B
brosenau[
Hi, so I'm really hoping someone can help me with this...
The problem: at seemingly random times, the system hangs. Something as
simple as scrolling through a file just STOPS. Waiting anywhere from
several seconds to a minute or more usually causes everything to get
back to normal, but these things happen very frequently, often during
very minor tasks with nothing else running. Trying to look at the
properties page of a disk drive involves waiting way longer than on most
systems, as I said, scrolling a file in Visual Studio or even a text
editor sometimes causes this, and any number of other operations do as
well. Sometimes the system marks the program this happens to as "not
responding", but waiting, as I said, generally restores it to normal
operation. Oddly, CPU usage does not tend to be high or go up when this
happens--it may be 3-5% and this still occurs. Memory usage on the
system seems to be a bit high (but I don't really know what it should
be, for an XP system)--with minimal applications running physical memory
available is often around 200-300 MB, out of 512. This seems like a
minor problem, but it's really driving me nuts because it happens so
often. Does anyone have any ideas? I thought about viruses (but don't
have any as near as I can tell) and excessive Spyware running (same),
very fragmented hard disks (but each gets defragged weekly), etc...
System info: I'm running XP Pro SP1 on a dual P3-800 system with 512 MB
ram, two 40GB hard disks (C:, D connected to the on-motherboard IDE
controller and a 150GB (G hard disk connected via a Promise Ultra133
TX2 IDE controller. Page files are on the D (1-2 GB) and G (1-4 GB)
drives; the OS and program executables are on the C drive.
StartupTracker info follows:
-- Registry --
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
No Items Found
-- Registry --
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
vptray C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
-- Registry --
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
No Items Found
-- Registry --
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe C:\WINDOWS\System32\ctfmon.exe
-- Registry --
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce
No Items Found
-- Start Menu - Current User --
No Items Found
-- Start Menu - All Users --
No Items Found
-- Disabled Items --
msmsgs
qttask
Acrobat Assistant
Microsoft Office
-- Registry - Shell Value - HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon --
Explorer.exe
-- Running Processes --
System Idle Process
System
smss.exe \SystemRoot\System32\smss.exe
csrss.exe
winlogon.exe winlogon.exe
services.exe C:\WINDOWS\system32\services.exe
lsass.exe C:\WINDOWS\system32\lsass.exe
svchost.exe C:\WINDOWS\system32\svchost -k rpcss
svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
spoolsv.exe C:\WINDOWS\system32\spoolsv.exe
Crypserv.exe crypserv.exe
DefWatch.exe "C:\Program Files\Symantec_Client_Security\Symantec
AntiVirus\DefWatch.exe"
Rtvscan.exe "C:\Program Files\Symantec_Client_Security\Symantec
AntiVirus\Rtvscan.exe"
RemotSvc.exe "C:\Program Files\Dantz\Client\Remotsvc.exe"
retroclient.exe "C:\Program Files\Dantz\Client\retroclient.exe"
svchost.exe C:\WINDOWS\System32\svchost.exe -k imgsvc
explorer.exe C:\WINDOWS\Explorer.EXE
VPTray.exe "C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe"
ctfmon.exe "C:\WINDOWS\System32\ctfmon.exe"
wisptis.exe "C:\WINDOWS\System32\wisptis.exe" -Embedding
taskmgr.exe taskmgr.exe
mozilla.exe "C:\Program Files\mozilla.org\Mozilla\mozilla.exe" -mail
StartupTracker3.exe "C:\Documents and Settings\Ben
Rosenau\Desktop\Utilities and
Installers\StartupTracker3\StartupTracker3.exe"
wmiprvse.exe
-- Running Services --
Name: AudioSrv
Description: Manages audio devices for Windows-based programs. If this
service is stopped, audio devices and effects will not function
properly. If this service is disabled, any services that explicitly
depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: Browser
Description: Maintains an updated list of computers on the network and
supplies this list to computers designated as browsers. If this service
is stopped, this list will not be updated or maintained. If this service
is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: Crypkey License
Description:
Startup Mode: Auto
Run from: crypserv.exe
Name: CryptSvc
Description: Provides three management services: Catalog Database
Service, which confirms the signatures of Windows files; Protected Root
Service, which adds and removes Trusted Root Certification Authority
certificates from this computer; and Key Service, which helps enroll
this computer for certificates. If this service is stopped, these
management services will not function properly. If this service is
disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: DefWatch
Description:
Startup Mode: Auto
Run from: C:\Program Files\Symantec_Client_Security\Symantec
AntiVirus\DefWatch.exe
Name: Dhcp
Description: Manages network configuration by registering and updating
IP addresses and DNS names.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: dmserver
Description: Detects and monitors new hard disk drives and sends disk
volume information to Logical Disk Manager Administrative Service for
configuration. If this service is stopped, dynamic disk status and
configuration information may become out of date. If this service is
disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: Dnscache
Description: Resolves and caches Domain Name System (DNS) names for this
computer. If this service is stopped, this computer will not be able to
resolve DNS names and locate Active Directory domain controllers. If
this service is disabled, any services that explicitly depend on it will
fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k NetworkService
Name: ERSvc
Description: Allows error reporting for services and applictions running
in non-standard environments.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: Eventlog
Description: Enables event log messages issued by Windows-based programs
and components to be viewed in Event Viewer. This service cannot be stopped.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\services.exe
Name: EventSystem
Description: Supports System Event Notification Service (SENS), which
provides automatic distribution of events to subscribing Component
Object Model (COM) components. If the service is stopped, SENS will
close and will not be able to provide logon and logoff notifications. If
this service is disabled, any services that explicitly depend on it will
fail to start.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: FastUserSwitchingCompatibility
Description: Provides management for applications that require
assistance in a multiple user environment.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: helpsvc
Description: Enables Help and Support Center to run on this computer. If
this service is stopped, Help and Support Center will be unavailable. If
this service is disabled, any services that explicitly depend on it will
fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: lanmanserver
Description: Supports file, print, and named-pipe sharing over the
network for this computer. If this service is stopped, these functions
will be unavailable. If this service is disabled, any services that
explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: lanmanworkstation
Description: Creates and maintains client network connections to remote
servers. If this service is stopped, these connections will be
unavailable. If this service is disabled, any services that explicitly
depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: LmHosts
Description: Enables support for NetBIOS over TCP/IP (NetBT) service and
NetBIOS name resolution.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k LocalService
Name: Messenger
Description: Transmits net send and Alerter service messages between
clients and servers. This service is not related to Windows Messenger.
