W2K services utilizing CPU 100% constantly

[bahngeist]

My principal system bogged four days ago, and I was able to isolate the problem to the fact that the two services .exe files are hogging 100% of the CPU resources (as viewed through Task Manager). Of note is the fact the the two files alternate -- e.g. one loads the CPU 45%, the other 55%, then they alternate (the values change of course--35:65, etc.).

Of course, applications that are tied to Services, including IE, NAV, O&O, System Update, etc., do not work.

The problem seemed to have begun when I tried to access Disk Management, and it tried to access the logical disc management service (it was listed as starting, and has remained that way since). But then, I may not have noticed the problem until that time. I have tried shutting down/modifying this (and other services that are also listed as starting) with no luck.

The system runs fine in both 'Safe Mode' and 'Safe Mode with Networking Support'; but none of the Apps tied to Services will function in either mode. Of note is that the system hangs in 'Debugging Mode' when the bar on the start-up splash screen has moved fully to the right.

Does anyone know how I can fix this problem? I have researched the issue for possible fixes/explanation on both the Internet and through print resources to no avail

Basic system details: Abit KT7A: YH BIOS, 4.29 4in1 drivers ; W2K SP2 (will elaborate further if requested).

 

[Groltz]

I've read in the past that the Indexing Service can run away and cause 100% CPU loads. Have you tried disabling it?

 

[bahngeist]

I've read in the past that the Indexing Service can run away and cause 100% CPU loads. Have you tried disabling it?

Thanks for the quick reply. That is a possibility that I didn't check; but it is a service that I 'think' I disabled previously.

I will look into into when I get off work 2 1/2 hours from now. If that is all it is, great

If others have different thoughts on the matter, please do not hesitate to reply. Apart from the hassle and anxiety, situations like this are good learning experiences, and any thoughts/suggestions/options that may be shared are appreciated.

 

[Groltz]

Here is another suggestion:

Download this tool and run it. Right click "Services.exe" and select properties. On the following page select the Services tab. This will give you a list of all the services running under that particular Services.exe. Using that list for reference, you could try shutting down individual services until the problem causing one is found.

One warning: Process Explorer will KILL services that Windows will not. With some of them, (spoolsv.exe, for example) if you kill it, Windows will do a forced shutdown after a short timing-down period. Another one you don't want to kill with Process Explorer is the "svchost.exe" process that contains Remote Procedure Call (RPC).
The forced shutdown doesn't cause any problems, it just means having to go through a reboot.

 

[blakerwry]

there is a site that lists every service that comes with windows and its function.. it has a list of what is/is not enabled by default and what *should* be enabled/disabled...

it seems to be down right now, but you might want to chck it before permenantly disabling anything or for bug tracing purposes...

www.blackviper.com

there is a section for win2k and winXP services (services 411)

 

[Groltz]

it seems to be down right now,
www.blackviper.com

Not down, just misspelled.

http://www.blkviper.com/WinXP/service411.htm

 

[bahngeist]

Groltz.

Thanks a bunch, 'Process Explorer' is quite the program -- definitely a keeper

As it turned out, svchost.exe (PID 404) was the culprit. For some reason, there are two svchost.exe files running -- the other has a PID of 516. Is this normal?

And as is often the case, after I rebooted I immediately ran into another barrier: System Idle Process is now loading the CPU at 99% -- and its a process that I can't kill due to <access denied> As such, I still can't modify any services properties, etc.

I am going to do some research to determine what System Idle Process is all about. But as stated before, my ears are wide open to suggestions. In the long run it may actually take less time to wipe everything entirely, and configure the system from scratch. But then I wouldn't be learning anything.

And besides, I have a number of huge files that are too large to burn to CD, and (silly me) I made the error of using dynamic discs unnecessarily: my understanding is that if I wipe W2K completely, the new installation may not recognize the existing dynamic discs. Is this true?

