svchost.exe leads to heavy hard disk activity.

[Guest]

It seems that my harddisk light is always on. Within only three hours, the
"svchost.exe" process has made more than 2.5 gigabytes I/O read and write.
With the help of procexp.exe (from www.sysinternals.com), I found that those
I/O operations are actually caused by one instance of svchost.exe, i.e.
"scvhost -k netsvcs". Is there anyone who is familiar with this?

BTW: The OS system is windows XP, SP1 with all patches.

Thanks!

 

[Kelly]

That is not saying much. Notice which process is also reading high CPU
usage.

--

All the Best,
Kelly (MS-MVP)

Troubleshooting Windows XP
http://www.kellys-korner-xp.com

 

[Guest]

Actually, in most of time, the CPU usage is low. Sometimes, the CPU usage on
svchost will jump to 50% and then drop to zero after 3~5 seconds. I/O
resources are exclusive. So the system may freeze for I/O not for CPU.

 

[Kelly]

Thanks for the feedback. Run this small tool to see what is running in the
background:

Windows XP Startup Programs Tracker
http://www.kellys-korner-xp.com/xp_u.htm#xp_util

In the meantime:

Run Ad-Aware SE, Spybot, CWShredder and HijackThis:
http://www.majorgeeks.com/downloads31.html

Note: Update the first two programs, once installed, before running.

Added info:

Run the Task Manager, go to View/Select Columns, and turn on the following
columns: "I/O Read Bytes" and "I/O Write Bytes." This will give you details
as to which process is accessing the disk.

Although many processes will be accessing the disk, look for one with a high
total or a fast rate of increase, especially when you hear the drive being
accessed.

Suggestion: Run the undo on line 367 (right hand side):
http://www.kellys-korner-xp.com/xp_tweaks.htm

SequoiaView:
http://www.win.tue.nl/sequoiaview

Hard Disk Performance Is Slower Than You Expect
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q308219

Good luck and keep us posted!


--

All the Best,
Kelly (MS-MVP)

Troubleshooting Windows XP
http://www.kellys-korner-xp.com

 

[Guest]

Thanks for your infomation, Kelly. You may think this problem is caused by
viruses or spywares. But I do not think so because the binary of
"svchost.exe" is signed by Microsoft and no suspicious dlls attached.

I have shut down the service "windows management instrumentation". All the
things become normal. It is strange. I just used FileMon (also from
sysinternals) to monitor the I/O accesses and found most of I/O operations
are in the folder ...SYSTEM32/wbem/Repository/. The fact gives me the cue to
close the service. I know closing the service may lead to further problems.
But anyway, it is ok at this stage.

Thanks for your help, Kelly.

 

[Guest]

Are you sure the service is named - scvhost.exe - and not svchost.exe. If
so, it's spyware! It's a fairly common trick that the bad guys use - I
wouldn't have noticed it except my google search pointed it out to me.

If it's svchost.exe, then you'll have to track down the offending program.
Here's a link to how svchost.exe works in XP that may help you:

http://support.microsoft.com/?kbid=314056

Good luck!

 

[HeyBub]

It seems that my harddisk light is always on. Within only three
hours, the "svchost.exe" process has made more than 2.5 gigabytes I/O
read and write. With the help of procexp.exe (from
www.sysinternals.com), I found that those I/O operations are actually
caused by one instance of svchost.exe, i.e. "scvhost -k netsvcs". Is
there anyone who is familiar with this?

BTW: The OS system is windows XP, SP1 with all patches.

Thanks!

Your machine is probably acting as a trojaned server for child porn. If you
see a car on the curb with small hub-caps, don't answer the door - it's the
feds.


Just kidding.

 

[John Latter]

It seems that my harddisk light is always on. Within only three hours, the
"svchost.exe" process has made more than 2.5 gigabytes I/O read and write.
With the help of procexp.exe (from www.sysinternals.com), I found that those
I/O operations are actually caused by one instance of svchost.exe, i.e.
"scvhost -k netsvcs". Is there anyone who is familiar with this?

