Jump to content

Data Execution Prevention


jimupnord

Recommended Posts

I am getting a message about Data Execution Prevention - Microsoft Windows:To help protect your computer, Windows has closed this programName: Generic Host Process for Win32 Services.This is on XP Home, Toshiba laptop. Spouse computer is getting this also. :) How do I track down what is causing this?I don't get any respect as it is... :P In last 2 months have installed AVG free and software for a new HP all-in-one printer on my home network.I get software updates from HP, AVG, Spybot, Adaware, NAV 2005Any ideas how to troubleshoot this?Thanks,Jim

Link to comment
Share on other sites

The error occurs in the GUI while everything else is still starting up.Using eventvwr /s, didn't see anything pointing to anything named in the message.Some errors were listed. I did look at properties of recent messages.Jim

Link to comment
Share on other sites

Need all the details please from the error logs.One of your programs is misbehaving, that's why DEP shuts it down.

Edited by Marsden11
Link to comment
Share on other sites

Open the Error Event in Event Viewer.Highlight the relavant text with your mouse and press Ctrl/C for Copy and then Ctrl/V for paste into your browser window and your Scot's Newsletter Forum Reply window.

Link to comment
Share on other sites

Hardware (AMD) and software-enforced DEP technologies are not designed to prevent harmful programs from being installed on your computer. Instead, they monitor your installed programs to help determine if they are using system memory safely. To monitor your programs, hardware-enforced DEP tracks memory locations declared as "non-executable". To help prevent malicious code, when memory is declared "non-executable" and a program tries to execute code from the memory, Windows will close that program. This occurs whether the code is malicious or not.Your paticular program may not be "malicious" in nature but it is definately not behaving properly with regards to writing to memory. That falls on the creator of the program to fix their bad code.

Link to comment
Share on other sites

Jim,I am having the same problem on my Fujitsu laptop. Have you been able to resolve this? The only thing I've been able to figure out is that my laptop does not support the hardware portion of DEP. What stops / solves this issue?ned

I am getting a message about Data Execution Prevention - Microsoft Windows:To help protect your computer, Windows has closed this programName: Generic Host Process for Win32 Services.
Edited by SFnedo
Link to comment
Share on other sites

nlinecomputers
Can you give me some guidance on how to capture the error logs so I can post them?Thanks,Jim

Open the event viewer pick an error and double click on it. When you open an error to look at it in the logs you'll see a little paper icon on the right side just below the up and down arrows. If you click on the paper icon the error is copied into the clipboard. You can then post it here by pasting it in the edit box here on the forum.
Link to comment
Share on other sites

This is what was in the event viewer when I get the error mentioned earlier.--------------Event Type: ErrorEvent Source: Application ErrorEvent Category: (100)Event ID: 1004Date: 2/21/2005Time: 8:24:44 PMUser: N/AComputer: JIMSTOSHDescription:Faulting application svchost.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x009a96bc.For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.Data:0000: 41 70 70 6c 69 63 61 74 Applicat0008: 69 6f 6e 20 46 61 69 6c ion Fail0010: 75 72 65 20 20 73 76 63 ure svc0018: 68 6f 73 74 2e 65 78 65 host.exe0020: 20 35 2e 31 2e 32 36 30 5.1.2600028: 30 2e 32 31 38 30 20 69 0.2180 i0030: 6e 20 75 6e 6b 6e 6f 77 n unknow0038: 6e 20 30 2e 30 2e 30 2e n 0.0.0.0040: 30 20 61 74 20 6f 66 66 0 at off0048: 73 65 74 20 30 30 39 61 set 009a0050: 39 36 62 63 96bc ---------------I made a text file of about 14KB with 24 events with errors or failure from a start and a restart.I also have files that were details from 3 of the messages.These were in a temp folder at Documents and Settings/user/Local Settings/Temp/WER77bc.dir00 :manifest.txtappcompat.txtsvchost.exe.mdmpsvchost.exe.hdmpone manifest.txt has this:-------------------------------Server=watson.microsoft.comUI LCID=1033Flags=1672018Brand=WINDOWSTitleName=Generic Host Process for Win32 ServicesDigPidRegPath=HKLM\Software\Microsoft\Windows NT\CurrentVersion\DigitalProductIdErrorText=This error occurred on 2/21/2005 at 7:42:21 PM.HeaderText=Generic Host Process for Win32 Services encountered a problem and needed to close.Stage1URL=Stage1URL=/StageOne/Generic/BEX/svchost_exe/5_1_2600_2180/41107ed6/unknown/0_0_0_0/00000000/009a96bc/c0000005/00000008.htmStage2URL=Stage2URL=/dw/GenericTwo.ASP?EventType=BEX&P1=svchost.exe&P2=5.1.2600.2180&P3=41107ed6&P4=unknown&P5=0.0.0.0&P6=00000000&P7=009a96bc&P8=c0000005&P9=00000008DataFiles=C:\DOCUME~1\user\LOCALS~1\Temp\WER77bc.dir00\svchost.exe.mdmp|C:\DOCUME~1\user\LOCALS~1\Temp\WER77bc.dir00\appcompat.txtHeap=C:\DOCUME~1\user\LOCALS~1\Temp\WER77bc.dir00\svchost.exe.hdmpErrorSubPath=Generic\BEX\svchost.exe\5.1.2600.2180\41107ed6\unknown\0.0.0.0\00000000\009a96bc\c0000005\00000008DirectoryDelete=C:\DOCUME~1\user\LOCALS~1\Temp\WER77bc.dir00--------------------Is this information useful for figuring out my problem?Would more of this be useful?Sorry for the long post.Jim

