Author Topic: Effect of "Restore Important Windows Services"  (Read 21209 times)

0 Members and 1 Guest are viewing this topic.

Offline fjjr

  • Newbie
  • *
  • Join Date: Nov 2016
  • Posts: 18
  • Karma: 0
    • View Profile
Effect of "Restore Important Windows Services"
« on: January 08, 2017, 01:27:36 pm »
XP SP3 & v3.9.21 of Windows Repair Pro.

Since fixing a problem with services crashing, I seem to have successfully fixed it by running Restore Important Windows Services.  And I also ran a repair of the WMI and some other Windows functions.  Since then, I have noticed that periodically a black window like a Windows Command Processor window opens, but with the title svchost.exe at the top.  It generally remains for about 20 seconds and then disappears.  This behaviour did not occur before running the repairs.  Can any one please shed light on what is happening, why, whether it indicates the need to do anything further, and if so what?  I will try to get a screenprint of it and upload it here when ithis behaviour next occurs.

Offline Samson

  • Hero Member
  • *****
  • Join Date: Nov 2011
  • Posts: 915
  • Location: London
  • Karma: 38
    • View Profile
Re: Effect of "Restore Important Windows Services"
« Reply #1 on: January 08, 2017, 02:21:07 pm »
Open Command Prompt and enter "Tasklist /SVC" (without the "s), this will give more info about what processes are running under the various svchost.exe entries.


Offline fjjr

  • Newbie
  • *
  • Join Date: Nov 2016
  • Posts: 18
  • Karma: 0
    • View Profile
Re: Effect of "Restore Important Windows Services"
« Reply #2 on: January 09, 2017, 03:01:51 am »
Thanks for your reply. Samson.  Screenprints of the output attached.  Do they show anything that sheds light on my query?

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: Effect of "Restore Important Windows Services"
« Reply #3 on: January 09, 2017, 03:43:44 am »
As the services have been restored, go Start - type run and press enter.

In the Run box type msconfig and click OK then under the Services tab check the box to Hide all Microsoft services then click on Disable all - Apply - OK then reboot to see if you still get the window flashing up.

As it appears for ~20secs are you able to read any content or is it just a blank black window ?


Offline fjjr

  • Newbie
  • *
  • Join Date: Nov 2016
  • Posts: 18
  • Karma: 0
    • View Profile
Re: Effect of "Restore Important Windows Services"
« Reply #4 on: January 09, 2017, 03:51:03 am »
Thanks Boggin.  I will try to get a screenprint in due course, but I think it is blank apart from the heading.  The only problem with disabling services as you suggest is that it is very intermittent.  It may happen only once or twice a day, I think, so it would be difficult to draw any conclusion from whether it seems to be happening after disabling the services, at least until it happens, which may take ages.  And since there is no trace of its happening after the box has closed, so far as I am aware, I would have to sit in front of the computer all day, with most of the functionality turned off, to watch for it.

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: Effect of "Restore Important Windows Services"
« Reply #5 on: January 09, 2017, 03:56:41 am »
It's always difficult to nail down intermittent problems - no need to sit and watch it full time, just when you are using it normally.

It may be worth checking Event Viewer for anything for when this happens.

Offline Samson

  • Hero Member
  • *****
  • Join Date: Nov 2011
  • Posts: 915
  • Location: London
  • Karma: 38
    • View Profile
Re: Effect of "Restore Important Windows Services"
« Reply #6 on: January 09, 2017, 11:51:09 am »
As per the above suggestions, post a screenshot of the unknown window if/ when it shows up. Looking at your system tray you have a lot going on there, so the list of suspects is pretty big  :wink:

It may be worth grabbing Shane's Tweaking.com - svchost.exe Lookup Tool. It is a small portable application that would give a clear indication of what process is running under svchost.exe when that unknown window appears and you can save the results for further investigation.

http://www.tweaking.com/content/page/tweaking_com_svchost_exe_lookup_tool.html

Offline fjjr

  • Newbie
  • *
  • Join Date: Nov 2016
  • Posts: 18
  • Karma: 0
    • View Profile
Re: Effect of "Restore Important Windows Services"
« Reply #7 on: January 09, 2017, 12:34:27 pm »
Thanks all.  I will try to get some more data when it next happens.

