HELP! intermittent random hang/release, low CPU usage but seeminglyhigh (?) mem usage

> "I thought about viruses (but don't have any as near as I can tell)..."
> You mean, your virus scanner isn't sure?
>
> "...and excessive Spyware running."
> Is there a certain level of spyware that is acceptable to you?
>
> May I suggest, as a first step, that you 1) be very certain that you are
> not infected with a virus, and 2) that you remove all spyware from your
> system.
>
> Tom Swift
>
> "brosenau[" <"brosenau["@]jhu.edu> wrote in message
> news:%23kMIc04sDHA.2492@TK2MSFTNGP12.phx.gbl...
>

>>Hi, so I'm really hoping someone can help me with this...
>>
>>The problem: at seemingly random times, the system hangs. Something as
>>simple as scrolling through a file just STOPS. Waiting anywhere from
>>several seconds to a minute or more usually causes everything to get
>>back to normal, but these things happen very frequently, often during
>>very minor tasks with nothing else running. Trying to look at the
>>properties page of a disk drive involves waiting way longer than on most
>>systems, as I said, scrolling a file in Visual Studio or even a text
>>editor sometimes causes this, and any number of other operations do as
>>well. Sometimes the system marks the program this happens to as "not
>>responding", but waiting, as I said, generally restores it to normal
>>operation. Oddly, CPU usage does not tend to be high or go up when this
>>happens--it may be 3-5% and this still occurs. Memory usage on the
>>system seems to be a bit high (but I don't really know what it should
>>be, for an XP system)--with minimal applications running physical memory
>>available is often around 200-300 MB, out of 512. This seems like a
>>minor problem, but it's really driving me nuts because it happens so
>>often. Does anyone have any ideas? I thought about viruses (but don't
>>have any as near as I can tell) and excessive Spyware running (same),
>>very fragmented hard disks (but each gets defragged weekly), etc...
>>
>>System info: I'm running XP Pro SP1 on a dual P3-800 system with 512 MB
>>ram, two 40GB hard disks (C:, D connected to the on-motherboard IDE
>>controller and a 150GB (G hard disk connected via a Promise Ultra133
>>TX2 IDE controller. Page files are on the D (1-2 GB) and G (1-4 GB)
>>drives; the OS and program executables are on the C drive.
>>StartupTracker info follows:
>>
>>-- Registry --
>>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cu rrentVersion\RunOnce
>>
>>No Items Found
>>
>>-- Registry --
>>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cu rrentVersion\Run
>>
>>vptray C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
>>
>>-- Registry --
>>HKEY_CURRENT_USER\Software\Microsoft\Windows\Cur rentVersion\RunOnce
>>
>>No Items Found
>>
>>-- Registry --
>>HKEY_CURRENT_USER\Software\Microsoft\Windows\Cur rentVersion\Run
>>
>>ctfmon.exe C:\WINDOWS\System32\ctfmon.exe
>>
>>-- Registry --
>>HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\C urrentVersion\RunOnce
>>
>>No Items Found
>>
>>-- Start Menu - Current User --
>>No Items Found
>>
>>-- Start Menu - All Users --
>>No Items Found
>>
>>-- Disabled Items --
>>msmsgs
>>qttask
>>Acrobat Assistant
>>Microsoft Office
>>
>>-- Registry - Shell Value - HKLM\SOFTWARE\Microsoft\Windows
>>NT\CurrentVersion\Winlogon --
>>Explorer.exe
>>
>>-- Running Processes --
>>System Idle Process
>>System
>>smss.exe \SystemRoot\System32\smss.exe
>>csrss.exe
>>winlogon.exe winlogon.exe
>>services.exe C:\WINDOWS\system32\services.exe
>>lsass.exe C:\WINDOWS\system32\lsass.exe
>>svchost.exe C:\WINDOWS\system32\svchost -k rpcss
>>svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs
>>svchost.exe
>>svchost.exe
>>spoolsv.exe C:\WINDOWS\system32\spoolsv.exe
>>Crypserv.exe crypserv.exe
>>DefWatch.exe "C:\Program Files\Symantec_Client_Security\Symantec
>>AntiVirus\DefWatch.exe"
>>Rtvscan.exe "C:\Program Files\Symantec_Client_Security\Symantec
>>AntiVirus\Rtvscan.exe"
>>RemotSvc.exe "C:\Program Files\Dantz\Client\Remotsvc.exe"
>>retroclient.exe "C:\Program Files\Dantz\Client\retroclient.exe"
>>svchost.exe C:\WINDOWS\System32\svchost.exe -k imgsvc
>>explorer.exe C:\WINDOWS\Explorer.EXE
>>VPTray.exe "C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe"
>>ctfmon.exe "C:\WINDOWS\System32\ctfmon.exe"
>>wisptis.exe "C:\WINDOWS\System32\wisptis.exe" -Embedding
>>taskmgr.exe taskmgr.exe
>>mozilla.exe "C:\Program

>
> Files\mozilla.org\Mozilla\mozilla.exe" -mail
>

>>StartupTracker3.exe "C:\Documents and Settings\Ben
>>Rosenau\Desktop\Utilities and
>>Installers\StartupTracker3\StartupTracker3.exe "
>>wmiprvse.exe
>>
>>-- Running Services --
>>
>>Name: AudioSrv
>>Description: Manages audio devices for Windows-based programs. If this
>>service is stopped, audio devices and effets will not function
>>properly. If this service is disabled, any services that explicitly
>>depend on it will fail to start.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: Browser
>>Description: Maintains an updated list of computers on the network and
>>supplies this list to computers designated as browsers. If this service
>>is stopped, this list will not be updated or maintained. If this service
>>is disabled, any services that explicitly depend on it will fail to start.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: Crypkey License
>>Description:
>>Startup Mode: Auto
>>Run from: crypserv.exe
>>
>>Name: CryptSvc
>>Description: Provides three management services: Catalog Database
>>Service, which confirms the signatures of Windows files; Protected Root
>>Service, which adds and removes Trusted Root Certification Authority
>>certificates from this computer; and Key Service, which helps enroll
>>this computer for certificates. If this service is stopped, these
>>management services will not function properly. If this service is
>>disabled, any services that explicitly depend on it will fail to start.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
>>
>>Name: DefWatch
>>Description:
>>Startup Mode: Auto
>>Run from: C:\Program Files\Symantec_Client_Security\Symantec
>>AntiVirus\DefWatch.exe
>>
>>Name: Dhcp
>>Description: Manages network configuration by registering and updating
>>IP addresses and DNS names.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: dmserver
>>Description: Detects and monitors new hard disk drives and sends disk
>>volume information to Logical Disk Manager Administrative Service for
>>configuration. If this service is stopped, dynamic disk status and
>>configuration information may become out of date. If this service is
>>disabled, any services that explicitly depend on it will fail to start.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: Dnscache
>>Description: Resolves and caches Domain Name System (DNS) names for this
>>computer. If this service is stopped, this computer will not be able to
>>resolve DNS names and locate Active Directory domain controllers. If
>>this service is disabled, any services that explicitly depend on it will
>>fail to start.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k NetworkService
>>
>>Name: ERSvc
>>Description: Allows error reporting for services and applictions running
>>in non-standard environments.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: Eventlog
>>Description: Enables event log messages issued by Windows-based programs
>>and components to be viewed in Event Viewer. This service cannot be

