Windows XP stopping abruptly and what is "svchost"
Report abuse
Thank you.
Reported content has been submitted
* Please try a lower page number.
* Please enter only numbers.
Hi,
Svchost.exe is a process on your computer that hosts, or contains, other individual services that Windows uses to perform various functions.
There can be multiple instances of svchost.exe running on your computer, with each instance containing different services. One instance of svchost.exe might host a single service for a program, and another instance might host several services related to Windows. You can use Task Manager to view which services are running under each instance of svchost.exe.
IRQL_NOT_LESS_OR_EQUAL have a look : http://support.microsoft.com/kb/314063
Report abuse
Thank you.
Reported content has been submitted
Was this reply helpful?
Sorry this didn't help.
Great! Thanks for your feedback.
How satisfied are you with this reply?
Thanks for your feedback, it helps us improve the site.
How satisfied are you with this reply?
Thanks for your feedback.
Report abuse
Thank you.
Reported content has been submitted
Was this reply helpful?
Sorry this didn't help.
Great! Thanks for your feedback.
How satisfied are you with this reply?
Thanks for your feedback, it helps us improve the site.
How satisfied are you with this reply?
Thanks for your feedback.
If your system is not afflicted with malicious software, important XP Services run behind those svchost Processes - sometimes just one Service, sometimes several.
The User Name you see might for the svchost Processes might be LOCAL SERVICE or NETWORK SERVICE and that is how the XP Services attach themselves to login to your system using these special accounts, for example:
LOCAL SERVICE would be Local Services - things like the Webclient or Application Layer Gateway Services.
NETWORK SERVICE would be Network Services - things like the DNS Client or Remote Procedure Call RPC Services.
Those XP Services are running behind/under those svchost Processes using those special account names.
Some malicious software knows that using Task Manager, you can't see what is running behind the svchost Processes so the malicious software will run under one of them hiding so you can't see it. Allegedly, some malicious software may disguise itself as a svchost Process to fool you even more.
When things like that happen, you will usually see a svchost Process that has run amok consuming lots of CPU or memory when they normally don't, so if you are seeing that, you should run some reputable malware scanners first.
No matter what else you are using for malicious software protection, do this:
Download, install, update and do a quick scan with these free malware detection programs (not at the same time):
Malwarebytes (MBAM): http://www.malwarebytes.org/products/malwarebytes_free
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/
SAS will probably report a bunch of tracking cookies and you can just let it delete them.
They can be uninstalled later if desired.
You can see what is running behind your svchost Processes if you use Process Explorer. PE can be a little intimidating at first since it displays alot of information, but once you get the hang of it, you will start to like it if you are troubleshooting performance issues. PE doesn't install anything and just runs on demand, so it will not bog your system down.
If you read this article, you will be smarter than the average bear about what goes on with all those svchost.exe Processes you see in Task Manager and understand why it is normal to see several svchost Processes running in Task Manager.
http://www.bleepingcomputer.com/tutorials/tutorial129.html
Report abuse
Thank you.
Reported content has been submitted
Was this reply helpful?
Sorry this didn't help.
Great! Thanks for your feedback.
How satisfied are you with this reply?
Thanks for your feedback, it helps us improve the site.
How satisfied are you with this reply?
Thanks for your feedback.
Report abuse
Thank you.
Reported content has been submitted
Was this reply helpful?
Sorry this didn't help.
Great! Thanks for your feedback.
How satisfied are you with this reply?
Thanks for your feedback, it helps us improve the site.
How satisfied are you with this reply?
Thanks for your feedback.
Here's how:
Sadly the MS Answers forums does not prompt for any system information when a new question is asked, so we know absolutely nothing about your system.
Not knowing fundamental information about a problem prolongs the frustration and agony of resolving these issues.
Thank you MS Answers, for continuing to make the resolution of simple problems as frustrating and time consuming as possible.
What is your system make and model?
What is your XP Version and Service Pack?
What is your Internet browser and version?
Does your system have IDE drives or SATA drives?
