Windows XP stopping abruptly and what is "svchost"

Hi,

 

Svchost.exe is a process on your computer that hosts, or contains, other individual services that Windows uses to perform various functions.

 

There can be multiple instances of svchost.exe running on your computer, with each instance containing different services. One instance of svchost.exe might host a single service for a program, and another instance might host several services related to Windows. You can use Task Manager to view which services are running under each instance of svchost.exe.

 

IRQL_NOT_LESS_OR_EQUAL have a look : http://support.microsoft.com/kb/314063

the svchost.exe which occupys my pc is SYSTEM's(writes under the user name in task manager) not LOCAL NETWORK's or other instances

Generally, yes - if you are looking in Task Manager, it is normal to see several/many svchost Processes running.  You might see 5-10 svchost Processes running in Task Manager, maybe less or maybe more.  But what you can't see with Task Manager is what is running behind them.

If your system is not afflicted with malicious software, important XP Services run behind those svchost Processes - sometimes just one Service, sometimes several.

The User Name you see might for the svchost Processes might be LOCAL SERVICE or NETWORK SERVICE and that is how the XP Services attach themselves to login to your system using these special accounts, for example:

LOCAL SERVICE  would be Local Services - things like the Webclient or Application Layer Gateway Services.

NETWORK SERVICE would be Network Services - things like the DNS Client or Remote Procedure Call RPC Services.

Those XP Services are running behind/under those svchost Processes using those special account names.

Some malicious software knows that using Task Manager, you can't see what is running behind the svchost Processes so the malicious software will run under one of them hiding so you can't see it.  Allegedly, some malicious software may disguise itself as a svchost Process to fool you even more.

When things like that happen, you will usually see a svchost Process that has run amok consuming lots of CPU or memory when they normally don't, so if you are seeing that, you should run some reputable malware scanners first.

No matter what else you are using for malicious software protection, do this:

Download, install, update and do a quick scan with these free malware detection programs (not at the same time):

Malwarebytes (MBAM):  http://www.malwarebytes.org/products/malwarebytes_free
SUPERAntiSpyware: (SAS):  http://www.superantispyware.com/

SAS will probably report a bunch of tracking cookies and you can just let it delete them.

They can be uninstalled later if desired.

You can see what is running behind your svchost Processes if you use Process Explorer.  PE can be a little intimidating at first since it displays alot of information, but once you get the hang of it, you will start to like it if you are troubleshooting performance issues.  PE doesn't install anything and just runs on demand, so it will not bog your system down.

If you read this article, you will be smarter than the average bear about what goes on with all those svchost.exe Processes you see in Task Manager and understand why it is normal to see several svchost Processes running in Task Manager.

http://www.bleepingcomputer.com/tutorials/tutorial129.html

The next time you get the blue screen of death (BSOD), write down the technical code. We will need that in order to provide you help in solving the problem.

For your BSOD (Blue Screen of Death) issue, if you want to solve it, you are going to have to provide some information and the probably upload your crash dump files so somebody that has the Windows debugging tools can take a look at them

Here's how:

Sadly the MS Answers forums does not prompt for any system information when a new question is asked, so we know absolutely nothing about your system.

Not knowing fundamental information about a problem prolongs the frustration and agony of resolving these issues.

Thank you MS Answers, for continuing to make the resolution of simple problems as frustrating and time consuming as possible.

==================================================
Dump File         : Mini102911-02.dmp
Crash Time        : 10/29/2011 4:54:36 AM
Bug Check String  : MANUALLY_INITIATED_CRASH
Bug Check Code    : 0x000000e2
Parameter 1       : 0x00000000
Parameter 2       : 0x00000000
Parameter 3       : 0x00000000
Parameter 4       : 0x00000000
Caused By Driver  : i8042prt.sys
Caused By Address : i8042prt.sys+27fb
File Description  : i8042 Port Driver
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 5.1.2600.5512 (xpsp.080413-2108)
Processor         : 32-bit
Crash Address     : ntoskrnl.exe+22f43
Stack Address 1   : i8042prt.sys+27fb
Stack Address 2   : i8042prt.sys+2033
Stack Address 3   : ntoskrnl.exe+6e715
Computer Name     :
Full Path         : C:\WINDOWS\Minidump\Mini102911-02.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 2600
Dump File Size    : 94,208
================================================== Download, install, update and do a quick scan with these free malware detection programs (not at the same time):

Malwarebytes (MBAM):  http://www.malwarebytes.org/products/malwarebytes_free
SUPERAntiSpyware: (SAS):  http://www.superantispyware.com/

SAS will probably report a bunch of tracking cookies and you can just let it delete them.

They can be uninstalled later if desired.
Reboot your computer and troubleshoot remaining issues.

