A diff of the services before and after the crash

Recently my main installation of Windows started having troubles. After a program crashed (more details below) the sound stopped working, the window effects stopped (i.e. the theme), and sometimes the network wouldn’t respond; in other words, it was getting very annoying and pretty much unusable. At first I thought that this had something to do with the Microsoft Zune theme because the first things that would disappear were the window effects. So, I changed back to the Silver Windows XP style but the problem did not go away. This made me pay more attention to the Visual Studio debugging window that popped up when the process crashed. The debugging window said that svchost.exe was crashing. From prior experience I realized that it could be any of the services that this one process was hosting. I decided to capture the output from tasklist /svc before and after the crash to see what were services stopped due to the crash (see the screenshot).

After a few more rounds of crashed svchost.exe, I narrowed it down to the Windows Update service. My first few searches on the internet made me look for rootkits and viruses but I didn’t find any of those on my computer. After another half hour I found Scott Swigart’s site and that is where I found the solution. Re-registering the DLLs also did not solve the problem so I tried removing the SoftwareDistribution folder and guess what? Everything came back to normal!

So, if you get random crashes of svchost.exe and you have Automatic Update turned on then the first thing you should try is “refreshing” the %windir%/SoftwareDistribution folder. Instructions for doing this can be found at Scott Swigart’s blog entry but in my case I also had to stop wuauclt.exe before I could rename the folder. So, if you keep getting access denied errors when you rename the folder then you need to stop the wuauclt.exe process (Press CTRL, SHIFT and ESCAPE at the same time to get the task manager window > Switch to “Processes” tab > Find the “wuauclt.exe” process, right click on it and “End Process”)

Good luck!

Back to blog...