svchost.exe errors

[Carlos]

I keep getting these - no firewalls. Once I click send or don't send, apps
will longer launch.

Generic Host Process for Win32 Services encountered a problem and needed to
close.

szAppName : svchost.exe szAppVer : 0.0.0.0 szModName : unknown
szModVer : 0.0.0.0 offset : 00000000

C:\DOCUME~1\John\LOCALS~1\Temp\WER0e76.dir00\svchost.exe.mdmp
C:\DOCUME~1\John\LOCALS~1\Temp\WER0e76.dir00\appcompat.txt

Faulting application svchost.exe, version 0.0.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x00000000.
Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1004
Date: 12/21/2004
Time: 8:31:58 PM
User: N/A
Computer: DBZXXZ11
Description:
Faulting application svchost.exe, version 0.0.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x00000000.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 73 76 63 ure svc
0018: 68 6f 73 74 2e 65 78 65 host.exe
0020: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0028: 20 69 6e 20 75 6e 6b 6e in unkn
0030: 6f 77 6e 20 30 2e 30 2e own 0.0.
0038: 30 2e 30 20 61 74 20 6f 0.0 at o
0040: 66 66 73 65 74 20 30 30 ffset 00
0048: 30 30 30 30 30 30 000000

 

[Phillip Windell]

Svchost.exe is a kind of "helper" program that lets DLL files run as
executables when running as a service.

As a first step I would download and run either Spybot S&D or Ad-Aware
(prefeabley both) to scan for and remove Spyware/Malware. Then see how
things run after that. I would also, after you have done that,...make sure
you AV software is fully updated and do a full scan of the machine.

Chances are, once the machine is "clean" the problem will go away.

 

[Carlos]

Thanks Phil - but I have already run AdAware, Spybot, TrendMicro, and NAV.
In safe mode too.

Svchost.exe is a kind of "helper" program that lets DLL files run as
executables when running as a service.

As a first step I would download and run either Spybot S&D or Ad-Aware
(prefeabley both) to scan for and remove Spyware/Malware. Then see how
things run after that. I would also, after you have done that,...make sure
you AV software is fully updated and do a full scan of the machine.

Chances are, once the machine is "clean" the problem will go away.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

I keep getting these - no firewalls. Once I click send or don't send,
apps
will longer launch.

Generic Host Process for Win32 Services encountered a problem and needed to
close.

szAppName : svchost.exe szAppVer : 0.0.0.0 szModName : unknown
szModVer : 0.0.0.0 offset : 00000000

C:\DOCUME~1\John\LOCALS~1\Temp\WER0e76.dir00\svchost.exe.mdmp
C:\DOCUME~1\John\LOCALS~1\Temp\WER0e76.dir00\appcompat.txt

Faulting application svchost.exe, version 0.0.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x00000000.
Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1004
Date: 12/21/2004
Time: 8:31:58 PM
User: N/A
Computer: DBZXXZ11
Description:
Faulting application svchost.exe, version 0.0.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x00000000.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 73 76 63 ure svc
0018: 68 6f 73 74 2e 65 78 65 host.exe
0020: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0028: 20 69 6e 20 75 6e 6b 6e in unkn
0030: 6f 77 6e 20 30 2e 30 2e own 0.0.
0038: 30 2e 30 20 61 74 20 6f 0.0 at o
0040: 66 66 73 65 74 20 30 30 ffset 00
0048: 30 30 30 30 30 30 000000

 

[Phillip Windell]

I can't find anything else on that. Did you click on the link given in the
error?...you have to click on it in the error popup error itself,...clicking
on it in this email won't help.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Thanks Phil - but I have already run AdAware, Spybot, TrendMicro, and NAV.
In safe mode too.

Svchost.exe is a kind of "helper" program that lets DLL files run as
executables when running as a service.

As a first step I would download and run either Spybot S&D or Ad-Aware
(prefeabley both) to scan for and remove Spyware/Malware. Then see how
things run after that. I would also, after you have done that,...make sure
you AV software is fully updated and do a full scan of the machine.

Chances are, once the machine is "clean" the problem will go away.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

I keep getting these - no firewalls. Once I click send or don't send,
apps
will longer launch.