>
> stopped.
>

>>Startup Mode: Auto
>>Run from: C:\WINDOWS\system32\services.exe
>>
>>Name: EventSystem
>>Description: Supports System Event Notification Service (SENS), which
>>provides automatic distribution of events to subscribing Component
>>Object Model (COM) components. If the service is stopped, SENS will
>>close and will not be able to provide logon and logoff notifications. If
>>this service is disabled, any services that explicitly depend on it will
>>fail to start.
>>Startup Mode: Manual
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: FastUserSwitchingCompatibility
>>Description: Provides management for applications that require
>>assistance in a multiple user environment.
>>Startup Mode: Manual
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: helpsvc
>>Description: Enables Help and Support Center to run on this computer. If
>>this service is stopped, Help and Support Center will be unavailable. If
>>this service is disabled, any services that explicitly depend on it will
>>fail to start.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: lanmanserver
>>Description: Supports file, print, and named-pipe sharing over the
>>network for this computer. If this service is stopped, these functions
>>will be unavailable. If this service is disabled, any services that
>>explicitly depend on it will fail to start.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: lanmanworkstation
>>Description: Creates and maintains client network connections to remote
>>servers. If this service is stopped, these connections will be
>>unavailable. If this service is disabled, any services that explicitly
>>depend on it will fail to start.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: LmHosts
>>Description: Enables support for NetBIOS over TCP/IP (NetBT) service and
>>NetBIOS name resolution.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k LocalService
>>
>>Name: Messenger
>>Description: Transmits net send and Alerter service messages between
>>clients and servers. This service is not related to Windows Messenger.
>>If this service is stopped, Alerter messages will not be transmitted. If
>>this service is disabled, any services that explicitly depend on it will
>>fail to start.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: Netman
>>Description: Manages objects in the Network and Dial-Up Connections
>>folder, in which you can view both local area network and remote
>>connections.
>>Startup Mode: Manual
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: Nla
>>Description: Collects and stores network configuration and location
>>information, and notifies applications when this information changes.
>>Startup Mode: Manual
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: Norton AntiVirus Server
>>Description:
>>Startup Mode: Auto
>>Run from: C:\Program Files\Symantec_Client_Security\Symantec
>>AntiVirus\Rtvscan.exe
>>
>>Name: PlugPlay
>>Description: Enables a computer to recognize and adapt to hardware
>>changes with little or no user input. Stopping or disabling this service
>>will result in system instability.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\system32\services.exe
>>
>>Name: PolicyAgent
>>Description: Manages IP security policy and starts the ISAKMP/Oakley
>>(IKE) and the IP security driver.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\lsass.exe
>>
>>Name: ProtectedStorage
>>Description: Provides protected storage for sensitive data, such as
>>private keys, to prevent access by unauthorized services, processes, or
>>users.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\system32\lsass.exe
>>
>>Name: RemoteRegistry
>>Description: Enables remote users to modify registry settings on this
>>computer. If this service is stopped, the registry can be modified only
>>by users on this computer. If this service is disabled, any services
>>that explicitly depend on it will fail to start.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\system32\svchost.exe -k LocalService
>>
>>Name: Retrospect Client
>>Description:
>>Startup Mode: Auto
>>Run from: C:\Program Files\Dantz\Client\Remotsvc.exe
>>
>>Name: RpcSs
>>Description: Provides the endpoint mapper and other miscellaneous RPC
>>services.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\system32\svchost -k rpcss
>>
>>Name: SamSs
>>Description: Stores security information for local user accounts.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\system32\lsass.exe
>>
>>Name: Schedule
>>Description: Enables a user to configure and schedule automated tasks on
>>this computer. If this service is stopped, these tasks will not be run
>>at their scheduled times. If this service is disabled, any services that
>>explicitly depend on it will fail to start.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: seclogon
>>Description: Enables starting processes under alternate credentials. If
>>this service is stopped, this type of logon access will be unavailable.
>>If this service is disabled, any services that explicitly depend on it
>>will fail to start.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: SENS
>>Description: Tracks system events such as Windows logon, network, and
>>power events. Notifies COM+ Event System subscribers of these events.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
>>
>>Name: ShellHWDetection
>>Description:
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: Spooler
>>Description: Loads files to memory for later printing.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\system32\spoolsv.exe
>>
>>Name: srservice
>>Description: Performs system restore functions. To stop service, turn
>>off System Restore from the System Restore tab in My Computer->Properties
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: SSDPSRV
>>Description: Enables discovery of UPnP devices on your home network.
>>Startup Mode: Manual
>>Run from: C:\WINDOWS\System32\svchost.exe -k LocalService
>>
>>Name: stisvc
>>Description: Provides image acquisition services for scanners and cameras.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k imgsvc
>>
>>Name: TermService
>>Description: Allows multiple users to be connected interactively to a
>>machine as well as the display of desktops and applications to remote
>>computers. The underpinning of Remote Desktop (including RD for
>>Administrators), Fast User Switching, Remote Assistance, and Terminal
>>Server.
>>Startup Mode: Manual
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: TrkWks
>>Description: Maintains links between NTFS files within a computer or
>>across computers in a network domain.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
>>
>>Name: uploadmgr
>>Description: Manages synchronous and asynchronous file transfers between
>>clients and servers on the network. If this service is stopped,
>>synchronous and asynchronous file transfers between clients and servers
>>on the network will not occur. If this service is disabled, any services
>>that explicitly depend on it will fail to start.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: W32Time
>>Description: Maintains date and time synchronization on all clients and
>>servers in the network. If this service is stopped, date and time
>>synchronization will be unavailable. If this service is disabled, any
>>services that explicitly depend on it will fail to start.
>>
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: WebClient
>>Description: Enables Windows-based programs to create, access, and
>>modify Internet-based files. If this service is stopped, these functions
>>will not be available. If this service is disabled, any services that
>>explicitly depend on it will fail to start.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k LocalService
>>
>>Name: winmgmt
>>Description: Provides a common interface and object model to access
>>management information about operating system, devices, applications and
>>services. If this service is stopped, most Windows-based software will
>>not function properly. If this service is disabled, any services that
>>explicitly depend on it will fail to start.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
>>
>>Name: wuauserv
>>Description: Enables the download and installation of critical Windows
>>updates. If the service is disabled, the operating system can be
>>manually updated at the Windows Update Web site.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
>>
>>Name: WZCSVC
>>Description: Provides automatic configuration for the 802.11 adapters
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>
>>
>>
>>THANKS!!!
>>Ben Rosenau
>>