Offline fjjr

  • Newbie
  • *
  • Join Date: Nov 2016
  • Posts: 18
  • Karma: 0
    • View Profile
Re: Effect of "Restore Important Windows Services"
« Reply #8 on: January 09, 2017, 01:16:43 pm »
It has now happened again, and from the event viewer it appears that it happened at about the same time as or only a few seconds after the adobe update service ran.  The entries listed by the svchost.exe lookup tool were the same before, during and after the box opened - and I did think to have it open and have refreshed it already and then to refresh the list while the box was open and then again afterwards.  There was no change in the total number of services and total number of instances of svc host running, and the entries showing in the lookup tool are copied below.  I also upload herewith a copy of the screenprint I took of the box that opens, and a copy of the log file that I saved from the svchost.exe lookup tool.  Any ideas?

--------------------------------------------------------------
Service Display Name: Automatic Updates
Service: wuauserv
PID: 1532
PID Memory: 50.46 MB
Path: C:\windows\system32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Background Intelligent Transfer Service
Service: BITS
PID: 1532
PID Memory: 50.46 MB
Path: C:\windows\system32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: COM+ Event System
Service: EventSystem
PID: 1532
PID Memory: 50.46 MB
Path: C:\windows\system32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Computer Browser
Service: Browser
PID: 1532
PID Memory: 50.46 MB
Path: C:\windows\system32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Cryptographic Services
Service: CryptSvc
PID: 1532
PID Memory: 50.46 MB
Path: C:\windows\system32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: DCOM Server Process Launcher
Service: DcomLaunch
PID: 1300
PID Memory: 05.66 MB
Path: C:\windows\system32\svchost -k DcomLaunch
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: DHCP Client
Service: Dhcp
PID: 1532
PID Memory: 50.46 MB
Path: C:\windows\system32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: DNS Client
Service: Dnscache
PID: 1652
PID Memory: 04.44 MB
Path: C:\windows\system32\svchost.exe -k NetworkService
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: ERSvc
Service: ERSvc
PID: 2224
PID Memory: 03.56 MB
Path: C:\windows\System32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Fast User Switching Compatibility
Service: FastUserSwitchingCompatibility
PID: 1532
PID Memory: 50.46 MB
Path: C:\windows\System32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Help and Support
Service: helpsvc
PID: 1532
PID Memory: 50.46 MB
Path: C:\windows\System32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Infrared Monitor
Service: Irmon
PID: 1532
PID Memory: 50.46 MB
Path: C:\windows\system32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Logical Disk Manager
Service: dmserver
PID: 1532
PID Memory: 50.46 MB
Path: C:\windows\System32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Network Connections
Service: Netman
PID: 1532
PID Memory: 50.46 MB
Path: C:\windows\System32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Network Location Awareness (NLA)
Service: Nla
PID: 1532
PID Memory: 50.46 MB
Path: C:\windows\system32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Remote Access Connection Manager
Service: RasMan
PID: 1532
PID Memory: 50.46 MB
Path: C:\windows\system32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Remote Procedure Call (RPC)
Service: RpcSs
PID: 1436
PID Memory: 05.88 MB
Path: C:\windows\system32\svchost -k rpcss
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Remote Registry
Service: RemoteRegistry
PID: 1784
PID Memory: 03.18 MB
Path: C:\windows\system32\svchost.exe -k LocalService
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Secondary Logon
Service: seclogon
PID: 1532
PID Memory: 50.46 MB
Path: C:\windows\System32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Security Center
Service: wscsvc
PID: 1532
PID Memory: 50.46 MB
Path: C:\windows\System32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Server
Service: LanmanServer
PID: 1532
PID Memory: 50.46 MB
Path: C:\windows\system32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Shell Hardware Detection
Service: ShellHWDetection
PID: 1532
PID Memory: 50.46 MB
Path: C:\windows\System32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: System Event Notification
Service: SENS
PID: 1532
PID Memory: 50.46 MB
Path: C:\windows\system32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: System Restore Service
Service: srservice
PID: 1532
PID Memory: 50.46 MB
Path: C:\windows\system32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Task Scheduler
Service: Schedule
PID: 1532
PID Memory: 50.46 MB
Path: C:\windows\System32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: TCP/IP NetBIOS Helper
Service: LmHosts
PID: 1784
PID Memory: 03.18 MB
Path: C:\windows\system32\svchost.exe -k LocalService
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Telephony
Service: TapiSrv
PID: 1532
PID Memory: 50.46 MB
Path: C:\windows\System32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Terminal Services
Service: TermService
PID: 1300
PID Memory: 05.66 MB
Path: C:\windows\System32\svchost -k DComLaunch
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Themes
Service: Themes
PID: 1532
PID Memory: 50.46 MB
Path: C:\windows\System32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: TrkWks
Service: TrkWks
PID: 3848
PID Memory: 03.21 MB
Path: C:\windows\system32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: WebClient
Service: WebClient
PID: 796
PID Memory: 03.90 MB
Path: C:\windows\system32\svchost.exe -k LocalService
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Windows Audio
Service: AudioSrv
PID: 1532
PID Memory: 50.46 MB
Path: C:\windows\System32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Windows Firewall/Internet Connection Sharing (ICS)
Service: SharedAccess
PID: 1532
PID Memory: 50.46 MB
Path: C:\windows\System32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Windows Image Acquisition (WIA)
Service: stisvc
PID: 3364
PID Memory: 06.80 MB
Path: C:\windows\system32\svchost.exe -k imgsvc
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Windows Management Instrumentation
Service: winmgmt
PID: 1532
PID Memory: 50.46 MB
Path: C:\windows\system32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Windows Time
Service: W32Time
PID: 1532
PID Memory: 50.46 MB
Path: C:\windows\System32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Wireless Zero Configuration
Service: WZCSVC
PID: 1532
PID Memory: 50.46 MB
Path: C:\windows\System32\svchost.exe -k netsvcs
--------------------------------------------------------------
--------------------------------------------------------------
Service Display Name: Workstation
Service: LanmanWorkstation
PID: 1532
PID Memory: 50.46 MB
Path: C:\windows\system32\svchost.exe -k netsvcs
--------------------------------------------------------------