Generic Host Process for Win32 Services encountered a problem and

needed
to

close.

szAppName : svchost.exe szAppVer : 0.0.0.0 szModName : unknown
szModVer : 0.0.0.0 offset : 00000000

C:\DOCUME~1\John\LOCALS~1\Temp\WER0e76.dir00\svchost.exe.mdmp
C:\DOCUME~1\John\LOCALS~1\Temp\WER0e76.dir00\appcompat.txt

Faulting application svchost.exe, version 0.0.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x00000000.
Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1004
Date: 12/21/2004
Time: 8:31:58 PM
User: N/A
Computer: DBZXXZ11
Description:
Faulting application svchost.exe, version 0.0.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x00000000.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 73 76 63 ure svc
0018: 68 6f 73 74 2e 65 78 65 host.exe
0020: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0028: 20 69 6e 20 75 6e 6b 6e in unkn
0030: 6f 77 6e 20 30 2e 30 2e own 0.0.
0038: 30 2e 30 20 61 74 20 6f 0.0 at o
0040: 66 66 73 65 74 20 30 30 ffset 00
0048: 30 30 30 30 30 30 000000

 

[David H. Lipman]

Carlos:

There was NO reason to cross-post to the News Groups; "codewarrior", Networking, Device
Driver Development or Windows Update. Please keep your posting/cross-posting On Topic for
the subject matter of your post.

Obtain McAfee's virus and worm removal tool, Stinger: http://vil.nai.com/vil/stinger/

1) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
2) Reboot your PC into Safe Mode
3) Using McAfee Stinger, perform a Full Scan of your platform and clean/delete any
infectors found
4) Restart your PC and perform a "final" Full Scan of your platform
5) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
6) Reboot your PC.
7) Create a new Restore point

If Stinger indicates nothing, please try several of the following online scanners

BitDefender:
http://www.bitdefender.com/scan/license.php

Computer Associates:
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

DialogueScience:
http://www.antivir.ru/english/www_av/

F-Secure:
http://support.f-secure.com/enu/home/ols.shtml

Freedom Online scanner:
http://www.freedom.net/viruscenter/index.html

Kaspersky:
http://www.kaspersky.com/de/scanforvirus

McAfee:
http://www.mcafee.com/myapps/mfs/default.asp

Panda:
http://www.pandasoftware.com/activescan/

Symantec:
http://security.symantec.com/


* * * Please report your results ! * * *


--
Dave




| I keep getting these - no firewalls. Once I click send or don't send, apps
| will longer launch.
|
| Generic Host Process for Win32 Services encountered a problem and needed to
| close.
|
| szAppName : svchost.exe szAppVer : 0.0.0.0 szModName : unknown
| szModVer : 0.0.0.0 offset : 00000000
|
| C:\DOCUME~1\John\LOCALS~1\Temp\WER0e76.dir00\svchost.exe.mdmp
| C:\DOCUME~1\John\LOCALS~1\Temp\WER0e76.dir00\appcompat.txt
|
| Faulting application svchost.exe, version 0.0.0.0, faulting module unknown,
| version 0.0.0.0, fault address 0x00000000.
| Event Type: Error
| Event Source: Application Error
| Event Category: (100)
| Event ID: 1004
| Date: 12/21/2004
| Time: 8:31:58 PM
| User: N/A
| Computer: DBZXXZ11
| Description:
| Faulting application svchost.exe, version 0.0.0.0, faulting module unknown,
| version 0.0.0.0, fault address 0x00000000.
| For more information, see Help and Support Center at
| http://go.microsoft.com/fwlink/events.asp.
| Data:
| 0000: 41 70 70 6c 69 63 61 74 Applicat
| 0008: 69 6f 6e 20 46 61 69 6c ion Fail
| 0010: 75 72 65 20 20 73 76 63 ure svc
| 0018: 68 6f 73 74 2e 65 78 65 host.exe
| 0020: 20 30 2e 30 2e 30 2e 30 0.0.0.0
| 0028: 20 69 6e 20 75 6e 6b 6e in unkn
| 0030: 6f 77 6e 20 30 2e 30 2e own 0.0.
| 0038: 30 2e 30 20 61 74 20 6f 0.0 at o
| 0040: 66 66 73 65 74 20 30 30 ffset 00
| 0048: 30 30 30 30 30 30 000000
|
|

 

[Alex Nichol]

I keep getting these - no firewalls. Once I click send or don't send, apps
will longer launch.