BTW: The OS system is windows XP, SP1 with all patches.

Thanks!

I have the same problem so I would be very grateful if you could post
any solution you find!

--

John Latter

Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking Stationary-Phase Mutations to the Baldwin Effect.
http://members.aol.com/jorolat/TEM.html

'Where Darwin meets Lamarck?' Discussion Egroup
http://groups.yahoo.com/group/evomech

 

[Guest]

I have seen your post. Yes, we are experiencing a very similar problem. I
have used FileMon (from www.sysinternals.com) to monitor the I/O operations
on svchost.exe and found that most of I/O are in the folder:
..../system32/wbem/repository/. It belongs to the service "winmgmt". After I
shut down the serive, the problem is gone.

Here is my ugly solution. I do not know whether it works for you. And the
service winmgmt is important to XP, shuting down it may cause further
problems. I just guess that there must be something wrong in the
configurations of winmgmt.

Thanks,
gx

 

[John Latter]

I have seen your post. Yes, we are experiencing a very similar problem. I
have used FileMon (from www.sysinternals.com) to monitor the I/O operations
on svchost.exe and found that most of I/O are in the folder:
.../system32/wbem/repository/. It belongs to the service "winmgmt". After I
shut down the serive, the problem is gone.

Here is my ugly solution. I do not know whether it works for you. And the
service winmgmt is important to XP, shuting down it may cause further
problems. I just guess that there must be something wrong in the
configurations of winmgmt.

Thanks,
gx

Hi gx,

I disabled winmgmt via Control Panel/Admin tools/Services but it made
no difference - is that how you did it? I didn't (reboot though).

One difference is that my disc activity LED doesn't show the disc
being accessed, I monitor it by enabling I/O Read Bytes & I/O Write
Bytes in the Processes tab of Windows Task Manager - it could be
happening to people who aren't aware of it!

I'm afraid I don't know much about this stuff but when I went to
Control Panel/Admin tools/Services & highlighted winmgmt I then
clicked on Action/Properties where it says:

"[winmgmt] Provides a common interface and object model to access
management information about operating system, devices, applications
and services. If this service is stopped, most Windows-based software
will not function properly. If this service is disabled, any services
that explicitly depend on it will fail to start."

and that winmgmt depends upon Remote Procedure Call (RPC) and Event
Log and is dependent upon Windows Firewall/Internet Connection Sharing
(ICS) and Security Center - or rather it did do, I just went to check
again & the Dependency tab again & its greyed out! 'sigh'

Jorolat



--

John Latter

Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking Stationary-Phase Mutations to the Baldwin Effect.
http://members.aol.com/jorolat/TEM.html

'Where Darwin meets Lamarck?' Discussion Egroup
http://groups.yahoo.com/group/evomech

 

[John Latter]

I found a forum where a chap had a similar problem 2 years ago & I've
asked if he found a solution:

http://www.nvnews.net/vbulletin/showthread.php?t=16090

Jorolat

I have seen your post. Yes, we are experiencing a very similar problem. I
have used FileMon (from www.sysinternals.com) to monitor the I/O operations
on svchost.exe and found that most of I/O are in the folder:
.../system32/wbem/repository/. It belongs to the service "winmgmt". After I
shut down the serive, the problem is gone.

Here is my ugly solution. I do not know whether it works for you. And the
service winmgmt is important to XP, shuting down it may cause further
problems. I just guess that there must be something wrong in the
configurations of winmgmt.

Thanks,
gx

--

John Latter

Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking Stationary-Phase Mutations to the Baldwin Effect.
http://members.aol.com/jorolat/TEM.html

'Where Darwin meets Lamarck?' Discussion Egroup
http://groups.yahoo.com/group/evomech

 

[Guest]

Hi John,

I disable the winmgmt service in the cosole mode. You can simply input: "net
stop winmgmt". On my machine, there is only one service depends on winmgmt,
i.e. "SMS Agent Host". Actually, I closed the two services.