Offline Samson

  • Hero Member
  • *****
  • Join Date: Nov 2011
  • Posts: 915
  • Location: London
  • Karma: 38
    • View Profile
Re: Effect of "Restore Important Windows Services"
« Reply #9 on: January 09, 2017, 01:36:51 pm »
I don't use Adobe Reader, I have Flash Player (set to - "Ask to activate" in my browser) and have auto updates disabled.  Check in Scheduled tasks if Adobe adds a task there to update. If it does then it it could be Task Scheduler causing that window, as it runs under svchost.exe

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: Effect of "Restore Important Windows Services"
« Reply #10 on: January 09, 2017, 01:45:53 pm »
As you won't be getting any more Windows Updates then you can disable that service.

Offline Samson

  • Hero Member
  • *****
  • Join Date: Nov 2011
  • Posts: 915
  • Location: London
  • Karma: 38
    • View Profile
Re: Effect of "Restore Important Windows Services"
« Reply #11 on: January 09, 2017, 01:50:30 pm »
As you won't be getting any more Windows Updates then you can disable that service.

Unless you've done the tweak to get POS/ Embedded XP updates until April 2019  :wink:

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: Effect of "Restore Important Windows Services"
« Reply #12 on: January 09, 2017, 01:58:22 pm »
While there's a registry hack for those, MS don't recommend it - but you could say that they would say that in order to sell more of their product....

http://www.zdnet.com/article/registry-hack-enables-continued-updates-for-windows-xp/

Offline fjjr

  • Newbie
  • *
  • Join Date: Nov 2016
  • Posts: 18
  • Karma: 0
    • View Profile
Re: Effect of "Restore Important Windows Services"
« Reply #13 on: January 09, 2017, 02:39:12 pm »
Yes, Adobe flash is a scheduled task.  What is odd to my mind is not that svc.exe should be running, if that is what is happening, but that it opens the box or window.  I suspect a switch or something like that for opening the window instead of running silently, and may be that got corrupted when I ran the repair, but of course that is post hoc ergo propter hoc, and may not be the connection at all.

Offline Samson

  • Hero Member
  • *****
  • Join Date: Nov 2011
  • Posts: 915
  • Location: London
  • Karma: 38
    • View Profile
Re: Effect of "Restore Important Windows Services"
« Reply #14 on: January 09, 2017, 02:51:16 pm »
Agreed, that is odd behaviour.

Try temporarily disabling the update task for a while to determine if that is the cause.

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: Effect of "Restore Important Windows Services"
« Reply #15 on: January 09, 2017, 02:57:24 pm »
This is why I suggested disabling non-MS services in msconfig.