Link to comment
Share on other sites

Here is my log:

Logfile of HijackThis v1.99.1Scan saved at 9:51:43 PM, on 2/21/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\HP Web Jetadmin\hpwebjetd.exeC:\Program Files\Norton AntiVirus 2005\navapsvc.exeC:\Program Files\Norton AntiVirus 2005\IWP\NPFMntor.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\wdfmgr.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\HP Web Jetadmin\hpwebjetd.exeC:\WINDOWS\wanmpsvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Apoint2K\Apoint.exeC:\Program Files\TOSHIBA\Power Management\CePMTray.exeC:\Program Files\TOSHIBA\E-KEY\CeEKey.exeC:\Program Files\TOSHIBA\TouchPad\TPTray.exeC:\Program Files\Toshiba\ConfigFree\NDSTray.exeC:\WINDOWS\system32\EXSHOW95.EXEC:\WINDOWS\system32\ICO.EXEC:\WINDOWS\System32\taskswitch.exeC:\WINDOWS\StartupMonitor.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Apoint2K\Apntex.exeC:\WINDOWS\System32\alg.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\Program Files\Internet Explorer\iexplore.exeC:\downloads\hijackthis\hijackthis.exeC:\Program Files\Messenger\msmsgs.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url=http://www.toshiba.com/search]http://www.toshiba.com/search[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url=http://www.toshiba.com]http://www.toshiba.com[/url]O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus 2005\NavShExt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus 2005\NavShExt.dllO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exeO4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exeO4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exeO4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exeO4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"O4 - HKLM\..\Run: [EXSHOW95.EXE] EXSHOW95.EXEO4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXEO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exeO4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exeO4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.8\THGuard.exe"O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exeO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeO4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUpO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - Startup: Shortcut to procexp.exe.lnk = C:\downloads\sysinternals\procexpnt\procexp.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.comO16 - DPF: Yahoo! NFL GameChannel StatTracker - [url=http://aud16.sports.sc5.yahoo.com/java/y/nflgcst1010_x.cab]http://aud16.sports.sc5.yahoo.com/java/y/nflgcst1010_x.cab[/url]O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [url=http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB]http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB[/url]O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url=http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409]http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409[/url]O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - [url=https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab]https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab[/url]O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - [url=http://download.zonelabs.com/bin/free/cm/ICSCM.cab]http://download.zonelabs.com/bin/free/cm/ICSCM.cab[/url]O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - [url=http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab]http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab[/url]O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - [url=http://207.188.7.150/02b1ee27405de9275801/netzip/RdxIE601.cab]http://207.188.7.150/02b1ee27405de9275801/...ip/RdxIE601.cab[/url]O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - [url=http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe]http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe[/url]O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url=http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095090570531]http://v5.windowsupdate.microsoft.com/v5co...b?1095090570531[/url]O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - [url=https://www.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab]https://www.ibm.com/pc/support/access/sdcco...ad/IbmEgath.cab[/url]O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - [url=http://www.bitdefender.com/scan/Msie/bitdefender.cab]http://www.bitdefender.com/scan/Msie/bitdefender.cab[/url]O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - [url=https://www-secure.symantec.com/techsupp/asa/SymAData.cab]https://www-secure.symantec.com/techsupp/asa/SymAData.cab[/url]O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: HP Web Jetadmin (HPWebJetadmin) - Unknown owner - C:\Program Files\HP Web Jetadmin\hpwebjetd.exe" -k runservice (file missing)O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus 2005\navapsvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus 2005\IWP\NPFMntor.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus 2005\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exeO23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Thanks,JimEDIT: put HJT log in a code block= ross549