I do not think the LED activities tell anything. To ascertain your problem.
I suggest using FileMon. You can download from http://www.sysinternals.com/.
In this way, you can monitor the detailed I/O accesses. Remember to include
"svchost" into the filter if you do not want to see all I/O accesses on your
system!

Good luck!

I have seen your post. Yes, we are experiencing a very similar problem. I
have used FileMon (from www.sysinternals.com) to monitor the I/O operations
on svchost.exe and found that most of I/O are in the folder:
.../system32/wbem/repository/. It belongs to the service "winmgmt". After I
shut down the serive, the problem is gone.

Here is my ugly solution. I do not know whether it works for you. And the
service winmgmt is important to XP, shuting down it may cause further
problems. I just guess that there must be something wrong in the
configurations of winmgmt.

Thanks,
gx

Hi gx,

I disabled winmgmt via Control Panel/Admin tools/Services but it made
no difference - is that how you did it? I didn't (reboot though).

One difference is that my disc activity LED doesn't show the disc
being accessed, I monitor it by enabling I/O Read Bytes & I/O Write
Bytes in the Processes tab of Windows Task Manager - it could be
happening to people who aren't aware of it!

I'm afraid I don't know much about this stuff but when I went to
Control Panel/Admin tools/Services & highlighted winmgmt I then
clicked on Action/Properties where it says:

"[winmgmt] Provides a common interface and object model to access
management information about operating system, devices, applications
and services. If this service is stopped, most Windows-based software
will not function properly. If this service is disabled, any services
that explicitly depend on it will fail to start."

and that winmgmt depends upon Remote Procedure Call (RPC) and Event
Log and is dependent upon Windows Firewall/Internet Connection Sharing
(ICS) and Security Center - or rather it did do, I just went to check
again & the Dependency tab again & its greyed out! 'sigh'

Jorolat



--

John Latter

Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking Stationary-Phase Mutations to the Baldwin Effect.
http://members.aol.com/jorolat/TEM.html

'Where Darwin meets Lamarck?' Discussion Egroup
http://groups.yahoo.com/group/evomech

 

[John Latter]

Hi John,

I disable the winmgmt service in the cosole mode. You can simply input: "net
stop winmgmt". On my machine, there is only one service depends on winmgmt,
i.e. "SMS Agent Host". Actually, I closed the two services.

I do not think the LED activities tell anything. To ascertain your problem.
I suggest using FileMon. You can download from http://www.sysinternals.com/.
In this way, you can monitor the detailed I/O accesses. Remember to include
"svchost" into the filter if you do not want to see all I/O accesses on your
system!

Good luck!

Thanks gx - if & when I hear of a solution I'll be sure to post it
here!

John

I have seen your post. Yes, we are experiencing a very similar problem. I
have used FileMon (from www.sysinternals.com) to monitor the I/O operations
on svchost.exe and found that most of I/O are in the folder:
.../system32/wbem/repository/. It belongs to the service "winmgmt". After I
shut down the serive, the problem is gone.

Here is my ugly solution. I do not know whether it works for you. And the
service winmgmt is important to XP, shuting down it may cause further
problems. I just guess that there must be something wrong in the
configurations of winmgmt.

Thanks,
gx

Hi gx,

I disabled winmgmt via Control Panel/Admin tools/Services but it made
no difference - is that how you did it? I didn't (reboot though).

One difference is that my disc activity LED doesn't show the disc
being accessed, I monitor it by enabling I/O Read Bytes & I/O Write
Bytes in the Processes tab of Windows Task Manager - it could be
happening to people who aren't aware of it!

