Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista, Svchost.exe, and Process Explorer


  • Please log in to reply
18 replies to this topic

#1 Red9

Red9

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Saint Louis
  • Local time:07:03 AM

Posted 28 May 2011 - 10:59 PM

I am trying desperately to fix the Svchost.exe problem on my computer. In my research (google) I came across Process Explorer. Does anyone know how I could use it to fix this problem, or if there are better ways/programs and what they are? Process Explorer opens up about 20 things which are in red, about half are svchost.exe. It allows you to stop or "kill" the ones you want. But I don't want to mess the computer up more than it already is. I've been trying to fix this for a while and any advice would be greatly appreciated.

Edited by Red9, 28 May 2011 - 11:01 PM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:03 AM

Posted 29 May 2011 - 12:03 AM

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 Red9

Red9
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Saint Louis
  • Local time:07:03 AM

Posted 31 May 2011 - 12:42 PM

Okay here it is. Attached File  Procexp.txt   6.07KB   4 downloads

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:03 AM

Posted 31 May 2011 - 01:25 PM

First of all, multiple svchost.exe processes are normal.
PE log looks fairly normal.
System Idle Process (CPU NOT used) is listed at 78.54%.

I'd like to check something though...

Go Start>Control Panel>Device Manager
Check Primary and Secondary IDE settings: Device Manager -> IDE ATA/ATAPI controllers -> Primary or Secondary IDE Channel -> Properties -> Advanced Settings. Look at the Current Transfer Mode field.
See, if it's in PIO mode instead of DMA mode.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 Red9

Red9
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Saint Louis
  • Local time:07:03 AM

Posted 02 June 2011 - 03:59 AM

After I press the "+" to open up "IDE ATA/ATAPI controllers," there's four things: "ATA Channel 0," "ATA Channel 0," "Intel ® 82801G (ICH7 Family Ultra ATA Storage Controllers - 27DF," and "Standard AHCI 1.0 Serial ATA Controller."

The first "ATA Channel 0" (after "Properties" and "Advanced Setting")has "Enable DMA" checked. The Target Id is "0," the device type is "ATAPI Cdrom," and the current mode is "Multi-Word DMA Mode 2."

The second one has the same thing, except the device type is "ATA Disk" and the current mode is "Ultra DMA Mode 6."

Edited by Red9, 02 June 2011 - 04:00 AM.


#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:03 AM

Posted 02 June 2011 - 06:22 PM

That looks OK then.

What are the actual, specific computer problems?

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 Red9

Red9
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Saint Louis
  • Local time:07:03 AM

Posted 02 June 2011 - 07:48 PM

Multiple svchost.exe are opened up and so the computer is very very slow. The only way to make it go slightly faster is to close some of the svchost.exe through task manager.

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:03 AM

Posted 02 June 2011 - 07:53 PM

We need some more info about your computer.

Please download MiniToolBox and run it.

Checkmark following boxes:
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size
Click Go and post the result.

==========================================================

Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
No installation required.
Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
Go File>Save, and save it as AutoRuns.txt file to know location.
You must select Text from drop-down menu as a file type:

Posted Image

Attach the file to your next reply.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 Red9

Red9
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Saint Louis
  • Local time:07:03 AM

Posted 02 June 2011 - 08:54 PM

MiniToolBox by Farbar
Ran by Administrator (administrator) on 02-06-2011 at 20:45:45
Windows Vista ™ Home Basic (X86)

***************************************************************************


========================= Event log errors: ===============================

Application errors:
==================
Error: (05/25/2011 00:06:03 PM) (Source: NtServicePack) (User: )
Description: WindowsNot enough storage is available to process this command.

Error: (05/25/2011 00:05:21 PM) (Source: NtServicePack) (User: )
Description: WindowsNot enough storage is available to process this command.

Error: (05/25/2011 00:54:49 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.WorkflowServices, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131522

Error: (05/25/2011 00:53:15 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.Web.Extensions.Design, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131522

Error: (05/25/2011 00:49:15 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.ServiceModel.Web, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131522

Error: (05/25/2011 00:45:31 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.Data.Services, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131522

Error: (05/25/2011 05:43:17 AM) (Source: RasClient) (User: )
Description: CoID={539A51D4-D56D-48E4-A463-9A3A0B7EF922}: The user 378DNO8K6R4G0\Administrator dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.