The irony is that this whole problem started when I reinitialized my RAID5 array through the Mylex utility. When I went to configure the array in Disc Management, the logical disc manager administrator wouldn't start -- and now I am where I am. And I can't transfer the mentioned files to the array because at present it is unformatted and not intialized under W2K. So I'm stuck

And blakewry: I already knew about the blackviper site. In fact, a while back I cut and paste the services recommendation table to Word and reformatted it (i.e., printable with headers at the top of each page). I find it quite useful. I'd be willing to e-mail the file to anyone who wants it.

 

[Handruin]

Groltz.

Thanks a bunch, 'Process Explorer' is quite the program -- definitely a keeper

As it turned out, svchost.exe (PID 404) was the culprit. For some reason, there are two svchost.exe files running -- the other has a PID of 516. Is this normal?

And as is often the case, after I rebooted I immediately ran into another barrier: System Idle Process is now loading the CPU at 99% -- and its a process that I can't kill due to <access denied> As such, I still can't modify any services properties, etc.

I am going to do some research to determine what System Idle Process is all about. But as stated before, my ears are wide open to suggestions. In the long run it may actually take less time to wipe everything entirely, and configure the system from scratch. But then I wouldn't be learning anything.

And besides, I have a number of huge files that are too large to burn to CD, and (silly me) I made the error of using dynamic discs unnecessarily: my understanding is that if I wipe W2K completely, the new installation may not recognize the existing dynamic discs. Is this true?

The irony is that this whole problem started when I reinitialized my RAID5 array through the Mylex utility. When I went to configure the array in Disc Management, the logical disc manager administrator wouldn't start -- and now I am where I am. And I can't transfer the mentioned files to the array because at present it is unformatted and not intialized under W2K. So I'm stuck

And blakewry: I already knew about the blackviper site. In fact, a while back I cut and paste the services recommendation table to Word and reformatted it (i.e., printable with headers at the top of each page). I find it quite useful. I'd be willing to e-mail the file to anyone who wants it.

System idle should be at 99%! This means nothing is consuming CPU time.

To combat this problem, I recommend using Folding @ home! Do not let idle CPU time go to waste.

In all seriousness, if you see 99% on idle, that means everything is good. If you would like to join our folding at home team, let us know, we could use any help you would like to offer.

 

[bahngeist]

System idle should be at 99%! This means nothing is consuming CPU time.

To combat this problem, I recommend using Folding @ home! Do not let idle CPU time go to waste.

In all seriousness, if you see 99% on idle, that means everything is good. If you would like to join our folding at home team, let us know, we could use any help you would like to offer.

Yes, after searching the 'net for a couple minutes I confirmed that simple little fact Given that this system is generally up 24/7, and connected to an online UPS set for auto-shutdown if necessary, yes I could handle Folding@home. One concern: do I need to leave the system open to the net all the time (I would prefer not to), or is it possible to connect periodically and upload a completed data set?

That may, however, be moot for the next while given the current problem. I used Process Explorer to close everything except the essentials -- and subsequently learned what shouldn't be touched at the same time

On each reboot I have to close off a svchost.exe process (sometimes there are two, sometimes three -- generally one is causing the problem, and this seems to be random) to unburden the CPU. If I then attempt to use IE (glad I use Opera as my principle browser), O&O, Windows Update, NAV Update, etc., or modify a service via the Service Console, CPU utilization jumps to 100%. Killing the offending app reduces the load immediately.

So everything points to something being wrong with 'Services' in general. Or, of course, it could be something else also . Isn't debugging a hoot

 

[LiamC]

I could be wrong but I was always under the impression that SVCHOST was just a helper app for applications that want to run as a service on your computer. Most applications run in the user space with user priviledges. Anything running as a service has top priveledges.

At the moment with a fresh build of W2K and minimal install of things, I have three SVCHOST entries runnning. I would check, update (and if that didn't fix things) remove/uninstall things like AV (#1 offender), IM apps, servers (FTP, HTTP etc) one by one untill you find the offender.