>
>
>

>-----Original Message-----
>Hi, so I'm really hoping someone can help me with this...
>
>The problem: at seemingly random times, the system

>simple as scrolling through a file just STOPS. Waiting

>several seconds to a minute or more usually causes

>back to normal, but these things happen very frequently,

>very minor tasks with nothing else running. Trying to

>properties page of a disk drive involves waiting way

>systems, as I said, scrolling a file in Visual Studio or

>editor sometimes causes this, and any number of other

>well. Sometimes the system marks the program this

>responding", but waiting, as I said, generally restores

>operation. Oddly, CPU usage does not tend to be high or

>happens--it may be 3-5% and this still occurs. Memory

>system seems to be a bit high (but I don't really know

>be, for an XP system)--with minimal applications running

>available is often around 200-300 MB, out of 512. This

>minor problem, but it's really driving me nuts because it

>often. Does anyone have any ideas? I thought about

>have any as near as I can tell) and excessive Spyware

>very fragmented hard disks (but each gets defragged

>
>System info: I'm running XP Pro SP1 on a dual P3-800

>ram, two 40GB hard disks (C:, D connected to the on-

>controller and a 150GB (G hard disk connected via a

>TX2 IDE controller. Page files are on the D (1-2 GB) and

>drives; the OS and program executables are on the C

>StartupTracker info follows:
>
>-- Registry --
>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cur rentVersi

>
>No Items Found
>
>-- Registry --
>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cur rentVersi

>
>vptray C:\PROGRA~1\SYMANT~1

>
>-- Registry --
>HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersio

>
>No Items Found
>
>-- Registry --
>HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersio

>
>ctfmon.exe C:\WINDOWS\System32

>
>-- Registry --
>HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cu rrentVers

>
>No Items Found
>
>-- Start Menu - Current User --
>No Items Found
>
>-- Start Menu - All Users --
>No Items Found
>
>-- Disabled Items --
>msmsgs
>qttask
>Acrobat Assistant
>Microsoft Office
>
>-- Registry - Shell Value -

>NT\CurrentVersion\Winlogon --
>Explorer.exe
>
>-- Running Processes --
>System Idle Process
>System
>smss.exe \SystemRoot\System32\smss.exe
>csrss.exe
>winlogon.exe winlogon.exe
>services.exe C:\WINDOWS\system32\services.exe
>lsass.exe C:\WINDOWS\system32\lsass.exe
>svchost.exe C:\WINDOWS\system32\svchost -k rpcss
>svchost.exe C:\WINDOWS\System32\svchost.exe -k

>svchost.exe
>svchost.exe
>spoolsv.exe C:\WINDOWS\system32\spoolsv.exe
>Crypserv.exe crypserv.exe
>DefWatch.exe "C:\Program

>AntiVirus\DefWatch.exe"
>Rtvscan.exe "C:\Program

>AntiVirus\Rtvscan.exe"
>RemotSvc.exe "C:\Program

>retroclient.exe "C:\Program

>svchost.exe C:\WINDOWS\System32\svchost.exe -k

>explorer.exe C:\WINDOWS\Explorer.EXE
>VPTray.exe "C:\PROGRA~1\SYMANT~1\SYMANT~1

>ctfmon.exe "C:\WINDOWS\System32\ctfmon.exe"
>wisptis.exe "C:\WINDOWS\System32\wisptis.exe" -

>taskmgr.exe taskmgr.exe
>mozilla.exe "C:\Program

>StartupTracker3.exe "C:\Documents and Settings\Ben
>Rosenau\Desktop\Utilities and
>Installers\StartupTracker3\StartupTracker3.exe"
>wmiprvse.exe
>
>-- Running Services --
>
>Name: AudioSrv
>Description: Manages audio devices for Windows-based

>service is stopped, audio devices and effects will not

>properly. If this service is disabled, any services that

>depend on it will fail to start.
>Startup Mode: Auto
>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
>Name: Browser
>Description: Maintains an updated list of computers on

>supplies this list to computers designated as browsers.

>is stopped, this list will not be updated or maintained.

>is disabled, any services that explicitly depend on it

>Startup Mode: Auto
>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
>Name: Crypkey License
>Description:
>Startup Mode: Auto
>Run from: crypserv.exe
>
>Name: CryptSvc
>Description: Provides three management services: Catalog

>Service, which confirms the signatures of Windows files;

>Service, which adds and removes Trusted Root

>certificates from this computer; and Key Service, which

>this computer for certificates. If this service is

>management services will not function properly. If this

>disabled, any services that explicitly depend on it will

>Startup Mode: Auto
>Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
>
>Name: DefWatch
>Description:
>Startup Mode: Auto
>Run from: C:\Program

>AntiVirus\DefWatch.exe
>
>Name: Dhcp
>Description: Manages network configuration by registering

>IP addresses and DNS names.
>Startup Mode: Auto
>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
>Name: dmserver
>Description: Detects and monitors new hard disk drives

>volume information to Logical Disk Manager Administrative

>configuration. If this service is stopped, dynamic disk

>configuration information may become out of date. If this

>disabled, any services that explicitly depend on it will

>Startup Mode: Auto
>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
>Name: Dnscache
>Description: Resolves and caches Domain Name System (DNS)

>computer. If this service is stopped, this computer will

>resolve DNS names and locate Active Directory domain

>this service is disabled, any services that explicitly

>fail to start.
>Startup Mode: Auto
>Run from: C:\WINDOWS\System32\svchost.exe -k

>
>Name: ERSvc
>Description: Allows error reporting for services and

>in non-standard environments.
>Startup Mode: Auto
>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
>Name: Eventlog
>Description: Enables event log messages issued by Windows-

>and components to be viewed in Event Viewer. This service

>Startup Mode: Auto
>Run from: C:\WINDOWS\system32\services.exe
>
>Name: EventSystem
>Description: Supports System Event Notification Service

>provides automatic distribution of events to subscribing

>Object Model (COM) components. If the service is stopped,

>close and will not be able to provide logon and logoff

>this service is disabled, any services that explicitly

>fail to start.
>Startup Mode: Manual
>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
>Name: FastUserSwitchingCompatibility
>Description: Provides management for applications that

>assistance in a multiple user environment.
>Startup Mode: Manual
>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
>Name: helpsvc
>Desciption: Enables Help and Support Center to run on

>this service is stopped, Help and Support Center will be

>this service is disabled, any services that explicitly

>fail to start.
>Startup Mode: Auto
>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
>Name: lanmanserver
>Description: Supports file, print, and named-pipe sharing

