Announcement

Collapse
No announcement yet.

Generic Host Process Killed By DEP

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Generic Host Process Killed By DEP

    Hi,

    I have a server 2k3 machine that is giving me some issues.. One of the network drives on it will become inaccessible.. Then when I log in, I see that DEP has killled a Generic Host Process.

    From the appcompat.txt file I get:

    [code]

    <?xml version="1.0" encoding="UTF-16"?>
    <DATABASE>
    <EXE NAME="SYSTEM INFO" FILTER="GRABMI_FILTER_SYSTEM">
    <MATCHING_FILE NAME="advapi32.dll" SIZE="618496" CHECKSUM="0xD62FB0BA" BIN_FILE_VERSION="5.2.3790.3959" BIN_PRODUCT_VERSION="5.2.3790.3959" PRODUCT_VERSION="5.2.3790.3959" FILE_DESCRIPTION="Advanced Windows 32 Base API" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.2.3790.3959 (srv03_sp2_rtm.070216-1710)" ORIGINAL_FILENAME="advapi32.dll" INTERNAL_NAME="advapi32.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x979F6" LINKER_VERSION="0x50002" UPTO_BIN_FILE_VERSION="5.2.3790.3959" UPTO_BIN_PRODUCT_VERSION="5.2.3790.3959" LINK_DATE="02/17/2007 13:59:02" UPTO_LINK_DATE="02/17/2007 13:59:02" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="gdi32.dll" SIZE="283136" CHECKSUM="0x856D4438" BIN_FILE_VERSION="5.2.3790.4237" BIN_PRODUCT_VERSION="5.2.3790.4237" PRODUCT_VERSION="5.2.3790.4237" FILE_DESCRIPTION="GDI Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.2.3790.4237 (srv03_sp2_gdr.080215-1206)" ORIGINAL_FILENAME="gdi32" INTERNAL_NAME="gdi32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x5091B" LINKER_VERSION="0x50002" UPTO_BIN_FILE_VERSION="5.2.3790.4237" UPTO_BIN_PRODUCT_VERSION="5.2.3790.4237" LINK_DATE="02/18/2008 14:23:28" UPTO_LINK_DATE="02/18/2008 14:23:28" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="kernel32.dll" SIZE="1037824" CHECKSUM="0xA3D04897" BIN_FILE_VERSION="5.2.3790.4062" BIN_PRODUCT_VERSION="5.2.3790.4062" PRODUCT_VERSION="5.2.3790.4062" FILE_DESCRIPTION="Windows NT BASE API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.2.3790.4062 (srv03_sp2_gdr.070417-0203)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1083FC" LINKER_VERSION="0x50002" UPTO_BIN_FILE_VERSION="5.2.3790.4062" UPTO_BIN_PRODUCT_VERSION="5.2.3790.4062" LINK_DATE="04/18/2007 16:25:36" UPTO_LINK_DATE="04/18/2007 16:25:36" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="ntdll.dll" SIZE="765440" CHECKSUM="0xF198129" BIN_FILE_VERSION="5.2.3790.3959" BIN_PRODUCT_VERSION="5.2.3790.3959" PRODUCT_VERSION="5.2.3790.3959" FILE_DESCRIPTION="NT Layer DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.2.3790.3959 (srv03_sp2_rtm.070216-1710)" ORIGINAL_FILENAME="ntdll.dll" INTERNAL_NAME="ntdll.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xBD6F9" LINKER_VERSION="0x50002" UPTO_BIN_FILE_VERSION="5.2.3790.3959" UPTO_BIN_PRODUCT_VERSION="5.2.3790.3959" LINK_DATE="02/17/2007 14:02:00" UPTO_LINK_DATE="02/17/2007 14:02:00" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="ole32.dll" SIZE="1267200" CHECKSUM="0x8A88C6B2" BIN_FILE_VERSION="5.2.3790.3959" BIN_PRODUCT_VERSION="5.2.3790.3959" PRODUCT_VERSION="5.2.3790.3959" FILE_DESCRIPTION="Microsoft OLE for Windows" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.2.3790.3959 (srv03_sp2_rtm.070216-1710)" ORIGINAL_FILENAME="OLE32.DLL" INTERNAL_NAME="OLE32.DLL" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x14357B" LINKER_VERSION="0x50002" UPTO_BIN_FILE_VERSION="5.2.3790.3959" UPTO_BIN_PRODUCT_VERSION="5.2.3790.3959" LINK_DATE="02/17/2007 