I'm afraid I don't know much about this stuff but when I went to
Control Panel/Admin tools/Services & highlighted winmgmt I then
clicked on Action/Properties where it says:

"[winmgmt] Provides a common interface and object model to access
management information about operating system, devices, applications
and services. If this service is stopped, most Windows-based software
will not function properly. If this service is disabled, any services
that explicitly depend on it will fail to start."

and that winmgmt depends upon Remote Procedure Call (RPC) and Event
Log and is dependent upon Windows Firewall/Internet Connection Sharing
(ICS) and Security Center - or rather it did do, I just went to check
again & the Dependency tab again & its greyed out! 'sigh'

Jorolat

:

On Sun, 10 Jul 2005 22:53:02 -0700, "gx"

It seems that my harddisk light is always on. Within only three hours, the
"svchost.exe" process has made more than 2.5 gigabytes I/O read and write.
With the help of procexp.exe (from www.sysinternals.com), I found that those
I/O operations are actually caused by one instance of svchost.exe, i.e.
"scvhost -k netsvcs". Is there anyone who is familiar with this?

BTW: The OS system is windows XP, SP1 with all patches.

Thanks!

I have the same problem so I would be very grateful if you could post
any solution you find!

--

John Latter

Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking Stationary-Phase Mutations to the Baldwin Effect.
http://members.aol.com/jorolat/TEM.html

'Where Darwin meets Lamarck?' Discussion Egroup
http://groups.yahoo.com/group/evomech

--

John Latter

Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking Stationary-Phase Mutations to the Baldwin Effect.
http://members.aol.com/jorolat/TEM.html

'Where Darwin meets Lamarck?' Discussion Egroup
http://groups.yahoo.com/group/evomech

 

[Kelly]

You may think this problem is caused by

viruses or spywares.

No, generally speaking I don't think it is in most cases and also know that
it is a valid process.

--

All the Best,
Kelly (MS-MVP)

Troubleshooting Windows XP
http://www.kellys-korner-xp.com

 

[Kelly]

) Would they be dressed in Black?

--

All the Best,
Kelly (MS-MVP)

Troubleshooting Windows XP
http://www.kellys-korner-xp.com

 

[John Latter]

Hi John,

I disable the winmgmt service in the cosole mode. You can simply input: "net
stop winmgmt". On my machine, there is only one service depends on winmgmt,
i.e. "SMS Agent Host". Actually, I closed the two services.

I do not think the LED activities tell anything. To ascertain your problem.
I suggest using FileMon. You can download from http://www.sysinternals.com/.
In this way, you can monitor the detailed I/O accesses. Remember to include
"svchost" into the filter if you do not want to see all I/O accesses on your
system!

Good luck!

I'm not sure if I'm using filemon correctly. On Windows Task Manager
I'm seeing svchost.exe continuously accessing the hard drive at the
same time as ashserve.exe does which is one of Avast's antivirus
modules.

If I disable Avast then svchost continues to access the hard drive but
nothing is showing up in filemon.

'sigh'

John

I have seen your post. Yes, we are experiencing a very similar problem. I
have used FileMon (from www.sysinternals.com) to monitor the I/O operations
on svchost.exe and found that most of I/O are in the folder:
.../system32/wbem/repository/. It belongs to the service "winmgmt". After I
shut down the serive, the problem is gone.

Here is my ugly solution. I do not know whether it works for you. And the
service winmgmt is important to XP, shuting down it may cause further
problems. I just guess that there must be something wrong in the
configurations of winmgmt.

Thanks,
gx

Hi gx,

I disabled winmgmt via Control Panel/Admin tools/Services but it made
no difference - is that how you did it? I didn't (reboot though).

One difference is that my disc activity LED doesn't show the disc
being accessed, I monitor it by enabling I/O Read Bytes & I/O Write
Bytes in the Processes tab of Windows Task Manager - it could be
happening to people who aren't aware of it!