Link to comment
Share on other sites

I removed Norton Anti-Virus 2005, Microsoft Spyware Detector Beta, and drivers for HP printers. Am now using AVG. Haven't been getting anymore DEP warnings.Now I have to figure out how to get printers working again without installing those HP monster size driver packages.Luckily I have the printers still working on the spouse's laptop.I have a LaserJet 4 on Jet direct networked and also HP Officejet 7310 All - in one.I will leave the full HP suite on the W98 computer for now.Need to figure out which more generic driver will work for printing only on the 7310. Jim

Link to comment
Share on other sites

nlinecomputers

Your problem was probably AVG and Norton. Most AV programs don't play well together. Microsoft Antispyware probably can be safely returned but you might have conflicts with Trojan Hunter. I agree about the HP print packages. HP often offers slim down versions(they call them corporate versions) on the website.

Link to comment
Share on other sites

Well, I think we resolved the problem.Looks like it was the HP printer drivers causing the DEP messages.Removing NAV 2003 did not resolve the problem by itself.Paring down the HP drivers seemed to fix the problem.The blow by blow:W98 Computer "BOSSY" with wired Ethernet connection to home network.DSL modem connected to linksys router on home network.Network printer HP OfficeJet 7310 with wired Ethernet connection to home network.Network printer HP LaserJet 4+ with JetDirect wired connection to home network.XP Home SP2 Laptop computer "JIMSTOSH" with wireless connection to home network.XP Home SP2 Laptop computer "JANETOSH" with wireless connection to home network.BOSSY has full HP printer software suite for 7310 installed and working.JIMSTOSH had full HP printer software suite for 7310 installed and working.JANETOSH had corporate (smaller) software drivers for 7310 installed and working. AFIK things were working fine in late December and early January, no DEP messages.The HP software does go on the internet and get updates. (I think the corporate version did also)Started seeing DEP messages on both laptops. Removed NAV and**oft anti-spyware on JIMSTOSH but still had DEP.Removed HP printer drivers on JIMSTOSH and DEP went away.Configured 7310 printer to be shared on JANETOSH.Setup JIMSTOSH to use shared printer on JANETOSH. This resulted in transfer of 20-30MB of printer driver files to JIMSTOSH during configuration. (love that network connection) (7300 series driver is not on standard printer list for XP Home that I have installed)Configured 7310 printer TCPIP connection on JIMSTOSH, using the 7300 series driver that was now available. Had to change the address to get at the printer. Got that by printing out the network settings on the printer and using the Hostname.Printer now working fine, no DEP messages after multiple reboots.In JIMSTOSH, removed reference to the shared printer in JANETOSH.Removed NAV in JANETOSH. Still had DEP messages.Removed hp "corporate" software drivers from JANETOSH. DEP messages went away.Configured 7310 printer to be shared on JIMSTOSH.Setup JANETOSH to use shared printer on JIMSTOSH. This resulted in transfer of 20-30MB of printer driver files to JANETOSH during configuration. Configured 7310 printer TCPIP connection on JANETOSH, using the 7300 series driver that was now available. Printer now working fine, no DEP messages after multiple reboots.Turned off share for printer in JIMSTOSH.In JANETOSH, removed reference to the shared printer in JIMSTOSH.Seems to be working now with software in the laptops I hope does not automatically update.Suppose I did it the hard way.Noticed that DEP messages seemed to be from the last boot, not the current boot.Thanks for the assistance from the forum.Jim

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...