14:01:09" UPTO_LINK_DATE="02/17/2007 14:01:09" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="oleaut32.dll" SIZE="553984" CHECKSUM="0x7485B5CF" BIN_FILE_VERSION="5.2.3790.4202" BIN_PRODUCT_VERSION="5.2.3790.4202" PRODUCT_VERSION="5.2.3790.4202" COMPANY_NAME="Microsoft Corporation" FILE_VERSION="5.2.3790.4202" INTERNAL_NAME="OLEAUT32.DLL" LEGAL_COPYRIGHT="Copyright © Microsoft Corp. 1993-2001." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x96543" LINKER_VERSION="0x50002" UPTO_BIN_FILE_VERSION="5.2.3790.4202" UPTO_BIN_PRODUCT_VERSION="5.2.3790.4202" LINK_DATE="12/13/2007 07:49:29" UPTO_LINK_DATE="12/13/2007 07:49:29" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="shell32.dll" SIZE="8360448" CHECKSUM="0x9CEECD4" BIN_FILE_VERSION="6.0.3790.4184" BIN_PRODUCT_VERSION="6.0.3790.4184" PRODUCT_VERSION="6.00.3790.4184" FILE_DESCRIPTION="Windows Shell Common Dll" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.3790.4184 (srv03_sp2_gdr.071106-125" ORIGINAL_FILENAME="SHELL32.DLL" INTERNAL_NAME="SHELL32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x7FA6F5" LINKER_VERSION="0x50002" UPTO_BIN_FILE_VERSION="6.0.3790.4184" UPTO_BIN_PRODUCT_VERSION="6.0.3790.4184" LINK_DATE="11/07/2007 13:49:28" UPTO_LINK_DATE="11/07/2007 13:49:28" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="user32.dll" SIZE="583680" CHECKSUM="0x44D95093" BIN_FILE_VERSION="5.2.3790.4033" BIN_PRODUCT_VERSION="5.2.3790.4033" PRODUCT_VERSION="5.2.3790.4033" FILE_DESCRIPTION="Windows USER API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.2.3790.4033 (srv03_sp2_gdr.070228-0030)" ORIGINAL_FILENAME="user32" INTERNAL_NAME="user32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x91402" LINKER_VERSION="0x50002" UPTO_BIN_FILE_VERSION="5.2.3790.4033" UPTO_BIN_PRODUCT_VERSION="5.2.3790.4033" LINK_DATE="03/02/2007 06:38:46" UPTO_LINK_DATE="03/02/2007 06:38:46" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="wininet.dll" SIZE="670720" CHECKSUM="0x26E1896A" BIN_FILE_VERSION="6.0.3790.4324" BIN_PRODUCT_VERSION="6.0.3790.4324" PRODUCT_VERSION="6.00.3790.4324" FILE_DESCRIPTION="Internet Extensions for Win32" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.3790.4324 (srv03_sp2_gdr.080630-1205)" ORIGINAL_FILENAME="wininet.dll" INTERNAL_NAME="wininet.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xA552B" LINKER_VERSION="0x50002" UPTO_BIN_FILE_VERSION="6.0.3790.4324" UPTO_BIN_PRODUCT_VERSION="6.0.3790.4324" LINK_DATE="07/01/2008 06:10:42" UPTO_LINK_DATE="07/01/2008 06:10:42" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="winsock.dll" SIZE="2864" CHECKSUM="0x73AE8088" BIN_FILE_VERSION="3.10.0.103" BIN_PRODUCT_VERSION="3.10.0.103" PRODUCT_VERSION="3.10" FILE_DESCRIPTION="Windows Socket 16-Bit DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows(TM) Operating System" FILE_VERSION="3.10" ORIGINAL_FILENAME="WINSOCK.DLL" INTERNAL_NAME="WINSOCK" LEGAL_COPYRIGHT="Copyright © Microsoft Corp. 1981-1996" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x10001" VERFILETYPE="0x2" MODULE_TYPE="WIN16" S16BIT_DESCRIPTION="BSD Socket API for Windows" S16BIT_MODULE_NAME="WINSOCK" UPTO_BIN_FILE_VERSION="3.10.0.103" UPTO_BIN_PRODUCT_VERSION="3.10.0.103" VER_LANGUAGE="English (United States) [0x409]" />
    </EXE>
    </DATABASE>