I'm afraid I don't know much about this stuff but when I went to
Control Panel/Admin tools/Services & highlighted winmgmt I then
clicked on Action/Properties where it says:

"[winmgmt] Provides a common interface and object model to access
management information about operating system, devices, applications
and services. If this service is stopped, most Windows-based software
will not function properly. If this service is disabled, any services
that explicitly depend on it will fail to start."

and that winmgmt depends upon Remote Procedure Call (RPC) and Event
Log and is dependent upon Windows Firewall/Internet Connection Sharing
(ICS) and Security Center - or rather it did do, I just went to check
again & the Dependency tab again & its greyed out! 'sigh'

Jorolat

:

On Sun, 10 Jul 2005 22:53:02 -0700, "gx"

It seems that my harddisk light is always on. Within only three hours, the
"svchost.exe" process has made more than 2.5 gigabytes I/O read and write.
With the help of procexp.exe (from www.sysinternals.com), I found that those
I/O operations are actually caused by one instance of svchost.exe, i.e.
"scvhost -k netsvcs". Is there anyone who is familiar with this?

BTW: The OS system is windows XP, SP1 with all patches.

Thanks!

I have the same problem so I would be very grateful if you could post
any solution you find!

--

John Latter

Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking Stationary-Phase Mutations to the Baldwin Effect.
http://members.aol.com/jorolat/TEM.html

'Where Darwin meets Lamarck?' Discussion Egroup
http://groups.yahoo.com/group/evomech

--

John Latter

Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking Stationary-Phase Mutations to the Baldwin Effect.
http://members.aol.com/jorolat/TEM.html

'Where Darwin meets Lamarck?' Discussion Egroup
http://groups.yahoo.com/group/evomech

 

[John Latter]

Hi John,

I disable the winmgmt service in the cosole mode. You can simply input: "net
stop winmgmt". On my machine, there is only one service depends on winmgmt,
i.e. "SMS Agent Host". Actually, I closed the two services.

I do not think the LED activities tell anything. To ascertain your problem.
I suggest using FileMon. You can download from http://www.sysinternals.com/.
In this way, you can monitor the detailed I/O accesses. Remember to include
"svchost" into the filter if you do not want to see all I/O accesses on your
system!

Good luck!

I've just installed XP slipstreamed with SP2 onto a new hard drive
(but I'm back on the old OS & HDD now) and as soon as I installed the
modem drivers the svchost disc activity started. I uninstalled the
drivers & the problem went away.

I ain't gotta clue why this is so & it'll be a few days before I can
spend some time on it. In the meantime, if anyone has any ideas I'ld
be glad to hear them!

John

I have seen your post. Yes, we are experiencing a very similar problem. I
have used FileMon (from www.sysinternals.com) to monitor the I/O operations
on svchost.exe and found that most of I/O are in the folder:
.../system32/wbem/repository/. It belongs to the service "winmgmt". After I
shut down the serive, the problem is gone.

Here is my ugly solution. I do not know whether it works for you. And the
service winmgmt is important to XP, shuting down it may cause further
problems. I just guess that there must be something wrong in the
configurations of winmgmt.

Thanks,
gx

Hi gx,

I disabled winmgmt via Control Panel/Admin tools/Services but it made
no difference - is that how you did it? I didn't (reboot though).

One difference is that my disc activity LED doesn't show the disc
being accessed, I monitor it by enabling I/O Read Bytes & I/O Write
Bytes in the Processes tab of Windows Task Manager - it could be
happening to people who aren't aware of it!

I'm afraid I don't know much about this stuff but when I went to
Control Panel/Admin tools/Services & highlighted winmgmt I then
clicked on Action/Properties where it says:

"[winmgmt] Provides a common interface and object model to access
management information about operating system, devices, applications
and services. If this service is stopped, most Windows-based software
will not function properly. If this service is disabled, any services
that explicitly depend on it will fail to start."

and that winmgmt depends upon Remote Procedure Call (RPC) and Event
Log and is dependent upon Windows Firewall/Internet Connection Sharing
(ICS) and Security Center - or rather it did do, I just went to check
again & the Dependency tab again & its greyed out! 'sigh'

Jorolat

:

On Sun, 10 Jul 2005 22:53:02 -0700, "gx"

It seems that my harddisk light is always on. Within only three hours, the
"svchost.exe" process has made more than 2.5 gigabytes I/O read and write.
With the help of procexp.exe (from www.sysinternals.com), I found that those
I/O operations are actually caused by one instance of svchost.exe, i.e.
"scvhost -k netsvcs". Is there anyone who is familiar with this?

