acer aspire svchost.exe running at 100%

hi, i originally thought this was a malware problem so i posted this post in the other section
http://forums.majorgeeks.com/showthread.php?p=946300#post946300
ive been thru everything and its still doing it,
somebody pointed out that it may be something to do with the windows update and redirected me to another post where i followed all the instructions but its still doing the same thing
when i start windown update, svchost.exe takes upto 99% of the memory making the pc unusable
if i stop the svchost the screen will revert to win 98 styling as the attached pic shows
cutting off the wuauclt.exe helps bring the pc back to normal
if anyone could help it would be much appreciated
thanx carl

 

Tough one I'm afraid, as MANY services use the SVCHOST executable, and depending on it's useage, it will open its own handles/threads.

In other words, it may not be SVCHOST itself causing the problem, as much as it might look like it.

We'll need further information. Could you please download Process Explorer, run it, and post back with as much information on the defunct SVCHOST thread as possible?

 

Down load the autopatcher for XP updates to date (it's over 300MB)

http://www.majorgeeks.com/AutoPatcher_XP_Update_d5213.html

Disconnect your network and internet.
Run this from hard drive or Cd.
If you have the Mcafee installation stuff I would uninstall it or at least turn it off, and reinstall (re-enable ) it afterwards.
You can choose to install IE7 or not.

You should then be well equipped to face going back on line and using your pc normally again.


Studio T

 

ok right, now im confused, i have 2 completely different options here, which one do i go for? confused
any further comments about either option would be grateful
i dont wanna download a 300mb file if it can be cured a simpler way, and i dont wanna go running round for weeks lookin for a problem that might be untraceable if it can be cured by downloading a few files

hehe
at the end of the day, i need to sort it, which one in your eyes seems the best (not necessarily the easiest) way to fix it??
im inclined to go towards process explorer first but will wait for some feedback on it
cheers carl

 

ok just an update, ive downloaded process explorer and its running, im afraid my knowledge of how this program works is at zero,
is there any way i can get a report from it, how do i work it
thanx carl

 

Okay, if you have process explorer running, you need only to highlight the SVCHOST thread (found under System Idle Process --> System --> smss.exe --> winlogon.exe --> services.exe) that's running at 100%. All the folders and files it has open will list at the bottom. Hitting CTRL+D will toggle this display to show DLLs it has loaded into memory. Hitting CTRL+H will toggle back. This is the information I was after.

studiot has given a valid suggestion that might even be easier than tracing down the exact cause. Updating Windows may replace a legacy DLL file with a newer one that won't cause this problem. However, I wouldn't guarantee this method to work. For example, if you already have the latest version of the problem file, and it's simply become corrupt, it will not be updated, and you will be left with the same problem.

 

excellent right, understood, ive just took this screenshot and attached it showing the load on the memory,
how do i get this info you want, i mean how can i get it out of the program to show it to you, ive opened lower pane and when i hit the suspect svchost i get a list as long as my arm, ive just closed the lower pane and hit ctrl+d and its brought up another long list of dll's
i presume this is the list you need, there doesnt seem to be any way to copy it, oh and by the way, should i start the windows update before i do ctrl+d so its loading the memory
thanx carl

 

Sorry to mention a third approach, but if you download and install Belarc Advisor it will tell you if any previous MS updates are corrupt (I suggest their deletion and download again). Scroll down the page to check them out.

Installed Microsoft Hotfixes [Back to Top]
For example, I found one on my PC.
KB904942 on 22/10/2006 (details...) Reinstall!

At the top right of the first page it will also tell you if your MS updates are up-to-date, or how many behind you are. For example
Microsoft Security Updates

5 missing (or more)

If you have any updates to "Re-install", I suggest you fix these first, and report back the results after you fix them and have re-booted.

Belarc Advisor​

http://www.majorgeeks.com/Belarc_Advisor_d1385.html​

The Belarc Advisor builds a detailed profile of your installed software and hardware and displays the results in your Web browser. All of your PC profile information is kept private on your PC and is not sent to any web server.

