I randomly get the error, "Generic Host Process for Win32 Services has encountered a problem." Web research keeps heading me back to a Blaster infection. I have run Fixblast.exe (No infection found) and scanned with NOD32 and a couple of online scans. All say the drive is clean. Am I missing something? What else could it be?

This is my HJT log
Logfile of HijackThis v1.98.2
Scan saved at 3:16:44 PM, on 12/7/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
I:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\GEARSec.exe
D:\WINDOWS\system32\mgabg.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\System32\svchost.exe
I:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
D:\WINDOWS\system32\fxssvc.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\rundll32.exe
I:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
D:\Program Files\Eset\nod32kui.exe
D:\WINDOWS\system32\PDesk\PDesk.exe
D:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
I:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
D:\Program Files\Belkin\Bluetooth Software\BTTray.exe
D:\Program Files\Microsoft ActiveSync\WCESMgr.exe
I:\Program Files\Internet Explorer\iexplore.exe
D:\hijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] I:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService] I:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroCheck] I:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Matrox Powerdesk] D:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKCU\..\Run: [SpySweeper] "E:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Acrobat Assistant.lnk = I:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: I:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab


Whatcha Think?
-cadjak

Someone will look at you log..but you can also do this at times..

go to Control Panel>Administrative Tools>Event Viewer.
Look at the logs for both application and system, scrolling down to find what errors might have been logged associated with this event.

If you find log entries for errors probably associated with this event (because of the timing), you can right click on the error, click on "Properties", and click on the link to get more information on the error from Microsoft.

Such information may help us pin down the error to a specific driver or module which is causing the error.

If you're not sure when it happened last, the next time it occurs, look at the event viewer logs to see if you can find the connection.

Thanks for your advice. I found a pattern in the event viewer, but I don't have any idea how to use the information to stop the error.

These are the glitches mentioned;


Any ideas?

TIA
-cadjak

Your log is clean.

From the event log it seems the Windows Firewall is not loading.

Perhaps Hunter has more information.

SecurityCenter is that section of the new SP2 that does control..as I recall there were certain third party application that were going to have problems with that and could be you have to contact your AV company but I will look into it further.

These willl help you understand the secuirty center and how to set it up. Also known problems


Frequently asked questions about Windows Security Center
http://support.microsoft.com/?kbid=883792





1. How do I change the way Security Center alerts me?
Go to Security Center in Control Panel.
Click "Change the way Security Center alerts me" on the left side.
Check as desired.
WARNING: If you uncheck something, you may not get any warnings if there is a problem with that feature.


Games and Windows Firewall
http://www.microsoft.com/windowsxp/using/g...rsfirewall.mspx



Windows XP Service Pack 2

http://www3.telus.net/dandemar/xpsp2.htm

So what you have posted indicates this is happening..
Q: How does Windows Security Center detect third-party products and their status?
A: Windows Security Center uses a two-tiered approach for detection status. One tier is manual, and the other tier is automatic through Windows Management Instrumentation (WMI). In manual detection mode, Windows Security Center searches for registry keys and files that are provided to Microsoft by independent software manufacturers. These registry keys and files let Windows Security Center detect the status of independent software. In WMI mode, software manufacturers determine their own product status and report that status back to Windows Security Center through a WMI provider. In both modes, Windows Security Center tries to determine whether the following is true:• An antivirus program is present.
• The antivirus signatures are up-to-date.
• Real-time scanning or on-access scanning is turned on for antivirus programs.
• For firewalls, Windows Security Center detects whether a third-party firewall is installed and whether the firewall is turned on or not.

In looking at your log again I am disturbed that your apparently have two full operating systems installed and your computer is loading system programs from a non-system drive.

THis entry:
I:\WINDOWS\System32\svchost.exe

Is your 'Generic Host Process" -- your boot drive is "c:" and this program should not be running.

I also notice that your programs are shown on both D: and I:.

Perhaps you need to rethink your layout and enusre that all system calls are made to system programs located on the boot drive only.