>network for this computer. If this service is stopped,

>will be unavailable. If this service is disabled, any

>explicitly depend on it will fail to start.
>Startup Mode: Auto
>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
>Name: lanmanworkstation
>Description: Creates and maintains client network

>servers. If this service is stopped, these connections

>unavailable. If this service is disabled, any services

>depend on it will fail to start.
>Startup Mode: Auto
>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
>Name: LmHosts
>Description: Enables support for NetBIOS over TCP/IP

>NetBIOS name resolution.
>Startup Mode: Auto
>Run from: C:\WINDOWS\System32\svchost.exe -k LocalService
>
>Name: Messenger
>Description: Transmits net send and Alerter service

>clients and servers. This service is not related to

>If this service is stopped, Alerter messages will not be

>this service is disabled, any services that explicitly

>fail to start.
>Startup Mode: Auto
>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
>Name: Netman
>Description: Manages objects in the Network and Dial-Up

>folder, in which you can view both local area network and

>connections.
>Startup Mode: Manual
>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
>Name: Nla
>Description: Collects and stores network configuration

>information, and notifies applications when this

>Startup Mode: Manual
>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
>Name: Norton AntiVirus Server
>Description:
>Startup Mode: Auto
>Run from: C:\Program

>AntiVirus\Rtvscan.exe
>
>Name: PlugPlay
>Description: Enables a computer to recognize and adapt to

>changes with little or no user input. Stopping or

>will result in system instability.
>Startup Mode: Auto
>Run from: C:\WINDOWS\system32\services.exe
>
>Name: PolicyAgent
>Description: Manages IP security policy and starts the

>(IKE) and the IP security driver.
>Startup Mode: Auto
>Run from: C:\WINDOWS\System32\lsass.exe
>
>Name: ProtectedStorage
>Description: Provides protected storage for sensitive

>private keys, to prevent access by unauthorized services,

>users.
>Startup Mode: Auto
>Run from: C:\WINDOWS\system32\lsass.exe
>
>Name: RemoteRegistry
>Description: Enables remote users to modify registry

>computer. If this service is stopped, the registry can be

>by users on this computer. If this service is disabled,

>that explicitly depend on it will fail to start.
>Startup Mode: Auto
>Run from: C:\WINDOWS\system32\svchost.exe -k LocalService
>
>Name: Retrospect Client
>Description:
>Startup Mode: Auto
>Run from: C:\Program Files\Dantz\Client\Remotsvc.exe
>
>Name: RpcSs
>Description: Provides the endpoint mapper and other

>services.
>Startup Mode: Auto
>Run from: C:\WINDOWS\system32\svchost -k rpcss
>
>Name: SamSs
>Description: Stores security information for local user

>Startup Mode: Auto
>Run from: C:\WINDOWS\system32\lsass.exe
>
>Name: Schedule
>Description: Enables a user to configure and schedule

>this computer. If this service is stopped, these tasks

>at their scheduled times. If this service is disabled,

>explicitly depend on it will fail to start.
>Startup Mode: Auto
>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
>Name: seclogon
>Description: Enables starting processes under alternate

>this service is stopped, this type of logon access will

>If this service is disabled, any services that explicitly

>will fail to start.
>Startup Mode: Auto
>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
>Name: SENS
>Description: Tracks system events such as Windows logon,

>power events. Notifies COM+ Event System subscribers of

>Startup Mode: Auto
>Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
>
>Name: ShellHWDetection
>Description:
>Startup Mode: Auto
>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
>Name: Spooler
>Description: Loads files to memory for later printing.
>Startup Mode: Auto
>Run from: C:\WINDOWS\system32\spoolsv.exe
>
>Name: srservice
>Description: Performs system restore functions. To stop

>off System Restore from the System Restore tab in My

>Startup Mode: Auto
>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
>Name: SSDPSRV
>Description: Enables discovery of UPnP devices on your

>Startup Mode: Manual
>Run from: C:\WINDOWS\System32\svchost.exe -k LocalService
>
>Name: stisvc
>Description: Provides image acquisition services for

>Startup Mode: Auto
>Run from: C:\WINDOWS\System32\svchost.exe -k imgsvc
>
>Name: TermService
>Description: Allows multiple users to be connected

>machine as well as the display of desktops and

>computers. The underpinning of Remote Desktop (including

>Administrators), Fast User Switching, Remote Assistance,

>Server.
>Startup Mode: Manual
>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
>Name: TrkWks
>Description: Maintains links between NTFS files within a

>across computers in a network domain.
>Startup Mode: Auto
>Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
>
>Name: uploadmgr
>Description: Manages synchronous and asynchronous file

>clients and servers on the network. If this service is

>synchronous and asynchronous file transfers between

>on the network will not occur. If this service is

>that explicitly depend on it will fail to start.
>Startup Mode: Auto
>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
>Name: W32Time
>Description: Maintains date and time synchronization on

>servers in the network. If this service is stopped, date

>synchronization will be unavailable. If this service is

>services that explicitly depend on it will fail to start.
>
>Startup Mode: Auto
>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
>Name: WebClient
>Description: Enables Windows-based programs to create,

>modify Internet-based files. If this service is stopped,

>will not be available. If this service is disabled, any

>explicitly depend on it will fail to start.
>Startup Mode: Auto
>Run from: C:\WINDOWS\System32\svchost.exe -k LocalService
>
>Name: winmgmt
>Description: Provides a common interface and object model

>management information about operating system, devices,

>services. If this service is stopped, most Windows-based

>not function properly. If this service is disabled, any

>explicitly depend on it will fail to start.
>Startup Mode: Auto
>Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
>
>Name: wuauserv
>Description: Enables the download and installation of

>updates. If the service is disabled, the operating system

>manually updated at the Windows Update Web site.
>Startup Mode: Auto
>Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
>
>Name: WZCSVC
>Description: Provides automatic configuration for the

>Startup Mode: Auto
>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
>
>
>
>THANKS!!!
>Ben Rosenau
>
>.
>