BTW: The OS system is windows XP, SP1 with all patches.

Thanks!

I have the same problem so I would be very grateful if you could post
any solution you find!

--

John Latter

Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking Stationary-Phase Mutations to the Baldwin Effect.
http://members.aol.com/jorolat/TEM.html

'Where Darwin meets Lamarck?' Discussion Egroup
http://groups.yahoo.com/group/evomech

--

John Latter

Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking Stationary-Phase Mutations to the Baldwin Effect.
http://members.aol.com/jorolat/TEM.html

'Where Darwin meets Lamarck?' Discussion Egroup
http://groups.yahoo.com/group/evomech

 

[John Latter]

Hi John,

I disable the winmgmt service in the cosole mode. You can simply input: "net
stop winmgmt". On my machine, there is only one service depends on winmgmt,
i.e. "SMS Agent Host". Actually, I closed the two services.

I do not think the LED activities tell anything. To ascertain your problem.
I suggest using FileMon. You can download from http://www.sysinternals.com/.
In this way, you can monitor the detailed I/O accesses. Remember to include
"svchost" into the filter if you do not want to see all I/O accesses on your
system!

Good luck!

This could account for my problem;

"I/O doesn't necessarily refer to your hard drive. Input and output of
data are also part of the normal functioning of your modem, which
would be my guess at the cause of the numbers you are watching."

Hope to check it out at the weekend.

John

I have seen your post. Yes, we are experiencing a very similar problem. I
have used FileMon (from www.sysinternals.com) to monitor the I/O operations
on svchost.exe and found that most of I/O are in the folder:
.../system32/wbem/repository/. It belongs to the service "winmgmt". After I
shut down the serive, the problem is gone.

Here is my ugly solution. I do not know whether it works for you. And the
service winmgmt is important to XP, shuting down it may cause further
problems. I just guess that there must be something wrong in the
configurations of winmgmt.

Thanks,
gx

Hi gx,

I disabled winmgmt via Control Panel/Admin tools/Services but it made
no difference - is that how you did it? I didn't (reboot though).

One difference is that my disc activity LED doesn't show the disc
being accessed, I monitor it by enabling I/O Read Bytes & I/O Write
Bytes in the Processes tab of Windows Task Manager - it could be
happening to people who aren't aware of it!

I'm afraid I don't know much about this stuff but when I went to
Control Panel/Admin tools/Services & highlighted winmgmt I then
clicked on Action/Properties where it says:

"[winmgmt] Provides a common interface and object model to access
management information about operating system, devices, applications
and services. If this service is stopped, most Windows-based software
will not function properly. If this service is disabled, any services
that explicitly depend on it will fail to start."

and that winmgmt depends upon Remote Procedure Call (RPC) and Event
Log and is dependent upon Windows Firewall/Internet Connection Sharing
(ICS) and Security Center - or rather it did do, I just went to check
again & the Dependency tab again & its greyed out! 'sigh'

Jorolat

:

On Sun, 10 Jul 2005 22:53:02 -0700, "gx"

It seems that my harddisk light is always on. Within only three hours, the
"svchost.exe" process has made more than 2.5 gigabytes I/O read and write.
With the help of procexp.exe (from www.sysinternals.com), I found that those
I/O operations are actually caused by one instance of svchost.exe, i.e.
"scvhost -k netsvcs". Is there anyone who is familiar with this?

BTW: The OS system is windows XP, SP1 with all patches.

Thanks!

I have the same problem so I would be very grateful if you could post
any solution you find!