Bazza

 

oh right nice one bazza, just confuse me even more
lol
ok, but im halfway thru the process explorer thing, i will carry on with process explorer first, unless advised otherwise, and if it fails ill go for belarc advisor
i think all of my updates are done, apart from a hardware one which im ignoring, sis graphics
thanx carl

 

Sorry about that, but Belarc Advisor will quickly tell you if any MS Update is corrupt, which maybe the cause of your problem.

PS: Sorry my previous post was a bit messy, but my Notepad program logges me out twiceconfused as I was trying to tidy it up and I ran out of editing time. Bazza

===

 

ok, im closing process explorer, and going down the belarc route instead
ill get back when i either have news or when i get stuck hehe
cheers carl

 

right, ive done that, it seems everything is up to date, i think!!!!!
ive tried to attach a word document of the web page that popped up from belarc but its too big 566kb, instead ive just copied the top bit, do you need any more?
carl

 

File --> Save As will allow you to export the information to file. (We'll have to do once for DLLs and again for handles.)

I leave it to Bazza to determine whether we have interpreted the Belarc logs correctly.

 

heres the process explorer notepads mada,
i think the belarc says everything is fine, i can split the belarc into about 6 seperate files and attach them on 2 posts if bazza needs to see everything it gave me, ive got it all saved
thanx carl

 

Just to confirm: This is the instance of SVCHOST.EXE (keep in mind that there are several) that is running at 100%? I ask because I do not see it listed as running with any CPU usage here. I do notice that it is the information for the FIRST listed instance.

 

Sadly, I will not be able to advise further today, as it's quitting time for me. I will be back tomorrow at approx 7AM EST.

Maybe another geek can pick up where I've left off?

 

Sorry, I can't open php attachments.
What program do I need to check them out? confused Bazza

 

yes i can run my windows update and make it run at 99-100%, in fact ill do that now 1 sec
right ive ran windows update, it immediately started loading svchost with 85%, the rest of the 15% was taken by task manager and process explorer etc
i did a screen shot and saved the log
carl

 

if its ok mada ill hang on for you tomorrow, save confusing anyone else lol, bazza, what do u mean php documents
ive only uploaded text files and word documents, microsoft word
thanx carl

 

Please refer to this Microsoft KB titled, FIX: When you run Windows Update to scan for updates that use Windows Installer, including Office updates, CPU utilization may reach 100 percent for prolonged periods.

If you are unsure of how to check for this symptom, follow these steps to access the event logs:

1. Right-click 'My Computer'
2. Select 'Manage'
3. On the 'Computer Management' window, expand 'Event Viewer'

You will now see a few event logs. The error we are after is most likely to be in the 'Application' log.

 

A web browser should be able to open them, provided that your pop-up settings aren't too strict.

Edit: confirmed - just tried it in IE7 w/ default settings - isn't that what you use, Baz?

 

I think my route is looking more and more attractive.

Studio T

 

I'm still using IE6. When I try to open the MG attachments, they are saved to my hard drive in php format and I can't open them. Will check my pop-up settings.

Just checked MS for what program to use to open up php. It says Notepad will do it. When I open up the attachment in Notepad, all I get is is the computer coding (html?), but no other info. confused
Bazza

===

 

Alternate fix: boot into safe mode (restart and tap "F8" to get the options), and renaming the c:\windows\software distribution and the c:\windows\system32\catroot2 folders. Reboot after renaming those two folders, and the issue should be gone. Best of luck!

 

Am I missing something Bazza? I can't see any php attachments in this thread and my IE6 opens php just fine it's 6.0.28.11061S.
Also have you tried another browser?

 

When I click on attachment: SVCHOST.EXE ctrl+D.txt (post # 18), File Download box opens up (?) zzz.
I then click on Save (or Open) and a download box pops up and it is renamed as Attachment.php. zzz zzz
Just tried again and the text file opened up this time. zzz zzz zzz
Maybe my Text Editor, Crypt Editor 4.1 ?

PS: I only use AOL which uses IE6 as a skin.
My IE 6 version is 6.02900.2180.xpsp.050928-1517, FWIW
Bazza

===

 

Yeah I click, the download dialog opens, I click, notepad opens, I click , my head opens but the pubs never do.

Studio T