> Hi, so I'm really hoping someone can help me with this...
>
> The problem: at seemingly random times, the system hangs. Something as
> simple as scrolling through a file just STOPS. Waiting anywhere from
> several seconds to a minute or more usually causes everything to get
> back to normal, but these things happen very frequently, often during
> very minor tasks with nothing else running. Trying to look at the
> properties page of a disk drive involves waiting way longer than on most
> systems, as I said, scrolling a file in Visual Studio or even a text
> editor sometimes causes this, and any number of other operations do as
> well. Sometimes the system marks the program this happens to as "not
> responding", but waiting, as I said, generally restores it to normal
> operation. Oddly, CPU usage does not tend to be high or go up when this
> happens--it may be 3-5% and this still occurs. Memory usage on the
> system seems to be a bit high (but I don't really know what it should
> be, for an XP system)--with minimal applications running physical memory
> available is often around 200-300 MB, out of 512. This seems like a
> minor problem, but it's really driving me nuts because it happens so
> often. Does anyone have any ideas? I thought about viruses (but don't
> have any as near as I can tell) and excessive Spyware running (same),
> very fragmented hard disks (but each gets defragged weekly), etc...
>
> System info: I'm running XP Pro SP1 on a dual P3-800 system with 512 MB
> ram, two 40GB hard disks (C:, D connected to the on-motherboard IDE
> controller and a 150GB (G hard disk connected via a Promise Ultra133
> TX2 IDE controller. Page files are on the D (1-2 GB) and G (1-4 GB)
> drives; the OS and program executables are on the C drive.
> StartupTracker info follows:
>
> -- Registry --
> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunOnce
>
> No Items Found
>
> -- Registry --
> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run
>
> vptray C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
>
> -- Registry --
> HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunOnce
>
> No Items Found
>
> -- Registry --
> HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run
>
> ctfmon.exe C:\WINDOWS\System32\ctfmon.exe
>
> -- Registry --
> HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce
>
> No Items Found
>
> -- Start Menu - Current User --
> No Items Found
>
> -- Start Menu - All Users --
> No Items Found
>
> -- Disabled Items --
> msmsgs
> qttask
> Acrobat Assistant
> Microsoft Office
>
> -- Registry - Shell Value - HKLM\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\Winlogon --
> Explorer.exe
>
> -- Running Processes --
> System Idle Process
> System
> smss.exe \SystemRoot\System32\smss.exe
> csrss.exe
> winlogon.exe winlogon.exe
> services.exe C:\WINDOWS\system32\services.exe
> lsass.exe C:\WINDOWS\system32\lsass.exe
> svchost.exe C:\WINDOWS\system32\svchost -k rpcss
> svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs
> svchost.exe
> svchost.exe
> spoolsv.exe C:\WINDOWS\system32\spoolsv.exe
> Crypserv.exe crypserv.exe
> DefWatch.exe "C:\Program Files\Symantec_Client_Security\Symantec
> AntiVirus\DefWatch.exe"
> Rtvscan.exe "C:\Program Files\Symantec_Client_Security\Symantec
> AntiVirus\Rtvscan.exe"
> RemotSvc.exe "C:\Program Files\Dantz\Client\Remotsvc.exe"
> retroclient.exe "C:\Program Files\Dantz\Client\retroclient.exe"
> svchost.exe C:\WINDOWS\System32\svchost.exe -k imgsvc
> explorer.exe C:\WINDOWS\Explorer.EXE
> VPTray.exe "C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe"
> ctfmon.exe "C:\WINDOWS\System32\ctfmon.exe"
> wisptis.exe "C:\WINDOWS\System32\wisptis.exe" -Embedding
> taskmgr.exe taskmgr.exe
> mozilla.exe "C:\Program Files\mozilla.org\Mozilla\mozilla.exe" -mail
> StartupTracker3.exe "C:\Documents and Settings\Ben
> Rosenau\Desktop\Utilities and
> Installers\StartupTracker3\StartupTracker3.exe"
> wmiprvse.exe
>
> -- Running Services --
>
> Name: AudioSrv
> Description: Manages audio devices for Windows-based programs. If this
> service is stopped, audio devices and effects will not function
> properly. If this service is disabled, any services that explicitly
> depend on it will fail to start.
> Startup Mode: Auto
> Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
> Name: Browser
> Description: Maintains an updated list of computers on the network and
> supplies this list to computers designated as browsers. If this service
> is stopped, this list will not be updated or maintained. If this service
> is disabled, any services that explicitly depend on it will fail to start.
> Startup Mode: Auto
> Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
> Name: Crypkey License
> Description:
> Startup Mode: Auto
> Run from: crypserv.exe
>
> Name: CryptSvc
> Description: Provides three management services: Catalog Database
> Service, which confirms the signatures of Windows files; Protected Root
> Service, which adds and removes Trusted Root Certification Authority
> certificates from this computer; and Key Service, which helps enroll
> this computer for certificates. If this service is stopped, these
> management services will not function properly. If this service is
> disabled, any services that explicitly depend on it will fail to start.
> Startup Mode: Auto
> Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
>
> Name: DefWatch
> Description:
> Startup Mode: Auto
> Run from: C:\Program Files\Symantec_Client_Security\Symantec
> AntiVirus\DefWatch.exe
>
> Name: Dhcp
> Description: Manages network configuration by registering and updating
> IP addresses and DNS names.
> Startup Mode: Auto
> Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
> Name: dmserver
> Description: Detects and monitors new hard disk drives and sends disk
> volume information to Logical Disk Manager Administrative Service for
> configuration. If this service is stopped, dynamic disk status and
> configuration information may become out of date. If this service is
> disabled, any services that explicitly depend on it will fail to start.
> Startup Mode: Auto
> Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
> Name: Dnscache
> Description: Resolves and caches Domain Name System (DNS) names for this
> computer. If this service is stopped, this computer will not be able to
> resolve DNS names and locate Active Directory domain controllers. If
> this service is disabled, any services that explicitly depend on it will
> fail to start.
> Startup Mode: Auto
> Run from: C:\WINDOWS\System32\svchost.exe -k NetworkService
>
> Name: ERSvc
> Description: Allows error reporting for services and applictions running
> in non-standard environments.
> Startup Mode: Auto
> Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
> Name: Eventlog
> Description: Enables event log messages issued by Windows-based programs
> and components to be viewed in Event Viewer. This service cannot be stopped.
> Startup Mode: Auto
> Run from: C:\WINDOWS\system32\services.exe
>
> Name: EventSystem
> Description: Supports System Event Notification Service (SENS), which
> provides automatic distribution of events to subscribing Component
> Object Model (COM) components. If the service is stopped, SENS will
> close and will not b able to provide logon and logoff notifications. If
> this service is disabled, any services that explicitly depend on it will
> fail to start.
> Startup Mode: Manual
> Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
> Name: FastUserSwitchingCompatibility
> Description: Provides management for applications that require
> assistance in a multiple user environment.
> Startup Mode: Manual
> Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
> Name: helpsvc
> Description: Enables Help and Support Center to run on this computer. If
> this service is stopped, Help and Support Center will be unavailable. If
> this service is disabled, any services that explicitly depend on it will
> fail to start.