Error: (05/25/2011 05:43:13 AM) (Source: RasClient) (User: )
Description: CoID={6067A348-3720-470B-BF93-F4A2509D4C33}: The user 378DNO8K6R4G0\Administrator dialed a connection named Broadband Connection which has failed. The error code returned on failure is 814.

Error: (05/24/2011 10:44:29 PM) (Source: RasClient) (User: )
Description: CoID={AF594333-C19E-4B38-8556-B96AC3B5E38D}: The user 378DNO8K6R4G0\Administrator dialed a connection named Broadband Connection which has failed. The error code returned on failure is 814.

Error: (05/24/2011 10:43:14 PM) (Source: RasClient) (User: )
Description: CoID={3B0BCCEB-46F6-480E-B8E9-AFED0C077D26}: The user 378DNO8K6R4G0\Administrator dialed a connection named Broadband Connection which has failed. The error code returned on failure is 814.


System errors:
=============
Error: (05/28/2011 09:30:16 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.64 for the Network Card with network address 0016D4A59F39 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Error: (05/25/2011 11:16:49 AM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (05/25/2011 11:15:49 AM) (Source: DCOM) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (05/25/2011 11:13:19 AM) (Source: Service Control Manager) (User: )
Description: SL UI Notification ServiceNetwork List Service%%1058

Error: (05/25/2011 11:11:48 AM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (05/25/2011 11:08:35 AM) (Source: Service Control Manager) (User: )
Description: KtmRm for Distributed Transaction Coordinator

Error: (05/25/2011 11:06:48 AM) (Source: Service Control Manager) (User: )
Description: Background Intelligent Transfer Service

Error: (05/25/2011 11:03:15 AM) (Source: Service Control Manager) (User: )
Description: SL UI Notification ServiceNetwork List Service%%1058

Error: (05/25/2011 11:01:07 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:56:22 AM on 5/25/2011 was unexpected.

Error: (05/25/2011 10:29:01 AM) (Source: Service Control Manager) (User: )
Description: 30000PlugPlay


Microsoft Office Sessions:
=========================

========================= End of Event log errors =========================

========================= Memory info: ====================================

Percentage of memory in use: 71%
Total physical RAM: 501.5 MB
Available physical RAM: 144.67 MB
Total Pagefile: 1493.42 MB
Available Pagefile: 769.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1993.79 MB

======================= Partitions: =======================================

1 Drive c: () (Fixed) (Total:24.02 GB) (Free:8.57 GB) NTFS
3 Drive e: (VOLUME LABEL) (Fixed) (Total:208.87 GB) (Free:208.51 GB) NTFS

================= Users: ==================================================

User accounts for \\378DNO8K6R4G0

-------------------------------------------------------------------------------
Administrator Guest
The command completed successfully.

================= End of Users ============================================


Attached File  AutoRuns.txt   62.21KB   2 downloads

Edited by Red9, 02 June 2011 - 08:54 PM.


#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:03 AM

Posted 02 June 2011 - 09:26 PM

I can see two AV program running, Avast and Norton.
Which one is your current, updated AV program?

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#11 Red9

Red9
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Saint Louis
  • Local time:07:03 AM

Posted 03 June 2011 - 02:48 AM

I don't use Norton, I think it came with the computer when I changed the hard drive. But I do use Avast, it works great.

Basically, after I changed the hard drive this svchost.exe problem started occurring. I've tried two different types of hard drives. One of them was ordered from the computer manufacturer and the other one is a SATA one I bought at BestBuy. Both have the same problem.

Edited by Red9, 03 June 2011 - 02:54 AM.


#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:03 AM

Posted 03 June 2011 - 02:03 PM

I don't use Norton

...but you have Norton's leftovers, which may be one of the reasons, your computer is slow.
You could also use another 512MB of RAM.

Remove Norton's leftovers by running this tool: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

When done, post new Autoruns log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#13 Red9

Red9
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Saint Louis
  • Local time:07:03 AM

Posted 04 June 2011 - 12:19 AM

Here it is:
Attached File  AutoRuns2.txt   57.59KB   1 downloads

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:03 AM

Posted 04 June 2011 - 12:30 AM

That looks good.
How is computer doing now?

Can you post fresh Process Explorer log?

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#15 Red9

Red9
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Saint Louis
  • Local time:07:03 AM

Posted 04 June 2011 - 12:44 AM

If I open multiple (3+) windows it freezes often and if I waited it out (10 - 30 seconds) it unfreezes. But windows (like Mozilla) open up, it's just that they take considerable time to do so. This is unusual because on another computer, it is something like 1 to 3 seconds (with the same internet).




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users