0.05

 

[Groltz]

Like I mentioned, svchost.exe processes are like carriers for separate services. You can "look inside" each svchost.exe process to see which services it is supporting by using Process Explorer in the way I described above.

Just for instance, I tend to go very heavy on disabling unneeded services using various guides for reference. Even so, I have 3 svchost.exe's running in my WinXP Pro install.

Here is what the 3rd svchost.exe process has running "inside it" :

 

[bahngeist]

I could be wrong but I was always under the impression that SVCHOST was just a helper app for applications that want to run as a service on your computer ... I have three SVCHOST entries runnning. I would check, update (and if that didn't fix things) remove/uninstall things like AV (#1 offender), IM apps, servers (FTP, HTTP etc) one by one untill you find the offender.
0.05

Groltz and yourself are correct -- hey, I learned something. I uninstalled SystemWorks and it appears that solved the CPU utiization issue at startup.

And Groltz: I too try to run with a minimum set of services (I have most set to manual or disabled) -- less is more generally applies here, it follows the KISS principle. However, I still haven't solved the Services problem completely. To elaborate, the following statuses are constant on boot:

Local Logical Disc Manager Administrative Service ... Starting
Power Alert Port Manager Engine ... Stopping
Remote Action Connection Manager ... Stopping

All of those services are set to Automatic.

This whole problem started when I changed the 'Disc Mngr Admin' service from a <manual> to an <automatic> start-up type. I did this because Disc Manager hung when trying to connect to the Logical Disc Manager" service (which was running at that time). When that didn't solve things, I tried to switch 'Disc Mngr Admin' back to manual start-up and at that point it hung -- and continues to hang. As mentioned before, this is also the case in 'Safe Mode'.

My impression is that an app running under Services, or Services itself, is corrupted -- or a corresponding Registry entry was corrupted (I suspect it is the latter, given the initial course of events). Given that I can't modify any of the services directly, does anyone know of a procedure or utility that would faciitate this?

If not, and short of wiping the whole installation clean, is there any process available through W2K that 'fixes' intractable Services problems?

 

[Groltz]

Is this any help, Bahngeist?

http://www.jsiinc.com/SUBI/tip4400/rh4493.htm


---Steve
.

 

[bahngeist]

Is this any help, Bahngeist?

http://www.jsiinc.com/SUBI/tip4400/rh4493.htm

---Steve
.

Steve, the info. was bang on and the registry fix worked like a charm, many

Who would have thought that such a simple thing would be so vexing. MS must know this potential problem exists, and should have at least 'grayed out' the automatic 'startup type' setting in the Local Logical Disc Manager Administrative Service panel and/or provided a warning note.

This did however get me involved directly in this community again after a protracted absence. If anyone ever wondered why I dropped out of sight, let it suffice to say that I am presently waiting for my divorce decree. The past half year has been particularly trying, to the degree that I have probably have Mercutio beat re. both the emotional devastation and bizarreness of the ending stage of his relationship. If anyone here understands the fundamental differences between eros and agape, let's just say that my wife had a spiraling compulsion to pursue the former.

And if anyone can tell me the particulars of getting actively involved with folding@home, and crediting the efforts to this group, please e-mail me the particulars.

--Wayne

 

[Groltz]

Sorry to hear of your grief, it would seem that a disproportionately high amount of folks are having problems this year.

I am glad, however, that this one little computer gripe could be ironed out to your contentment.

As far as FAH goes, perhaps check out the FAH thread we have going. Participation is easy enough, you would want to designate your contributions towards the SF team. (team number 10047) All you really need to do is download some variant of the FAH client, set a user name, and start crunching. This is being oversimplified, but it is late here and I am running on vapors. If you have questions or need advice about it, I suggest you prod Handruin, Cliptin, or Clocker for some good answers. :wink:

Cheers,

---Steve