--

John Latter

Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking Stationary-Phase Mutations to the Baldwin Effect.
http://members.aol.com/jorolat/TEM.html

'Where Darwin meets Lamarck?' Discussion Egroup
http://groups.yahoo.com/group/evomech

--

John Latter

Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking Stationary-Phase Mutations to the Baldwin Effect.
http://members.aol.com/jorolat/TEM.html

'Where Darwin meets Lamarck?' Discussion Egroup
http://groups.yahoo.com/group/evomech

 

[Guest]

It is also strange why the svchost constantly access your modem. I do not
know whether a spyware is trying to send the packets through your modem.
Anyway, you have jumped out of "my problem".

Good weekend.
Gu

Hi John,

I disable the winmgmt service in the cosole mode. You can simply input: "net
stop winmgmt". On my machine, there is only one service depends on winmgmt,
i.e. "SMS Agent Host". Actually, I closed the two services.

I do not think the LED activities tell anything. To ascertain your problem.
I suggest using FileMon. You can download from http://www.sysinternals.com/.
In this way, you can monitor the detailed I/O accesses. Remember to include
"svchost" into the filter if you do not want to see all I/O accesses on your
system!

Good luck!

This could account for my problem;

"I/O doesn't necessarily refer to your hard drive. Input and output of
data are also part of the normal functioning of your modem, which
would be my guess at the cause of the numbers you are watching."

Hope to check it out at the weekend.

John

On Mon, 11 Jul 2005 19:21:01 -0700, "gx"

I have seen your post. Yes, we are experiencing a very similar problem. I
have used FileMon (from www.sysinternals.com) to monitor the I/O operations
on svchost.exe and found that most of I/O are in the folder:
.../system32/wbem/repository/. It belongs to the service "winmgmt". After I
shut down the serive, the problem is gone.

Here is my ugly solution. I do not know whether it works for you. And the
service winmgmt is important to XP, shuting down it may cause further
problems. I just guess that there must be something wrong in the
configurations of winmgmt.

Thanks,
gx


Hi gx,

I disabled winmgmt via Control Panel/Admin tools/Services but it made
no difference - is that how you did it? I didn't (reboot though).

One difference is that my disc activity LED doesn't show the disc
being accessed, I monitor it by enabling I/O Read Bytes & I/O Write
Bytes in the Processes tab of Windows Task Manager - it could be
happening to people who aren't aware of it!

I'm afraid I don't know much about this stuff but when I went to
Control Panel/Admin tools/Services & highlighted winmgmt I then
clicked on Action/Properties where it says:

"[winmgmt] Provides a common interface and object model to access
management information about operating system, devices, applications
and services. If this service is stopped, most Windows-based software
will not function properly. If this service is disabled, any services
that explicitly depend on it will fail to start."

and that winmgmt depends upon Remote Procedure Call (RPC) and Event
Log and is dependent upon Windows Firewall/Internet Connection Sharing
(ICS) and Security Center - or rather it did do, I just went to check
again & the Dependency tab again & its greyed out! 'sigh'

Jorolat


:

On Sun, 10 Jul 2005 22:53:02 -0700, "gx"

It seems that my harddisk light is always on. Within only three hours, the
"svchost.exe" process has made more than 2.5 gigabytes I/O read and write.
With the help of procexp.exe (from www.sysinternals.com), I found that those
I/O operations are actually caused by one instance of svchost.exe, i.e.
"scvhost -k netsvcs". Is there anyone who is familiar with this?

BTW: The OS system is windows XP, SP1 with all patches.

Thanks!

I have the same problem so I would be very grateful if you could post
any solution you find!



--

John Latter

Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking Stationary-Phase Mutations to the Baldwin Effect.
http://members.aol.com/jorolat/TEM.html

'Where Darwin meets Lamarck?' Discussion Egroup
http://groups.yahoo.com/group/evomech

--

John Latter

Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking Stationary-Phase Mutations to the Baldwin Effect.
http://members.aol.com/jorolat/TEM.html

'Where Darwin meets Lamarck?' Discussion Egroup
http://groups.yahoo.com/group/evomech

 

[John Latter]

It is also strange why the svchost constantly access your modem. I do not
know whether a spyware is trying to send the packets through your modem.
Anyway, you have jumped out of "my problem".