Offline fjjr

  • Newbie
  • *
  • Join Date: Nov 2016
  • Posts: 18
  • Karma: 0
    • View Profile
Re: Effect of "Restore Important Windows Services"
« Reply #16 on: January 10, 2017, 10:07:05 am »
Yes - I'll do that - disable the adobe updater - and report back.

Presumably the black box is svchost.exe running and for some reason showing a console.

We have yet to establish a link to Adobe updater, but for what it is worth I can see no switches on the script in the scheduled task.

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: Effect of "Restore Important Windows Services"
« Reply #17 on: January 10, 2017, 02:01:10 pm »
Disable all non-MS services then reboot to see if it still pops up.

If it doesn't then re-enable a couple at a time until it does and then it will be easy to ID which one.

If it still pops up then disable all under the Startup tab and check again.

Otherwise it's back to the drawing board if a complete clean boot doesn't stop it.

Have you ran an antimalware scan ?

Offline fjjr

  • Newbie
  • *
  • Join Date: Nov 2016
  • Posts: 18
  • Karma: 0
    • View Profile
Re: Effect of "Restore Important Windows Services"
« Reply #18 on: January 10, 2017, 02:28:15 pm »
Thanks Boggin.  All of that gives me a number of ways of homing in on the source of this odd behaviour.  I will report back when I have followed those leads.

Offline fjjr

  • Newbie
  • *
  • Join Date: Nov 2016
  • Posts: 18
  • Karma: 0
    • View Profile
Re: Effect of "Restore Important Windows Services"
« Reply #19 on: January 11, 2017, 06:33:32 am »
I think I have moved the matter forward now, albeit by a slightly different route.

I tried running the scheduled Adobe Flash Player update task a few times, and on each occasion, if I left at least a few seconds between runs, the mystery black box appeared.   The same did not happen when running other scheduled tasks.  So I think the link to Adobe is clearly established.  I note however that when running certain tasks a similar box opened to inform of progress, and I now upload a couple of screenprints showing that.  They relate to the Windows defrag utility, the UltraDefrag utility, and a script that I schedule to run periodically via TakeCommand to flush data from cache to drive (to reduce the potential data loss from a system hang or crash).  The odd thing about the Adobe box is that it opens but is empty.  I suppose I could try uninstalling and reinstalling Adobe flash player to see whether doing so removes this odd behaviour, but the fact that this behaviour only differs from other established behaviour in that the box is empty seems to suggest that it is probably not indicative of a substantive problem. 

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: Effect of "Restore Important Windows Services"
« Reply #20 on: January 11, 2017, 07:48:22 am »
Annoying, all the same.

Offline fjjr

  • Newbie
  • *
  • Join Date: Nov 2016
  • Posts: 18
  • Karma: 0
    • View Profile
Re: Effect of "Restore Important Windows Services"
« Reply #21 on: January 12, 2017, 10:14:29 am »
Annoying, and aberrant.  It is the adobe flash updater that is affected, and I have noticed that the flash updater does not appear to have been updating automatically recently, despite being set to do so.  I have updated adobe flash today to the most recent version, and yet it is still causing the empty black box to appear when I run the scheduled update task.
 

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: Effect of "Restore Important Windows Services"
« Reply #22 on: January 12, 2017, 10:26:11 am »
I have the Flash updater service disabled but normally manually check for updates shortly after Update Tuesday as they seem to be updating on a monthly basis now.

Offline fjjr

  • Newbie
  • *
  • Join Date: Nov 2016
  • Posts: 18
  • Karma: 0
    • View Profile
Re: Effect of "Restore Important Windows Services"
« Reply #23 on: January 12, 2017, 11:13:29 am »
Updating adobe flash today did not fix anything.  But I now seem to have got rid of the myserious empty black box, by uninstalling adobe flash via add/remove programs, and then rebooting followed by reinstalling adobe flash.  It remains to be seen whether it will update automatically in future.  I did not also reinstall the active x version for internet explorer, which is now so out of date I thought it better not to install adobe flash for it - I only use it for the ms update function and for viewing old .mht files.

Offline Samson

  • Hero Member
  • *****
  • Join Date: Nov 2011
  • Posts: 915
  • Location: London
  • Karma: 38
    • View Profile
Re: Effect of "Restore Important Windows Services"
« Reply #24 on: January 12, 2017, 11:21:03 am »
Sometimes it is better to use the Flash Player uninstaller, following all the steps, rather than add/ remove programs.

https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-windows.html#main_Download_the_Adobe_Flash_Player_uninstaller