> Startup Mode: Auto
> Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
> Name: lanmanserver
> Description: Supports file, print, and named-pipe sharing over the
> network for this computer. If this service is stopped, these functions
> will be unavailable. If this service is disabled, any services that
> explicitly depend on it will fail to start.
> Startup Mode: Auto
> Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
> Name: lanmanworkstation
> Description: Creates and maintains client network connections to remote
> servers. If this service is stopped, these connections will be
> unavailable. If this service is disabled, any services that explicitly
> depend on it will fail to start.
> Startup Mode: Auto
> Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
> Name: LmHosts
> Description: Enables support for NetBIOS over TCP/IP (NetBT) service and
> NetBIOS name resolution.
> Startup Mode: Auto
> Run from: C:\WINDOWS\System32\svchost.exe -k LocalService
>
> Name: Messenger
> Description: Transmits net send and Alerter service messages between
> clients and servers. This service is not related to Windows Messenger.
> If this service is stopped, Alerter messages will not be transmitted. If
> this service is disabled, any services that explicitly depend on it will
> fail to start.
> Startup Mode: Auto
> Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
> Name: Netman
> Description: Manages objects in the Network and Dial-Up Connections
> folder, in which you can view both local area network and remote
> connections.
> Startup Mode: Manual
> Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
> Name: Nla
> Description: Collects and stores network configuration and location
> information, and notifies applications when this information changes.
> Startup Mode: Manual
> Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
> Name: Norton AntiVirus Server
> Description:
> Startup Mode: Auto
> Run from: C:\Program Files\Symantec_Client_Security\Symantec
> AntiVirus\Rtvscan.exe
>
> Name: PlugPlay
> Description: Enables a computer to recognize and adapt to hardware
> changes with little or no user input. Stopping or disabling this service
> will result in system instability.
> Startup Mode: Auto
> Run from: C:\WINDOWS\system32\services.exe
>
> Name: PolicyAgent
> Description: Manages IP security policy and starts the ISAKMP/Oakley
> (IKE) and the IP security driver.
> Startup Mode: Auto
> Run from: C:\WINDOWS\System32\lsass.exe
>
> Name: ProtectedStorage
> Description: Provides protected storage for sensitive data, such as
> private keys, to prevent access by unauthorized services, processes, or
> users.
> Startup Mode: Auto
> Run from: C:\WINDOWS\system32\lsass.exe
>
> Name: RemoteRegistry
> Description: Enables remote users to modify registry settings on this
> computer. If this service is stopped, the registry can be modified only
> by users on this computer. If this service is disabled, any services
> that explicitly depend on it will fail to start.
> Startup Mode: Auto
> Run from: C:\WINDOWS\system32\svchost.exe -k LocalService
>
> Name: Retrospect Client
> Description:
> Startup Mode: Auto
> Run from: C:\Program Files\Dantz\Client\Remotsvc.exe
>
> Name: RpcSs
> Description: Provides the endpoint mapper and other miscellaneous RPC
> services.
> Startup Mode: Auto
> Run from: C:\WINDOWS\system32\svchost -k rpcss
>
> Name: SamSs
> Description: Stores security information for local user accounts.
> Startup Mode: Auto
> Run from: C:\WINDOWS\system32\lsass.exe
>
> Name: Schedule
> Description: Enables a user to configure and schedule automated tasks on
> this computer. If this service is stopped, these tasks will not be run
> at their scheduled times. If this service is disabled, any services that
> explicitly depend on it will fail to start.
> Startup Mode: Auto
> Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
> Name: seclogon
> Description: Enables starting processes under alternate credentials. If
> this service is stopped, this type of logon access will be unavailable.
> If this service is disabled, any services that explicitly depend on it
> will fail to start.
> Startup Mode: Auto
> Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
> Name: SENS
> Description: Tracks system events such as Windows logon, network, and
> power events. Notifies COM+ Event System subscribers of these events.
> Startup Mode: Auto
> Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
>
> Name: ShellHWDetection
> Description:
> Startup Mode: Auto
> Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
> Name: Spooler
> Description: Loads files to memory for later printing.
> Startup Mode: Auto
> Run from: C:\WINDOWS\system32\spoolsv.exe
>
> Name: srservice
> Description: Performs system restore functions. To stop service, turn
> off System Restore from the System Restore tab in My Computer->Properties
> Startup Mode: Auto
> Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
> Name: SSDPSRV
> Description: Enables discovery of UPnP devices on your home network.
> Startup Mode: Manual
> Run from: C:\WINDOWS\System32\svchost.exe -k LocalService
>
> Name: stisvc
> Description: Provides image acquisition services for scanners and cameras.
> Startup Mode: Auto
> Run from: C:\WINDOWS\System32\svchost.exe -k imgsvc
>
> Name: TermService
> Description: Allows multiple users to be connected interactively to a
> machine as well as the display of desktops and applications to remote
> computers. The underpinning of Remote Desktop (including RD for
> Administrators), Fast User Switching, Remote Assistance, and Terminal
> Server.
> Startup Mode: Manual
> Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
> Name: TrkWks
> Description: Maintains links between NTFS files within a computer or
> across computers in a network domain.
> Startup Mode: Auto
> Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
>
> Name: uploadmgr
> Description: Manages synchronous and asynchronous file transfers between
> clients and servers on the network. If this service is stopped,
> synchronous and asynchronous file transfers between clients and servers
> on the network will not occur. If this service is disabled, any services
> that explicitly depend on it will fail to start.
> Startup Mode: Auto
> Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
> Name: W32Time
> Description: Maintains date and time synchronization on all clients and
> servers in the network. If this service is stopped, date and time
> synchronization will be unavailable. If this service is disabled, any
> services that explicitly depend on it will fail to start.
>
> Startup Mode: Auto
> Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
> Name: WebClient
> Description: Enables Windows-based programs to create, access, and
> modify Internet-based files. If this service is stopped, these functions
> will not be available. If this service is disabled, any services that
> explicitly depend on it will fail to start.
> Startup Mode: Auto
> Run from: C:\WINDOWS\System32\svchost.exe -k LocalService
>
> Name: winmgmt
> Description: Provides a common interface and object model to access
> management information about operating system, devices, applications and
> services. If this service is stopped, most Windows-based software will
> not function properly. If this service is disabled, any services that
> explicitly depend on it will fail to start.
> Startup Mode: Auto
> Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
>
> Name: wuauserv
> Description: Enables the download and installation of critical Windows
> updates. If the service is disabled, the operating system can be
> manually updated at the Windows Update Web site.
> Startup Mode: Auto
> Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
>
> Name: WZCSVC
> Description: Provides automatic configuration for the 802.11 adapters
> Startup Mode: Auto
> Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>
>
>
>
> THANKS!!!
> Ben Rosenau