Generic Host Process for Win32 Services encountered a problem and needed to
close.

SVCHost is as its full name applies just an interface program used to
run a whole slew of services on behalf of the system. Loaded in batches
- hence the multiple copies of it. So what has actually failed is the
code of some specific service, and you have to identify which. Most
likely connected with some third party software - AV or Internet
Security or the like

 

[Guest]

Hi.
I was led to believe that SVCHOST.EXE was a backdoor for hackers and that it
could rip and upload personal data such as credit card details to it's
creator. My Registry and running Processes are infested with SVCHOST.EXE. I
have tried many methods to remove it. So I am now going to read others in
this forum and if any help is appropriate, give it a try and post results.
If any one has any other advice on this issue please email:
(e-mail address removed).

Thanks all,
Lloyd.

 

[Kelly]

http://www.google.com/search?hl=en&q=SVCHOST.EXE&btnG=Google+Search

--
Happy Mardi Gras,
Kelly (MS-MVP)

Troubleshooting Windows XP
http://www.kellys-korner-xp.com

 

[Gerry Cornell]

Kelly

It is still gives me "nightmares" trying to figure out which application
/ service is using it <g>.

One is currently not closing down and being booted off by uphclean. I
can't figure out what is starting it! I have tried Process Explorer.


--

~~~~~~

Regards.

Gerry

~~~~~~~~~~~~~~~~~~~~~~~~
FCA

Stourport, Worcs, England
Enquire, plan and execute.
~~~~~~~~~~~~~~~~~~~~~~~~

 

[David H. Lipman]

Lloyd:

SVCHOST.EXE is a legitimate component of WinXP. However, it is the target of many viral and
non-viral malware. In addition, many viral and non-viral malware may variations of that
name such as SCVHOST.EXE.

--
Dave




| Hi.
| I was led to believe that SVCHOST.EXE was a backdoor for hackers and that it
| could rip and upload personal data such as credit card details to it's
| creator. My Registry and running Processes are infested with SVCHOST.EXE. I
| have tried many methods to remove it. So I am now going to read others in
| this forum and if any help is appropriate, give it a try and post results.
| If any one has any other advice on this issue please email:
| (e-mail address removed).
|
| Thanks all,
| Lloyd.

 

[Alex Nichol]

I was led to believe that SVCHOST.EXE was a backdoor for hackers and that it
could rip and upload personal data such as credit card details to it's
creator. My Registry and running Processes are infested with SVCHOST.EXE. I
have tried many methods to remove it.

Svc host is primarily a facility for running a whole slew of service
modules on behalf of the system. They get loaded in groups, hence
multiple instances of svchost, and there may be as many as 40 or so
services running in them. Hackers may attack it; if so run antiparasite
programs - see http://aumha.org/a/parasite.htm

You can find the services running in the various instances by, from a
command prompt, running
TASKLIST /SVC
and looking against the various svchost entries

 

[Robert Aldwinckle]

Kelly

It is still gives me "nightmares" trying to figure out which application / service is using it <g>.

Do you have tasklist? (Part of XP Pro but also I think available
for XP Home users too, perhaps in their Support Tools package.)

Open a command window and enter:

tasklist /svc /fi "Imagename eq svchost.exe"

or, for a particular task, get its PID (represented by xxxx below)
and enter:

tasklist /svc /fi "PID eq xxxx"

You can also get more clues from the list of modules that task is using:

tasklist /M /fi "PID eq xxxx"


HTH

Robert Aldwinckle
---

 

[Rock]

Hi.
I was led to believe that SVCHOST.EXE was a backdoor for hackers and that it
could rip and upload personal data such as credit card details to it's
creator. My Registry and running Processes are infested with SVCHOST.EXE. I
have tried many methods to remove it. So I am now going to read others in
this forum and if any help is appropriate, give it a try and post results.
If any one has any other advice on this issue please email:
(e-mail address removed).

Thanks all,
Lloyd.

<excessive cross posting snipped>

A description of Svchost.exe in Windows XP
http://support.microsoft.com/?id=314056