Safe mode - svchost.exe

[Menno Hershberger]

I'm working on a Windows 2000 Pro machine that gives me the following error
only in Safe Mode:
"svchost.exe has generated errors and will be closed by Windows". I can
cancel the message a couple of times and it'll stay away. My reason for
being in Safe Mode was to run Norton Antivirus. NAV will come up to the
status window and "refreshing" but it doesn't go any further. And it won't
scan.
In normal mode I don't get the error and Norton will run properly. I put a
copy of msconfig.exe on it and disabled a lot of obvious bad stuff, but of
course that wouldn't effect Safe Mode.
I've Googled and found several references to the error message, some
relating it to the W32.Blaster. Ran FixBlast.exe (from Norton) and it found
nothing. I really didn't find anything about it happening in Safe Mode.
This guy just got DSL and that's when all these problems arose. First was a
Norton popup you couldn't get rid of which found "Backdoor.Ranky" in a file
called "fgsh.exe"
Norton only found one "Download.Trojan" on the full scan and deleted it.
But still the problem with Safe Mode. How do I fix it?

 

[Guest]

The happening of this problem probably because some hidden service is running
through svchost.exe. It can be a virus, adware, or trojan horse. In some
case, antivirus program may not be able to detect and disinfect your system
in 100%.

In safe mode, Windows will only load with minimal set of drivers, some aux.
drivers like network adapter (except you choose "safe mode with networking",
display adapter will be disabled, hence it may limit the activity of the
malicious code, especially in network area. Poorly written virus may then
generate error when certain attacking target is not available.

Not only the malicious code, even operation of NAV activities may be
restricted by safe mode as well. However, you still have to depend on
antivirus software to tackle the problem. However, you may need to update
your virus definition file before scanning. In order to get a clean scanning
environment, you can think about attaching the hard drive to another system
for scanning, or a clean boot CD like WindowsPE to aid scanning. Third
party WinPE is also a good choice but not good to mentioned here. Try using
google to find it out.

Wish this may help.

Lawrence Tse

 

[Menno Hershberger]

I was using Safe Mode with Networking. Since I read your post I tried just
going into plain Safe Mode. I didn't get the error and Norton worked fine.
So it seems that the only time I get the error is when I try to go into
"Safe Mode with Networking". I am presently running Trend Micro's online
virus scan on it... maybe it will find something.
I noticed the svchost.exe error message also included a note that it was
creating an error log. Here's what the event viewer is showing...
These are all "Service Control Manager" errors from the event log.

The SYMTDI service depends on the TCP/IP Protocol Driver service which
failed to start because of the following error:
A device attached to the system is not functioning.

The DHCP Client service depends on the SYMTDI service which failed to start
because of the following error:
The dependency service or group failed to start.

The DNS Client service depends on the TCP/IP Protocol Driver service which
failed to start because of the following error:
A device attached to the system is not functioning.

The TCP/IP NetBIOS Helper Service service depends on the AFD Networking
Support Environment service which failed to start because of the following
error:
No attempts to start the service have been made since the last boot.

The System Event Notification service depends on the COM+ Event System
service which failed to start because of the following error:
No attempts to start the service have been made since the last boot.

The Computer Browser service depends on the Server service which failed to
start because of the following error:
No attempts to start the service have been made since the last boot.

The Tmfilter service depends on the Vsapint service which failed to start
because of the following error:
No attempts to start the service have been made since the last boot.

The following boot-start or system-start driver(s) failed to load:
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip
wpsdrvnt

The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error:
No attempts to start the service have been made since the last boot.

The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error:
No attempts to start the service have been made since the last boot.

Any of this make any sense to anybody?

 

[Guest]

I was using Safe Mode with Networking. Since I read your post I tried just
going into plain Safe Mode. I didn't get the error and Norton worked fine.
So it seems that the only time I get the error is when I try to go into
"Safe Mode with Networking". I am presently running Trend Micro's online
virus scan on it... maybe it will find something.
I noticed the svchost.exe error message also included a note that it was
creating an error log. Here's what the event viewer is showing...
These are all "Service Control Manager" errors from the event log.

The SYMTDI service depends on the TCP/IP Protocol Driver service which
failed to start because of the following error:
A device attached to the system is not functioning.

The DHCP Client service depends on the SYMTDI service which failed to start
because of the following error:
The dependency service or group failed to start.

The DNS Client service depends on the TCP/IP Protocol Driver service which
failed to start because of the following error:
A device attached to the system is not functioning.

The TCP/IP NetBIOS Helper Service service depends on the AFD Networking
Support Environment service which failed to start because of the following
error:
No attempts to start the service have been made since the last boot.

The System Event Notification service depends on the COM+ Event System
service which failed to start because of the following error:
No attempts to start the service have been made since the last boot.

The Computer Browser service depends on the Server service which failed to
start because of the following error:
No attempts to start the service have been made since the last boot.

The Tmfilter service depends on the Vsapint service which failed to start
because of the following error:
No attempts to start the service have been made since the last boot.

The following boot-start or system-start driver(s) failed to load:
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip
wpsdrvnt

The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error:
No attempts to start the service have been made since the last boot.

The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error:
No attempts to start the service have been made since the last boot.

Any of this make any sense to anybody?

 

[Guest]

I see there is no big harm that those service cannot be started, as they are
all network related and the symptom is as expected.

Other than those MS networking services, "SYMTDI" was installed by NAV and
depends on TCP/IP, "Vsapint" and "Tmfilter" were installed by Trend
Officescan.

Recommend to use some adware scaning program in addition to virus scanner.

On the other hand, try to search in google on what I mentioned about Windows
PE using the keyword "WinPE", you can easily find out something that's really
helpful to your situation (in case virus scanning can not help).

Lawrence Tse