    [\code]

    Manifest.txt gets me:


    Server=watson.microsoft.com
    UI LCID=1033
    Flags=1671504
    Brand=WINDOWS
    TitleName=Generic Host Process for Win32 Services
    DigPidRegPath=HKLM\Software\Microsoft\Windows NT\CurrentVersion\DigitalProductId
    ErrorText=This error occurred on 11/24/2008 at 5:17:23 PM.
    HeaderText=Generic Host Process for Win32 Services encountered a problem and needed to close.
    Stage1URL=/StageOne/Generic/BEX/svchost_exe/5_2_3790_3959/45d6a03c/unknown/0_0_0_0/00000000/00000000/c0000005/00000008.htm
    Stage2URL=/dw/GenericTwo.ASP?EventType=BEX&P1=svchost.exe&P2=5.2 .3790.3959&P3=45d6a03c&P4=unknown&P5=0.0.0.0&P6=00 000000&P7=00000000&P8=c0000005&P9=00000008
    DataFiles=C:\DOCUME~1\ADMINI~1.HSA\LOCALS~1\Temp\1 \WER2f19.dir00\svchost.exe.mdmp|C:\DOCUME~1\ADMINI ~1.HSA\LOCALS~1\Temp\1\WER2f19.dir00\appcompat.txt
    Heap=C:\DOCUME~1\ADMINI~1.HSA\LOCALS~1\Temp\1\WER2 f19.dir00\svchost.exe.hdmp
    ErrorSubPath=Generic\BEX\svchost.exe\5.2.3790.3959 \45d6a03c\unknown\0.0.0.0\00000000\00000000\c00000 05\00000008
    DirectoryDelete=C:\DOCUME~1\ADMINI~1.HSA\LOCALS~1\ Temp\1\WER2f19.dir00


    And I can attached the svchost.exe.mdmp file, if that would be useful.. Looking through the event viewer, I don't see anything that would indicate a failure. I've done the requiste virus scans, to no avail.

    Can anyone point me in the right direction?

    Thanks
    David

  • #2
    Re: Generic Host Process Killed By DEP

    This doesn't answer your question but, do you really think it's necessary to have DEP enabled? Why not disable DEP and be done with it?

    Comment


    • #3
      Re: Generic Host Process Killed By DEP

      Well, I suppose your right.. I turned of DEP, and the service is still crashing, but I'm getting some more info now..

      Faulting application svchost.exe, version 5.2.3790.3959, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

      For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

      If I reboot the server, everything is fine until it crashes again. Or I can go through the list of services, and see which ones have stopped (Looking at automatic start, vs what's running) start them, and all is well for awhile.. Any magical thoughts for me?

      Comment


      • #4
        Re: Generic Host Process Killed By DEP

        I guess run microsoft update. Check the AV, is it Symantec perchanc

        Can you download procexp from the Sysinternals tools (link in Misc Forum sticky) to see if anything funny is running.
        cheers
        Andy

        Please read this before you post:


        Quis custodiet ipsos custodes?

        Comment


        • #5
          Re: Generic Host Process Killed By DEP

          I've completely ptached the machine. No symantic, I have clamAV, but that was installed after the issue began. Procexp shows nothing abnormal. This one's being trick

          Comment

          Working...
          X