>-----Original Message-----
>

> This could be caused by one of the applications running on your
> system.
> I suspect it may be related to the application(s) that use the CrypKey
> license service.
> Note which applications are running when the problem occurs.
> Try disabling the CrypKey License Service temporarily.
> This will prevent the application that uses it from working, but you
> can re-enable it after you have done some test on your system to see
> if the problem re-occurs.
> To disable the CrypKey License Service, right-click on My Computer.
> Select Manage - Services.
> Locate the CrypKey License Service and stop it. Also select the option
> to disable it.
> Now use your computer for a while and see how it works.
> If it seems to be funtioning well, then start up the service again and
> see what effect that has.
> At the end of all this, if you suspect the CrypKey License Service is
> involved, then contact the vendor of the program that installed it.
> To find out which program uses the service, look in the crypkey.ini
> located in your Windows directory - it will show the directory of the
> application that uses the service. From there you can figure out which
> vendor to contact.
>
> Good Luck,
> Dave
>
> "brosenau[" <"brosenau["@]jhu.edu> wrote in message news:<#kMIc04sDHA.2492@TK2MSFTNGP12.phx.gbl>...
>

>>Hi, so I'm really hoping someone can help me with this...
>>
>>The problem: at seemingly random times, the system hangs. Something as
>>simple as scrolling through a file just STOPS. Waiting anywhere from
>>several seconds to a minute or more usually causes everything to get
>>back to normal, but these things happen very frequently, often during
>>very minor tasks with nothing else running. Trying to look at the
>>properties page of a disk drive involves waiting way longer than on most
>>systems, as I said, scrolling a file in Visual Studio or even a text
>>editor sometimes causes this, and any number of other operations do as
>>well. Sometimes the system marks the program this happens to as "not
>>responding", but waiting, as I said, generally restores it to normal
>>operation. Oddly, CPU usage does not tend to be high or go up when this
>>happens--it may be 3-5% and this still occurs. Memory usage on the
>>system seems to be a bit high (but I don't really know what it should
>>be, for an XP system)--with minimal applications running physical memory
>>available is often around 200-300 MB, out of 512. This seems like a
>>minor problem, but it's really driving me nuts because it happens so
>>often. Does anyone have any ideas? I thought about viruses (but don't
>>have any as near as I can tell) and excessive Spyware running (same),
>>very fragmented hard disks (but each gets defragged weekly), etc...
>>
>>System info: I'm running XP Pro SP1 on a dual P3-800 system with 512 MB
>>ram, two 40GB hard disks (C:, D connected to the on-motherboard IDE
>>controller and a 150GB (G hard disk connected via a Promise Ultra133
>>TX2 IDE controller. Page files are on the D (1-2 GB) and G (1-4 GB)
>>drives; the OS and program executables are on the C drive.
>>StartupTracker info follows:
>>
>>-- Registry --
>>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cu rrentVersion\RunOnce
>>
>>No Items Found
>>
>>-- Registry --
>>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cu rrentVersion\Run
>>
>>vptray C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
>>
>>-- Registry --
>>HKEY_CURRENT_USER\Software\Microsoft\Windows\Cur rentVersion\RunOnce
>>
>>No Items Found
>>
>>-- Registry --
>>HKEY_CURRENT_USER\Software\Microsoft\Windows\Cur rentVersion\Run
>>
>>ctfmon.exe C:\WINDOWS\System32\ctfmon.exe
>>
>>-- Registry --
>>HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\C urrentVersion\RunOnce
>>
>>No Items Found
>>
>>-- Start Menu - Current User --
>>No Items Found
>>
>>-- Start Menu - All Users --
>>No Items Found
>>
>>-- Disabled Items --
>>msmsgs
>>qttask
>>Acrobat Assistant
>>Microsoft Office
>>
>>-- Registry - Shell Value - HKLM\SOFTWARE\Microsoft\Windows
>>NT\CurrentVersion\Winlogon --
>>Explorer.exe
>>
>>-- Running Processes --
>>System Idle Process
>>System
>>smss.exe \SystemRoot\System32\smss.exe
>>csrss.exe
>>winlogon.exe winlogon.exe
>>services.exe C:\WINDOWS\system32\services.exe
>>lsass.exe C:\WINDOWS\system32\lsass.exe
>>svchost.exe C:\WINDOWS\system32\svchost -k rpcss
>>svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs
>>svchost.exe
>>svchost.exe
>>spoolsv.exe C:\WINDOWS\system32\spoolsv.exe
>>Crypserv.exe crypserv.exe
>>DefWatch.exe "C:\Program Files\Symantec_Client_Security\Symantec
>>AntiVirus\DefWatch.exe"
>>Rtvscan.exe "C:\Program Files\Symantec_Client_Security\Symantec
>>AntiVirus\Rtvscan.exe"
>>RemotSvc.exe "C:\Program Files\Dantz\Client\Remotsvc.exe"
>>retroclient.exe "C:\Program Files\Dantz\Client\retroclient.exe"
>>svchost.exe C:\WINDOWS\System32\svchost.exe -k imgsvc
>>explorer.exe C:\WINDOWS\Explorer.EXE
>>VPTray.exe "C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe"
>>ctfmon.exe "C:\WINDOWS\System32\ctfmon.exe"
>>wisptis.exe "C:\WINDOWS\System32\wisptis.exe" -Embedding
>>taskmgr.exe taskmgr.exe
>>mozilla.exe "C:\Program Files\mozilla.org\Mozilla\mozilla.exe" -mail
>>StartupTracker3.exe "C:\Documents and Settings\Ben
>>Rosenau\Desktop\Utilities and
>>Installers\StartupTracker3\StartupTracker3.exe "
>>wmiprvse.exe
>>
>>-- Running Services --
>>
>>Name: AudioSrv
>>Description: Manages audio devices for Windows-based programs. If this
>>service is stopped, audio devices and effects will not function
>>properly. If this service is disabled, any services that explicitly
>>depend on it will fail to start.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: Browser
>>Description: Maintains an updated list of computers on the network and
>>supplies this list to computers designated as browsers. If this service
>>is stopped, this list will not be updated or maintained. If this service
>>is disabled, any services that explicitly depend on it will fail to start.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: Crypkey License
>>Description:
>>Startup Mode: Auto
>>Run from: crypserv.exe
>>
>>Name: CryptSvc
>>Description: Provides three management services: Catalog Database
>>Service, which confirms the signatures of Windows files; Protected Root
>>Service, which adds and removes Trusted Root Certification Authority
>>certificates from this computer; and Key Service, which helps enroll
>>this computer for certificates. If this service is stopped, these
>>management services will not function properly. If this service is
>>disabled, any services that explicitly depend on it will fail to start.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
>>
>>Name: DefWatch
>>Description:
>>Startup Mode: Auto
>>Run from: C:\Program Files\Symantec_Client_Security\Symantec
>>AntiVirus\DefWatch.exe
>>
>>Name: Dhcp
>>Description: Manages network configuration by registering and updating
>>IP addresses and DNS names.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: dmserver
>>Description: Detects and monitors new hard disk drives and sends disk
>>volume information to Logical Disk Manager Administrative Service for
>>configuration. If this service is stopped, dynamic disk status and
>>configuration information may become out of date. If this service is
>>disabled, any services that explicitly depend on it will fail to start.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: Dnscache
>>Description: Resolves and caches Domain Name System (DNS) names for this
>>computer. If this service is stopped, this computer will not be able to
>>resolve DNS names and locate Active Directory domain controllers. If
>>this service is disabled, any services that explicitly depend on it will
>>fail to start.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k NetworkService
>>
>>Name: ERSvc
>>Description: Allows error reporting for services and applictions running
>>in non-standard environments.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: Eventlog
>>Description: Enables event log messages issued by Windows-based programs
>>and components to be viewed in Event Viewer. This service cannot be stopped.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\system32\services.exe
>>
>>Name: EventSystem
>>Description: Supports System Event Notification Service SENS), which
>>provides automatic distribution of events to subscribing Component
