thanks again

Steven

P.S At the time of this writing, the mentioned message was pop-up again and i was disconnect from the Internet after I clicked on the "Don't Send" button.

[GX1_Man]

Under the Start Window should be Windows Update. Click on that and follow along.

Safe Mode can be entered by pressing F8 a few times when the machine starts BEFORE the Windows logo.

Here is some info on System Restore:

http://www.geocities.com/tmbzone_cfb/system_restore.htm

http://support.microsoft.com/kb/306084/

Is that a real Windows CD by the way?

[Steven2006]

Hi GXi_Man,

Thanks for your info.

What do you meant by "Is that a real Windows CD by the way?"? and does it mean something in solving this problem?

Thanks,
Steven

[squirrel]

is the CD new and shiny, and does it say microsoft?

[Steven2006]

Hi all,

The problem is still there, any more suggestions?

thanks,
Steven

[GX1_Man]

[highlight]is the CD new and shiny, and does it say microsoft[/highlight]?

What EXACTLY have you done so far?

[Steven2006]

Hi GXi_Man,

I have been encountered this problem almost 3 days from now. It seems like it appeared form nowhere. As far as I could recall, I didn't download anything suspicious from the Internet, and everything was fine before this error message started to pop up.

In addition, I have scanned my pc with antivirus and spyware programs i could get my hands on, like Norton, avg, ad-aware, spybot-search and destroy in safe mode. I also downloaded updates from Microsoft.

For your reference, this is the info i got from the error message pop-up

Error signature
EventType: BEX P1:svchost.exe P2:5.1.2600.2180 P3:41107ed6
P4:netapi32.dll P5:5.1.2600.2180 P6:411096ac P7:0000a3c0
P8:c0000409 P9:00000000

Technical info for this error
C:.DOCUME~1\BeenLee\LOCALS~1\Temp\WERF345.dif00\svchost.exe.mdmp
C:.DOCUME~1\BeenLee\LOCALS~1\Temp\WERF345.dif00\appcompat.txt

Logfile of HijackThis v1.99.1

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\MetaTrader Data Center\mtdcsrv.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\BeenLee\LOCALS~1\Temp\Rar$EX00.734\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155570321328
O16 - DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} (SVPorsche Control) - http://seevideo.co.kr/pub/seevideo2003/SVPorsche.cab
O16 - DPF: {9E265649-6E0E-4EEA-9F49-DAE0801440CF} (WebDigiNet Control) - http://ifocus.no-ip.info/WebDiginet.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E6A0D90-51EE-4479-BF60-E9ECB998B1EF}: NameServer = 202.188.0.133 202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{D37993D3-C149-4F2C-86E1-D4FC9E2222F9}: NameServer = 202.188.0.133,202.188.1.5
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\

[Steven2006]

This is the log after the error message appeared,

Logfile of HijackThis v1.99.1
Scan saved at 11:35:12 PM, on 8/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\MetaTrader Data Center\mtdcsrv.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\BeenLee\LOCALS~1\Temp\Rar$EX12.594\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155570321328
O16 - DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} (SVPorsche Control) - http://seevideo.co.kr/pub/seevideo2003/SVPorsche.cab
O16 - DPF: {9E265649-6E0E-4EEA-9F49-DAE0801440CF} (WebDigiNet Control) - http://ifocus.no-ip.info/WebDiginet.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E6A0D90-51EE-4479-BF60-E9ECB998B1EF}: NameServer = 202.188.0.133 202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{D37993D3-C149-4F2C-86E1-D4FC9E2222F9}: NameServer = 202.188.0.133,202.188.1.5
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON

[Steven2006]

Hi anyone out there has any new ideas how to fix this problem?


Thanks,
Steven

[Zylstra]

Steven2006
Did I help you in the CH Chat with this problem?

If so, I can provide the links I gave you earlier for the Microsoft help search?

[Steven2006]

Hi all,



This problem "Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience."

Error signature
EventType:BEX P1:svchost.exe P2:5.1.2600.2180 P3:41107ed6
P4: netapi32.dll P5: 5.1.2600.2180 P6:411096ac P7:0000a3c0
P8:c0000409 P9:00000000

Technical info for this error
C:.DOCUME~1\BeenLee\LOCALS~1\Temp\WERF345.dif00\svchost.exe.mdmp
C:.DOCUME~1\BeenLee\LOCALS~1\Temp\WERF345.dif00\appcompat.txt

Is happened whenever I am browsing the Internet. It doesn't matter whether I am using Firefox or IE. When this error messager window pop-up, my connection to the Internet will be closed soon, eventhough the connection icon is still indicating that the connection is on. I try to click on the computer icon (connection) in order to bring up the connection window, it just flash and disappear.

I scanned my pc with AVG, Norton, spybot, fixSasser, ewido, free sasser removal too and fixblaster program(s) and no virus is found. I also downloaded some windows updates.

Is this problem of my system or network connection-svchost.exe.mdmp, appcompat.txt?

Can anyone intrepret the log files i posted in the previous reply and spot some unusual activities?

I don't think we chat before, anyway can you give the link as you mentioned and I will try it to see if it works.

Any idea what's happened?

Thanks,