My brothers laptop was apparently fine until yesterday when an error message containing

Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience.

Error Sinature-
szAppName : svchost.exe szAppVer : 5.1.2600.0 szModName : unknown
szModVer : 0.0.0.0 offset : 00000000

began to pop up and when he got rid of the error message his internet was not accessible. Seemingly this happens on a fiarly regular basis now.

Any help would be greatly appreciated

You can try downloading a fix from here
http://support.microsoft.com/?kbid=894391#top

However it could be a number of things - it's unfortunate that it's not able to say what module is causing the problem in the error signature. The most common cause is a conflict with a driver, and some printers are pretty notorious for this.

You can help to narrow it down by going to Start, Control Panel, Administrative Options, and then selecting Event Viewer. In the lefthand panel you can see Applications and System. Double-click these to open them up. On the righthand panel you should see a list of Events, some of which will be warnings. Look at the ones that indicate a problem with svchost.exe or Win32 Services and double-click on them. You should get another window open up with, among other things, an Error ID number...that might help to narrow the cause down.

Thanks a lot Glos will pass on to my brother and see if he has any luck with it

These are the errors that were shown

Application
Faulting application svchost.exe, version 5.1.2600.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Fault bucket 02122897.


System
The device, \Device\Harddisk0\D, has a bad block.


Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.

The Rio MSC Manager service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Timeout (30000 milliseconds) waiting for the Rio MSC Manager service to connect.

The McAfee SpamKiller Server service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Timeout (30000 milliseconds) waiting for the McAfee SpamKiller Server service to connect.

Installation Failure: Windows failed to install the following update with error 0x8007054f: Windows XP Service Pack 2.

Windows XP Service Pack 2 installation failed.
An internal error occurred.

The description for Event ID ( 10 ) in Source ( Pcmcia ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: \Device\Pcmcia0.

Error code 000000d1, parameter1 faa6f7c0, parameter2 00000002, parameter3 00000000, parameter4 faa485e4.


Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.


DCOM got error "The service did not respond to the start or control request in a timely fashion. " attempting to start the service iPod Service with arguments "-Service" in order to run the server:
{063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Unfortunately that's not much clearer - a lot of those errors could've been caused simply by the loss of the internet connection. However, it is possible that he's picked up some kind of msblast worm derivative. So first things first:
1. Has he run an AV check? If he can get online, then try the version at www.pandasoftware.com/activescan (http://www.pandasoftware.com/activescan)
2. Also run Adaware and Spybot S&D
3. Make sure that all open ports are closed. Download this http://www.firewallleaktester.com/tools/wwdc.exe (http://www.firewallleaktester.com/tools/wwdc.exe) and close any ports it shows as still being open.
4. Take a look at your hosts file. This is in C:\Windows\system32\driver\ etc. If you double-click on it, it will ask you to choose a program to open it with...choose Notepad. You're looking for a lot of websites (especially McAfee ones) listed at 127.0.0.1 Ideally you should just have the one reference to 127.0.0.1 with "local host" as the host name. Any more than that would suggest that it is a worm attempting to disable or mess with your AV software.

It's also possible that it's simply a driver conflict. Has he installed any new software, particularly in the past few days before the problem occured? If so (and providing a full AV scan doesn't find any problems), I'd recommend doing a system restore to a point some weeks before he first experienced the error.

Another clue that it could be a driver problem is the brief reference to not being able to install Windows SP2. The most common cause for this is that his laptop requires special drivers for some of its hardware, but these drivers are obsolete or not compatible with SP2. The solution is to track down newer versions of those drivers and install them.

Hope that helps

cheers Glos will pass on to him and see if it helps