DEP problem at start-up

[Ibrick]

I rebuilt my PC some months ago and re-installed XP and updated to SP3,
etc.,. For a while now, I get a couple of DEP messages at start-up. The
sequence of events is as follows:

1. Message pops up : "Data Execution Prevention etc.... To help protect
your computer, Windows has closed this program. Name: Generic Host Process
for Win32 Services"

2. Some time later (about 1 minute), a bubble appears bottom right corner
saying "your computer might be at risk because you have no Firewall set";
which is nonsense, because I do. During this time I cannot do anything else
on the PC - it seems to be "stuck" doing something (reminds me of a PC trying
desperately to connect to a network ?).

3. I then receive a message from Generic Host Process, saying it had
encountered a problem and needs to shut down. I have sent the error report
numerous times (I beleive it does not send it more than once, but better safe
than sorry...)

4. I then receive another pair of the same messages. However, the
interesting thing is that the date/time stamp on the first message pair can
be anything up to 36 hours prior to the actual start-up date/time, whereas
the second pair states the correct date/time. I have a Word document showing
all this if anyone needs to have a look.

5. I can then use the PC as normal, but I am concerned about the DEP
messages.

Only other piece of information to add is that XP seems to think I have two
copies of XP loaded (I used to get the "options" screen coming up during
start-up but switched that off). The original re-install failed for some
reason that now esacapes me, but I started again, choosing to overwrite the
existing folders, so not sure hwy this comes up. Still, it may not be
relevant.

Any help much appreciated.

 

[housetrained]

I rebuilt my PC some months ago and re-installed XP and updated to SP3,
etc.,. For a while now, I get a couple of DEP messages at start-up. The
sequence of events is as follows:

1. Message pops up : "Data Execution Prevention etc.... To help protect
your computer, Windows has closed this program. Name: Generic Host
Process
for Win32 Services"

2. Some time later (about 1 minute), a bubble appears bottom right corner
saying "your computer might be at risk because you have no Firewall set";
which is nonsense, because I do. During this time I cannot do anything
else
on the PC - it seems to be "stuck" doing something (reminds me of a PC
trying
desperately to connect to a network ?).

3. I then receive a message from Generic Host Process, saying it had
encountered a problem and needs to shut down. I have sent the error
report
numerous times (I beleive it does not send it more than once, but better
safe
than sorry...)

4. I then receive another pair of the same messages. However, the
interesting thing is that the date/time stamp on the first message pair
can
be anything up to 36 hours prior to the actual start-up date/time, whereas
the second pair states the correct date/time. I have a Word document
showing
all this if anyone needs to have a look.

5. I can then use the PC as normal, but I am concerned about the DEP
messages.

Only other piece of information to add is that XP seems to think I have
two
copies of XP loaded (I used to get the "options" screen coming up during
start-up but switched that off). The original re-install failed for some
reason that now esacapes me, but I started again, choosing to overwrite
the
existing folders, so not sure hwy this comes up. Still, it may not be
relevant.

Any help much appreciated.

personally I would run Darik's boot & nuke then install again - 32 must work
properly.

 

[Ibrick]

What happens about the activation code - does it roll over again ?

 

[Gerry]

Have a look in the System and Application logs in Event Viewer for
Errors and Warnings and post copies here. Don't post any more than 48
hours ago.

You can access Event Viewer by selecting Start, Control Panel,
Administrative Tools, and Event Viewer. When researching the meaning
of the error, information regarding Event ID, Source and Description
are important.

HOW TO: View and Manage Event Logs in Event Viewer in Windows XP
http://support.Microsoft.com/kb/308427/en-us

A tip for posting copies of Error Reports! Run Event Viewer and double
click on the error you want to copy. In the window, which appears is a
button resembling two pages. Click the button and close Event
Viewer.Now start your message (email) and do a paste into the body of
the message. Make sure this is the first paste after exiting from
Event Viewer.

--


Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[PA Bear [MS MVP]]

You may be seeing the effects of a(nother) hijackware infection!

NB: If you had no anti-virus application installed or the subscription had
expired *when the machine first got infected* and/or your subscription has
since expired and/or the machine's not been kept fully-patched at Windows
Update, don't waste your time with any of the below: Format & reinstall
Windows. A Repair Install will NOT help!