Describe your current antivirus and anti malware situation: McAfee, Symantec, Norton, Spybot, AVG, Avira!, MSE, Panda, Trend Micro, CA, Defender, ZoneAlarm, PC Tools, Comodo, etc.
Was the issue preceded by a power interruption, aborted restart, or improper shutdown? (this includes plug pulling, power buttons, removing the battery, etc.)?
Does the afflicted system have a working CD/DVD drive (internal or external)?
Do you have a genuine bootable XP installation CD that is the same Service Pack as your installed Service Pack (this is not the same as any Recovery CDs that came with your system)?
What do you see that you don't think you should be seeing and when do you see it?
What do you not see that you think you should be seeing?
If the system used to work properly, what do you think might have changed since the last time it did work properly?
Sometimes BlueScreenView will implicate XP files as the cause of the crash (ntoskrnl.exe, win32k.sys, hal.dll etc.) but they are probably not the real cause of the crash (BSV does the best it can) and you need to look at some other crash dumps or use the Windows debugging tools to dig a little deeper into the crash dump to find the real cause.
You would have to either gather up some more example crashes and look through them, or find some where XP files are not the "cause" or you could upload your crash dump files to your SkyDrive and somebody with the Windows debugging tools can help take a look at them in more detail.
Open BSOD.txt with a text editor Notepad, WordPad, etc.), select all the text (Ctrl-A), copy all the text to the Windows clipboard (Ctrl-C) and paste the text from the clipboard (Ctrl-V) back here in your next reply.
Dump File : Mini102911-02.dmp
Crash Time : 10/29/2011 4:54:36 AM
Bug Check String : MANUALLY_INITIATED_CRASH
Bug Check Code : 0x000000e2
Parameter 1 : 0x00000000
Parameter 2 : 0x00000000
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : i8042prt.sys
Caused By Address : i8042prt.sys+27fb
File Description : i8042 Port Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.5512 (xpsp.080413-2108)
Processor : 32-bit
Crash Address : ntoskrnl.exe+22f43
Stack Address 1 : i8042prt.sys+27fb
Stack Address 2 : i8042prt.sys+2033
Stack Address 3 : ntoskrnl.exe+6e715
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini102911-02.dmp
Processors Count : 4
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
==================================================
No matter what else you are using for malicious software protection, do this:
Malwarebytes (MBAM): http://www.malwarebytes.org/products/malwarebytes_free
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/
SAS will probably report a bunch of tracking cookies and you can just let it delete them.
They can be uninstalled later if desired.
Sometimes it is easiest to just upload the memory dump files from your most recent crashes to your SkyDrive (everybody has a SkyDrive for sharing file). Then somebody that already has the Windows debugging tools can take a closer look at things and figure out what is going on.
The memory dump files from the recent crashes and BSODs are usually in this folder:
c:\windows\minidump
The files will be named something like this:
Mini120311-01.dmp
You need to upload the most recent ones... maybe 5-10 of the most recent crash dump files ought to be enough if you have that many. If you do not have that many, send what you do have.
Getting started with SkyDrive:
http://explore.live.com/skydrive-get-started
After you get your files uploaded and are looking at them on your SkyDrive, you need to "share" your folders/files so others can see them.
Here is a link that tells you how to do that:
http://explore.live.com/windows-live-skydrive-change-access-permissions-faq
Then choose the "Get a link" button. When you click that, a window will open that contains the link to your SkyDrive files.
Copy the contents of the box "Copy this link to share:" by selecting the link contents (it will all become highlighted), press Ctrl-C (copy) and then come back to the forum and in your next message press Ctrl-V to paste the contents of the link back here.
What you paste back will look something like this link to my SkyDrive:
https://skydrive.live.com/redir.aspx?cid=6a7e789cab1d6f39&resid=6A7E789CAB1D6F39!311
Report abuse
Thank you.
Reported content has been submitted
Was this reply helpful?
Sorry this didn't help.
Great! Thanks for your feedback.
How satisfied are you with this reply?
Thanks for your feedback, it helps us improve the site.
How satisfied are you with this reply?
Thanks for your feedback.