Sometimes it is easiest to just upload the memory dump files from your most recent crashes to your SkyDrive (everybody has a SkyDrive for sharing file).   Then somebody that already has the Windows debugging tools can take a closer look at things and figure out what is going on.

The memory dump files from the recent crashes and BSODs are usually in this folder:

c:\windows\minidump

The files will be named something like this:

Mini120311-01.dmp

You need to upload the most recent ones...  maybe 5-10 of the most recent crash dump files ought to be enough if you have that many.  If you do not have that many, send what you do have.

Getting started with SkyDrive:
http://explore.live.com/skydrive-get-started

After you get your files uploaded and are looking at them on your SkyDrive, you need to "share" your folders/files so others can see them.

Here is a link that tells you how to do that:
http://explore.live.com/windows-live-skydrive-change-access-permissions-faq

Then choose the "Get a link" button.  When you click that, a window will open that contains the link to your SkyDrive files.

Copy the contents of the box "Copy this link to share:" by selecting the link contents (it will all become highlighted), press Ctrl-C (copy) and then come back to the forum and in your next message press Ctrl-V to paste the contents of the link back here.

What you paste back will look something like this link to my SkyDrive:

https://skydrive.live.com/redir.aspx?cid=6a7e789cab1d6f39&resid=6A7E789CAB1D6F39!311

THANKS for the advices on the bottom of your reply.I am newb in this site and computer/tech. world.I got lots of things to learn and whre can ı find process explorer

Here is some more for you (some is repeated):


You might be able to get some clues using about what is going with your svchost.exe Processes using Task Manager and maybe figure it out.

You will always be able to figure out what is going with your svchost.exe Processes if you use Process Explorer.

Download Process Explorer so you can see what is "really" running on your system, especially behind those multiple svchosts Processes you see running in Task Manager.

Download Process Explorer from here:

http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

You'll like Process Explorer when you get the hang of it.  Process Explorer is the Windows Task Manager on steroids.

Process Explorer installs nothing so it will not slow your system down since it only runs on demand.

Process Explorer may look a little intimidating at first since it presents so much information, but you will start to get to like the way it works when you are looking for performance problems.   You can even tell PE that you want it to be your new default "Task Manager" from now on.  You can still run the original Task Manger too.

Once you get Process Explorer running, expand the columns, drag the corners of the display to make it bigger, etc. so you can see the most information as possible in the window.  Now you can really see everything that is running on the system.

Here is a screenshot of my poor system when I use Process Explorer:

http://img222.imageshack.us/img222/2567/processexplorer.png

The CPU column is usually the most interesting to get started with performance issues - who is using the most?

It is okay and normal to have multiple svchost,exe Processes running.  Important XP Services are actually running under the svchost.exe Processes. Sometimes there is just one XP Service running under a svchost.exe Process, sometimes there are several XP Services running under a svchost.exe Process.

Sometimes malicious software will hide behind a svchost.exe Process since the malicious software knows you will not be able to spot it in Task Manager.  It will hide behind a svchost.exe Process to fool you, but you can outsmart it.

Malicious software can also disguise itself to appear to be a legitimate XP Process or it could hide under/behind other Processes that you see running in Task Manager so you cannot see it running.

The malicious software would like to fool you into thinking that you need to use a System Restore Point, perform a Repair Install or reinstall your XP from scratch when you really don't have to.

When looking at the display in Process Explorer, you would like the most CPU to be associated with System Idle Process.  That is the "free time" on your system so the more free time it has, the better.

If you look at the performance graphs and see red spikes (or not) double click the graph in the top left corner to display the usage graph.  Hover the mouse over any spikes to see what causes them.  Even if the spike has already scrolled past in the display, you can still hover the mouse over the spike to see what caused it.  You can also just wait for a spike to occur and then see what caused the spike.

when ı type "EVENTVWR"   to "run"section in "start" then click the "system" option on the left ı can see more info. s about the errors should ı also send you these info.s in case you need them?And ı got 2 antivırus programs in my pc malwarebytes and microsoft essentials but ı copied the malwarebytes folder from program files to my external harddisk  then ı delete the folder in program files but ı did not completely deleted from my pc is microsoft security essentails enough to protect my system or malwarebytes is better.By the way ı do not want to delete malwarebytes cause it is licensed and ı am currently using security essentials.

ı saw your screenshot you have "virtual size" column which ı do not.INstead ı have" private bytes" and "working set "column which you don't have.Hope this info. will be useful for you

If you look under View, Select columns you can choose what you want to see.  I like to see the Virtual Size so when people say their system is running out of virtual memory, you will be able to see who is using the virtual memory.

Generally, Event Viewer logs are not helpful for BSODs (sorry, Microsoft engaged Support Engineer "experts").  You need to work on answering as many of the questions as you can, doing the scans, then look at your crash dumps with BlueScreenView (maybe you will spot the issue) and also upload your crash dump files to your SkyDrive and somebody can look at them.