Good weekend.
Gu

If I get anymore info I'll post it here.

Jorolat

Hi John,

I disable the winmgmt service in the cosole mode. You can simply input: "net
stop winmgmt". On my machine, there is only one service depends on winmgmt,
i.e. "SMS Agent Host". Actually, I closed the two services.

I do not think the LED activities tell anything. To ascertain your problem.
I suggest using FileMon. You can download from http://www.sysinternals.com/.
In this way, you can monitor the detailed I/O accesses. Remember to include
"svchost" into the filter if you do not want to see all I/O accesses on your
system!

Good luck!

This could account for my problem;

"I/O doesn't necessarily refer to your hard drive. Input and output of
data are also part of the normal functioning of your modem, which
would be my guess at the cause of the numbers you are watching."

Hope to check it out at the weekend.

John

:

On Mon, 11 Jul 2005 19:21:01 -0700, "gx"

I have seen your post. Yes, we are experiencing a very similar problem. I
have used FileMon (from www.sysinternals.com) to monitor the I/O operations
on svchost.exe and found that most of I/O are in the folder:
.../system32/wbem/repository/. It belongs to the service "winmgmt". After I
shut down the serive, the problem is gone.

Here is my ugly solution. I do not know whether it works for you. And the
service winmgmt is important to XP, shuting down it may cause further
problems. I just guess that there must be something wrong in the
configurations of winmgmt.

Thanks,
gx


Hi gx,

I disabled winmgmt via Control Panel/Admin tools/Services but it made
no difference - is that how you did it? I didn't (reboot though).

One difference is that my disc activity LED doesn't show the disc
being accessed, I monitor it by enabling I/O Read Bytes & I/O Write
Bytes in the Processes tab of Windows Task Manager - it could be
happening to people who aren't aware of it!

I'm afraid I don't know much about this stuff but when I went to
Control Panel/Admin tools/Services & highlighted winmgmt I then
clicked on Action/Properties where it says:

"[winmgmt] Provides a common interface and object model to access
management information about operating system, devices, applications
and services. If this service is stopped, most Windows-based software
will not function properly. If this service is disabled, any services
that explicitly depend on it will fail to start."

and that winmgmt depends upon Remote Procedure Call (RPC) and Event
Log and is dependent upon Windows Firewall/Internet Connection Sharing
(ICS) and Security Center - or rather it did do, I just went to check
again & the Dependency tab again & its greyed out! 'sigh'

Jorolat


:

On Sun, 10 Jul 2005 22:53:02 -0700, "gx"

It seems that my harddisk light is always on. Within only three hours, the
"svchost.exe" process has made more than 2.5 gigabytes I/O read and write.
With the help of procexp.exe (from www.sysinternals.com), I found that those
I/O operations are actually caused by one instance of svchost.exe, i.e.
"scvhost -k netsvcs". Is there anyone who is familiar with this?

BTW: The OS system is windows XP, SP1 with all patches.

Thanks!

I have the same problem so I would be very grateful if you could post
any solution you find!



--

John Latter

Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking Stationary-Phase Mutations to the Baldwin Effect.
http://members.aol.com/jorolat/TEM.html

'Where Darwin meets Lamarck?' Discussion Egroup
http://groups.yahoo.com/group/evomech

--

John Latter

Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking Stationary-Phase Mutations to the Baldwin Effect.
http://members.aol.com/jorolat/TEM.html

'Where Darwin meets Lamarck?' Discussion Egroup
http://groups.yahoo.com/group/evomech

--

John Latter

Model of an Internal Evolutionary Mechanism (based on an extension to homeostasis) linking Stationary-Phase Mutations to the Baldwin Effect.
http://members.aol.com/jorolat/TEM.html

'Where Darwin meets Lamarck?' Discussion Egroup
http://groups.yahoo.com/group/evomech