1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx

NB: Run the FULL scan, not the QUICK scan! You may need to download the
MSRT on a non-infected machine, then transfer MRT.EXE to the infected
machine and rename it to SCAN.EXE before running it.

2. [WinXP ONLY!! =>] Run the Windows Live Safety Center's 'Protection' scan
(only!) in Safe Mode with Networking, if need be:
http://onecare.live.com/site/en-us/center/howsafe.htm

3. Run a /thorough/ check for hijackware, including posting the requested
logs in an appropriate forum, not here.

Checking for/Help with Hijackware
http://aumha.net/viewtopic.php?f=30&t=4075
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://www.elephantboycomputers.com/page2.html#Removing_Malware

**Seek expert assistance in
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://www.dslreports.com/forum/cleanup, http://aumha.net/viewforum.php?f=30
or other appropriate forums.**

If these procedures look too complex - and there is no shame in admitting
this isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.

 

[Randem]

Seems like you may be infected. Some helpful solutions can be found here
http://www.randem.com/virusproblems.html

See if they help...

--
Randem Systems
Your Installation Specialist
The Top Inno Setup Script Generator
http://www.randem.com/innoscript.html
Disk Read Error Press Ctl+Alt+Del to Restart
http://www.randem.com/discus/messages/9402/9406.html?1236319938

 

[Jock!]

I found this, not sure if it will help:

http://www.geekpolice.net/software-f6/dep-yahoo-messenger-problem-t5619.htm



Good luck!

 

[Ibrick]

Hi Gerry, here's an error log from this morning - make any sense ?


Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 30/05/2009
Time: 07:43:25
User: N/A
Computer: STUDY
Description:
Faulting application svchost.exe, version 5.1.2600.5512, faulting module
unknown, version 0.0.0.0, fault address 0x00c99eec.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 73 76 63 ure svc
0018: 68 6f 73 74 2e 65 78 65 host.exe
0020: 20 35 2e 31 2e 32 36 30 5.1.260
0028: 30 2e 35 35 31 32 20 69 0.5512 i
0030: 6e 20 75 6e 6b 6e 6f 77 n unknow
0038: 6e 20 30 2e 30 2e 30 2e n 0.0.0.
0040: 30 20 61 74 20 6f 66 66 0 at off
0048: 73 65 74 20 30 30 63 39 set 00c9
0050: 39 65 65 63 9eec

 

[Ibrick]

Perhaps not as simple as just that error - here are all the messages at
startup. This sequence of 8 messages seems to occur each time at startup.
Be very grateful if you can make sense out of this - I really don't want to
have to reformat and reload XP. Many thanks

MSG 1 -
Event Type: Information
Event Source: SeaPort
Event Category: None
Event ID: 0
Date: 29/05/2009
Time: 07:58:27
User: N/A
Computer: STUDY
Description:
The description for Event ID ( 0 ) in Source ( SeaPort ) cannot be found.
The local computer may not have the necessary registry information or message
DLL files to display messages from a remote computer. You may be able to use
the /AUXSOURCE= flag to retrieve this description; see Help and Support for
details. The following information is part of the event: Service started.

MSG 2 -

Event Type: Information
Event Source: SecurityCenter
Event Category: None
Event ID: 1800
Date: 29/05/2009
Time: 07:58:27
User: N/A
Computer: STUDY
Description:
The Windows Security Center Service has started.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

MSG 3 -

Event Type: Information
Event Source: Avira AntiVir
Event Category: AntiVir
Event ID: 4096
Date: 29/05/2009
Time: 07:58:28
User: NT AUTHORITY\SYSTEM
Computer: STUDY
Description:
The AntiVir service has been started successfully!

MSG 4 -

Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1004
Date: 29/05/2009
Time: 07:58:33
User: N/A
Computer: STUDY
Description:
Faulting application svchost.exe, version 5.1.2600.5512, faulting module
unknown, version 0.0.0.0, fault address 0x00c99eec.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 73 76 63 ure svc
0018: 68 6f 73 74 2e 65 78 65 host.exe
0020: 20 35 2e 31 2e 32 36 30 5.1.260
0028: 30 2e 35 35 31 32 20 69 0.5512 i
0030: 6e 20 75 6e 6b 6e 6f 77 n unknow
0038: 6e 20 30 2e 30 2e 30 2e n 0.0.0.
0040: 30 20 61 74 20 6f 66 66 0 at off
0048: 73 65 74 20 30 30 63 39 set 00c9
0050: 39 65 65 63 9eec

MSG 5 -

Event Type: Warning
Event Source: EvntAgnt
Event Category: None
Event ID: 1003
Date: 29/05/2009
Time: 07:58:42
User: N/A
Computer: STUDY
Description:
TraceFileName parameter not located in registry; Default trace file used is .