>>Object Model (COM) components. If the service is stopped, SENS will
>>close and will not be able to provide logon and logoff notifications. If
>>this service is disabled, any services that explicitly depend on it will
>>fail to start.
>>Startup Mode: Manual
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: FastUserSwitchingCompatibility
>>Description: Provides management for applications that require
>>assistance in a multiple user environment.
>>Startup Mode: Manual
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: helpsvc
>>Description: Enables Help and Support Center to run on this computer. If
>>this service is stopped, Help and Support Center will be unavailable. If
>>this service is disabled, any services that explicitly depend on it will
>>fail to start.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: lanmanserver
>>Description: Supports file, print, and named-pipe sharing over the
>>network for this computer. If this service is stopped, these functions
>>will be unavailable. If this service is disabled, any services that
>>explicitly depend on it will fail to start.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: lanmanworkstation
>>Description: Creates and maintains client network connections to remote
>>servers. If this service is stopped, these connections will be
>>unavailable. If this service is disabled, any services that explicitly
>>depend on it will fail to start.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: LmHosts
>>Description: Enables support for NetBIOS over TCP/IP (NetBT) service and
>>NetBIOS name resolution.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k LocalService
>>
>>Name: Messenger
>>Description: Transmits net send and Alerter service messages between
>>clients and servers. This service is not related to Windows Messenger.
>>If this service is stopped, Alerter messages will not be transmitted. If
>>this service is disabled, any services that explicitly depend on it will
>>fail to start.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: Netman
>>Description: Manages objects in the Network and Dial-Up Connections
>>folder, in which you can view both local area network and remote
>>connections.
>>Startup Mode: Manual
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: Nla
>>Description: Collects and stores network configuration and location
>>information, and notifies applications when this information changes.
>>Startup Mode: Manual
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: Norton AntiVirus Server
>>Description:
>>Startup Mode: Auto
>>Run from: C:\Program Files\Symantec_Client_Security\Symantec
>>AntiVirus\Rtvscan.exe
>>
>>Name: PlugPlay
>>Description: Enables a computer to recognize and adapt to hardware
>>changes with little or no user input. Stopping or disabling this service
>>will result in system instability.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\system32\services.exe
>>
>>Name: PolicyAgent
>>Description: Manages IP security policy and starts the ISAKMP/Oakley
>>(IKE) and the IP security driver.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\lsass.exe
>>
>>Name: ProtectedStorage
>>Description: Provides protected storage for sensitive data, such as
>>private keys, to prevent access by unauthorized services, processes, or
>>users.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\system32\lsass.exe
>>
>>Name: RemoteRegistry
>>Description: Enables remote users to modify registry settings on this
>>computer. If this service is stopped, the registry can be modified only
>>by users on this computer. If this service is disabled, any services
>>that explicitly depend on it will fail to start.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\system32\svchost.exe -k LocalService
>>
>>Name: Retrospect Client
>>Description:
>>Startup Mode: Auto
>>Run from: C:\Program Files\Dantz\Client\Remotsvc.exe
>>
>>Name: RpcSs
>>Description: Provides the endpoint mapper and other miscellaneous RPC
>>services.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\system32\svchost -k rpcss
>>
>>Name: SamSs
>>Description: Stores security information for local user accounts.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\system32\lsass.exe
>>
>>Name: Schedule
>>Description: Enables a user to configure and schedule automated tasks on
>>this computer. If this service is stopped, these tasks will not be run
>>at their scheduled times. If this service is disabled, any services that
>>explicitly depend on it will fail to start.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: seclogon
>>Description: Enables starting processes under alternate credentials. If
>>this service is stopped, this type of logon access will be unavailable.
>>If this service is disabled, any services that explicitly depend on it
>>will fail to start.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: SENS
>>Description: Tracks system events such as Windows logon, network, and
>>power events. Notifies COM+ Event System subscribers of these events.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
>>
>>Name: ShellHWDetection
>>Description:
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: Spooler
>>Description: Loads files to memory for later printing.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\system32\spoolsv.exe
>>
>>Name: srservice
>>Description: Performs system restore functions. To stop service, turn
>>off System Restore from the System Restore tab in My Computer->Properties
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: SSDPSRV
>>Description: Enables discovery of UPnP devices on your home network.
>>Startup Mode: Manual
>>Run from: C:\WINDOWS\System32\svchost.exe -k LocalService
>>
>>Name: stisvc
>>Description: Provides image acquisition services for scanners and cameras.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k imgsvc
>>
>>Name: TermService
>>Description: Allows multiple users to be connected interactively to a
>>machine as well as the display of desktops and applications to remote
>>computers. The underpinning of Remote Desktop (including RD for
>>Administrators), Fast User Switching, Remote Assistance, and Terminal
>>Server.
>>Startup Mode: Manual
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: TrkWks
>>Description: Maintains links between NTFS files within a computer or
>>across computers in a network domain.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
>>
>>Name: uploadmgr
>>Description: Manages synchronous and asynchronous file transfers between
>>clients and servers on the network. If this service is stopped,
>>synchronous and asynchronous file transfers between clients and servers
>>on the network will not occur. If this service is disabled, any services
>>that explicitly depend on it will fail to start.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: W32Time
>>Description: Maintains date and time synchronization on all clients and
>>servers in the network. If this service is stopped, date and time
>>synchronization will be unavailable. If this service is disabled, any
>>services that explicitly depend on it will fail to start.
>>
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>Name: WebClient
>>Description: Enables Windows-based programs to create, access, and
>>modify Internet-based files. If this service is stopped, these functions
>>will not be available. If this service is disabled, any services that
>>explicitly depend on it will fail to start.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k LocalService
>>
>>Name: winmgmt
>>Description: Provides a common interface and object model to access
>>management information about operating system, devices, applications and
>>services. If this service is stopped, most Windows-based software will
>>not function properly. If this service is disabled, any services that
>>explicitly depend on it will fail to start.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
>>
>>Name: wuauserv
>>Description: Enables the download and installation of critical Windows
>>updates. If the service is disabled, the operating system can be
>>manually updated at the Windows Update Web site.
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
>>
>>Name: WZCSVC
>>Description: Provides automatic configuration for the 802.11 adapters
>>Startup Mode: Auto
>>Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
>>
>>
>>
>>
>>THANKS!!!
>>Ben Rosenau