svchost.exe is crashing

windows svchost

I came in this morning (and not for the first time) and found a dialog box on my screen saying "svchost.exe has caused an exception. Would you like to debug this?"

Fortunately, it gives the PID. Using tasklist /svc I see this instance of svchost is running the following:

svchost.exe 1684 AudioSrv, Browser, CryptSvc, Dhcp, dmserver, ERSvc, EventSystem, helpsvc, HidServ, LanmanServer, lanmanworkstation, Netman, Nla, RasMan, Schedule, seclogon, SENS, SharedAccess, ShellHWDetection, srservice, TapiSrv, Themes, TrkWks, w32time, winmgmt, wscsvc, wuauserv

After this happens the most noticeable thing I am missing is audio. My system doesn't think it has audio hardware anymore.

Any ideas on what could be causing svchost to crash or how to go about narrowing it down?

System:

  • Win XP SP3
  • Dell Latitude E5500

Solution 1:

Lots of things cause svchost to crash. Svchost is a container for running several system services, and sometimes it's not very clear which service caused the crash.

You'll need to find out more information before you can diagnose the issue. Check the application/system log for errors and warnings. Usually these can be referenced on Microsoft Help and Support with details, cause and resolutions.

Microsoft has a KB about troubleshooting service crashes.

Solution 2:

From https://techcommunity.microsoft.com/t5/ask-the-performance-team/getting-started-with-svchost-exe-troubleshooting/ba-p/372644

To isolate each service into its own process:

sc config SERVICE type= own

Event Viewer errors can be useful in figuring out which svchost is crashing. Tasklist /SVC or Process Explorer can be helpful in narrowing down things also before isolating the suspect services.

The blog article has another method which is bit more involved. (Best to do new system restore snapshot before trying that)

sc config SERVICE type= share

to restore things back to normal.

One way to dump the process:

http://blogs.msdn.com/b/asiatech/archive/2011/08/29/a-useful-tool-to-generate-dump-file-for-a-particular-service.aspx

There are several ways to dump a particular service:

  1. Use Debug Diagnostic Tool (DebugDiag) 1.2.

  2. Use the following batch file:

    FOR /F "tokens=2 delims=," %%A IN ('tasklist /svc /FI "services eq winmgmt" /NH /FO csv') DO SET PID=%%~A
adplus.exe -hang -p %PID% -o c:\dumps

(requires Debugging Tools for Windows installed, for the adplus.exe or vbs) The blog contains also another tool.

Related

Multiple default gateways
Is better a low power WiFi signal without interference or a more powerful signal with interference?
How do I delete a directory that appears to contain nameless files?
Firefox taskbar options are gone in Windows 10, how to fix?
Printer Font Question on Windows
Lenovo laptop with Intel CPU remains at lowest clock
When running X remotely via Cygwin why are my fonts ugly
Is there a BitTorrent client that can download files "in sequence"? [closed]
Prevent Windows 10 nag updates from being installed on Windows 7
How to disable power saving on my Lenovo Y50's subwoofer audio pins?
Windows 7 Search Part of Filename
Not able to access FTP server from other machines in same LAN when Windows Firewall is ON