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

MSG 6 -

Event Type: Warning
Event Source: EvntAgnt
Event Category: None
Event ID: 1015
Date: 29/05/2009
Time: 07:58:42
User: N/A
Computer: STUDY
Description:
TraceLevel parameter not located in registry; Default trace level used is 32.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

MSG 7 -

Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1001
Date: 29/05/2009
Time: 08:00:02
User: N/A
Computer: STUDY
Description:
Fault bucket 231349134.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 42 75 63 6b 65 74 3a 20 Bucket:
0008: 32 33 31 33 34 39 31 33 23134913
0010: 34 0d 0a 4..

MSG 8 -

Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 29/05/2009
Time: 08:00:06
User: N/A
Computer: STUDY
Description:
Faulting application svchost.exe, version 5.1.2600.5512, faulting module
unknown, version 0.0.0.0, fault address 0x00c99eec.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 73 76 63 ure svc
0018: 68 6f 73 74 2e 65 78 65 host.exe
0020: 20 35 2e 31 2e 32 36 30 5.1.260
0028: 30 2e 35 35 31 32 20 69 0.5512 i
0030: 6e 20 75 6e 6b 6e 6f 77 n unknow
0038: 6e 20 30 2e 30 2e 30 2e n 0.0.0.
0040: 30 20 61 74 20 6f 66 66 0 at off
0048: 73 65 74 20 30 30 63 39 set 00c9
0050: 39 65 65 63 9eec

 

[PA Bear [MS MVP]]

Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/kb/827315

Run a /thorough/ check for hijackware, including posting the requested logs
in an appropriate forum.

Checking for/Help with Hijackware
http://aumha.net/viewtopic.php?f=30&t=4075
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://www.elephantboycomputers.com/page2.html#Removing_Malware

**Seek expert assistance in
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://www.dslreports.com/forum/cleanup, http://aumha.net/viewforum.php?f=30
or other appropriate forums.**

If these procedures look too complex - and there is no shame in admitting
this isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.

 

[Gerry]

Ibrick

SeaPort is Microsoft SeaPort Search Enhancement Process. Have you
installed Windows Search 4.0
http://www.brighthub.com/computing/windows-platform/articles/33033.aspx

Try uninstalling through Start, Control Panel, Add / Remove Programs and
observe for effect.

What firewall are you using?

Your Firewall problem is of concern.
Malwarebytes' Anti-Malware
1.36 -freeware (if you upgrade you pay).
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

Run Malwarebytes' and turn off your current anti-virus
before you do to avoid a conflict. Disregard the invitation on the web
site regarding the Registry Optimiser -a Registry Optimiser is not a
helpful utility.

--


Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[Ibrick]

Gerry,

This was most helpful ! I don't have the utility below, but the article you
referred me to described the symptoms exactly. I've now changed the config
files to stop SeaPort from starting up and the DEP problem has gone away.

I still get the Firewall message, though. I use the XP Firewall and see no
reason why it should come up, as I have 2 other PCs running XP and I never
receive this message. I have already run the Malware and other similar
software but they found nothing. As the Firewall is set, I'm going to live
with it for now.

Many, many thanks for your and everyone else's help with this.

 

[Ibrick]

Thanks, Pappa Bear - your and Gerry' suggestions have helped me solve at
least the DEP problem. Still have the Firewall message, but I'm going to
live with it for now, until such time as I really need to reinstall XP.

Many thanks for your help with this.

 

[Gerry]

Ibrick

You're welcome. Thanks for reporting the outcome.

--


Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[PA Bear [MS MVP]]

[Who's "Pappa Bear"?]

 

[Gerry]

A big Daddy Bear <G>.


--


Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

[Who's "Pappa Bear"?]

Thanks, Pappa Bear - your and Gerry' suggestions have helped me
solve at least the DEP problem. Still have the Firewall message,
but I'm going to live with it for now, until such time as I really
need to reinstall XP. Many thanks for your help with this.