Report abuse
Thank you.
Reported content has been submitted
Was this reply helpful?
Sorry this didn't help.
Great! Thanks for your feedback.
How satisfied are you with this reply?
Thanks for your feedback, it helps us improve the site.
How satisfied are you with this reply?
Thanks for your feedback.
You might be able to get some clues using about what is going with your svchost.exe Processes using Task Manager and maybe figure it out.
You will always be able to figure out what is going with your svchost.exe Processes if you use Process Explorer.
Download Process Explorer so you can see what is "really" running on your system, especially behind those multiple svchosts Processes you see running in Task Manager.
Download Process Explorer from here:
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
You'll like Process Explorer when you get the hang of it. Process Explorer is the Windows Task Manager on steroids.
Process Explorer installs nothing so it will not slow your system down since it only runs on demand.
Process Explorer may look a little intimidating at first since it presents so much information, but you will start to get to like the way it works when you are looking for performance problems. You can even tell PE that you want it to be your new default "Task Manager" from now on. You can still run the original Task Manger too.
Once you get Process Explorer running, expand the columns, drag the corners of the display to make it bigger, etc. so you can see the most information as possible in the window. Now you can really see everything that is running on the system.
Here is a screenshot of my poor system when I use Process Explorer:
http://img222.imageshack.us/img222/2567/processexplorer.png
The CPU column is usually the most interesting to get started with performance issues - who is using the most?
It is okay and normal to have multiple svchost,exe Processes running. Important XP Services are actually running under the svchost.exe Processes. Sometimes there is just one XP Service running under a svchost.exe Process, sometimes there are several XP Services running under a svchost.exe Process.
Sometimes malicious software will hide behind a svchost.exe Process since the malicious software knows you will not be able to spot it in Task Manager. It will hide behind a svchost.exe Process to fool you, but you can outsmart it.
Malicious software can also disguise itself to appear to be a legitimate XP Process or it could hide under/behind other Processes that you see running in Task Manager so you cannot see it running.
The malicious software would like to fool you into thinking that you need to use a System Restore Point, perform a Repair Install or reinstall your XP from scratch when you really don't have to.
When looking at the display in Process Explorer, you would like the most CPU to be associated with System Idle Process. That is the "free time" on your system so the more free time it has, the better.
If you look at the performance graphs and see red spikes (or not) double click the graph in the top left corner to display the usage graph. Hover the mouse over any spikes to see what causes them. Even if the spike has already scrolled past in the display, you can still hover the mouse over the spike to see what caused it. You can also just wait for a spike to occur and then see what caused the spike.
Report abuse
Thank you.
Reported content has been submitted
Was this reply helpful?
Sorry this didn't help.
Great! Thanks for your feedback.
How satisfied are you with this reply?
Thanks for your feedback, it helps us improve the site.
How satisfied are you with this reply?
Thanks for your feedback.
Report abuse
Thank you.
Reported content has been submitted
Was this reply helpful?
Sorry this didn't help.
Great! Thanks for your feedback.
How satisfied are you with this reply?
Thanks for your feedback, it helps us improve the site.
How satisfied are you with this reply?
Thanks for your feedback.
Report abuse
Thank you.
Reported content has been submitted
Was this reply helpful?
Sorry this didn't help.
Great! Thanks for your feedback.
How satisfied are you with this reply?
Thanks for your feedback, it helps us improve the site.
How satisfied are you with this reply?
Thanks for your feedback.
Generally, Event Viewer logs are not helpful for BSODs (sorry, Microsoft engaged Support Engineer "experts"). You need to work on answering as many of the questions as you can, doing the scans, then look at your crash dumps with BlueScreenView (maybe you will spot the issue) and also upload your crash dump files to your SkyDrive and somebody can look at them.
Report abuse
Thank you.
Reported content has been submitted
Was this reply helpful?
Sorry this didn't help.
Great! Thanks for your feedback.
How satisfied are you with this reply?
Thanks for your feedback, it helps us improve the site.
How satisfied are you with this reply?
Thanks for your feedback.