If this service is stopped, Alerter messages will not be transmitted. If
this service is disabled, any services that explicitly depend on it will
fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: Netman
Description: Manages objects in the Network and Dial-Up Connections
folder, in which you can view both local area network and remote
connections.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: Nla
Description: Collects and stores network configuration and location
information, and notifies applications when this information changes.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: Norton AntiVirus Server
Description:
Startup Mode: Auto
Run from: C:\Program Files\Symantec_Client_Security\Symantec
AntiVirus\Rtvscan.exe
Name: PlugPlay
Description: Enables a computer to recognize and adapt to hardware
changes with little or no user input. Stopping or disabling this service
will result in system instability.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\services.exe
Name: PolicyAgent
Description: Manages IP security policy and starts the ISAKMP/Oakley
(IKE) and the IP security driver.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\lsass.exe
Name: ProtectedStorage
Description: Provides protected storage for sensitive data, such as
private keys, to prevent access by unauthorized services, processes, or
users.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\lsass.exe
Name: RemoteRegistry
Description: Enables remote users to modify registry settings on this
computer. If this service is stopped, the registry can be modified only
by users on this computer. If this service is disabled, any services
that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k LocalService
Name: Retrospect Client
Description:
Startup Mode: Auto
Run from: C:\Program Files\Dantz\Client\Remotsvc.exe
Name: RpcSs
Description: Provides the endpoint mapper and other miscellaneous RPC
services.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost -k rpcss
Name: SamSs
Description: Stores security information for local user accounts.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\lsass.exe
Name: Schedule
Description: Enables a user to configure and schedule automated tasks on
this computer. If this service is stopped, these tasks will not be run
at their scheduled times. If this service is disabled, any services that
explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: seclogon
Description: Enables starting processes under alternate credentials. If
this service is stopped, this type of logon access will be unavailable.
If this service is disabled, any services that explicitly depend on it
will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: SENS
Description: Tracks system events such as Windows logon, network, and
power events. Notifies COM+ Event System subscribers of these events.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: ShellHWDetection
Description:
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: Spooler
Description: Loads files to memory for later printing.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\spoolsv.exe
Name: srservice
Description: Performs system restore functions. To stop service, turn
off System Restore from the System Restore tab in My Computer->Properties
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: SSDPSRV
Description: Enables discovery of UPnP devices on your home network.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k LocalService
Name: stisvc
Description: Provides image acquisition services for scanners and cameras.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k imgsvc
Name: TermService
Description: Allows multiple users to be connected interactively to a
machine as well as the display of desktops and applications to remote
computers. The underpinning of Remote Desktop (including RD for
Administrators), Fast User Switching, Remote Assistance, and Terminal
Server.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: TrkWks
Description: Maintains links between NTFS files within a computer or
across computers in a network domain.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: uploadmgr
Description: Manages synchronous and asynchronous file transfers between
clients and servers on the network. If this service is stopped,
synchronous and asynchronous file transfers between clients and servers
on the network will not occur. If this service is disabled, any services
that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: W32Time
Description: Maintains date and time synchronization on all clients and
servers in the network. If this service is stopped, date and time
synchronization will be unavailable. If this service is disabled, any
services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: WebClient
Description: Enables Windows-based programs to create, access, and
modify Internet-based files. If this service is stopped, these functions
will not be available. If this service is disabled, any services that
explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k LocalService
Name: winmgmt
Description: Provides a common interface and object model to access
management information about operating system, devices, applications and
services. If this service is stopped, most Windows-based software will
not function properly. If this service is disabled, any services that
explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: wuauserv
Description: Enables the download and installation of critical Windows
updates. If the service is disabled, the operating system can be
manually updated at the Windows Update Web site.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: WZCSVC
Description: Provides automatic configuration for the 802.11 adapters
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
THANKS!!!
Ben Rosenau
The problem: at seemingly random times, the system hangs. Something as
simple as scrolling through a file just STOPS. Waiting anywhere from
several seconds to a minute or more usually causes everything to get
back to normal, but these things happen very frequently, often during
very minor tasks with nothing else running. Trying to look at the
properties page of a disk drive involves waiting way longer than on most
systems, as I said, scrolling a file in Visual Studio or even a text
editor sometimes causes this, and any number of other operations do as
well. Sometimes the system marks the program this happens to as "not
responding", but waiting, as I said, generally restores it to normal
operation. Oddly, CPU usage does not tend to be high or go up when this
happens--it may be 3-5% and this still occurs. Memory usage on the
system seems to be a bit high (but I don't really know what it should
be, for an XP system)--with minimal applications running physical memory
available is often around 200-300 MB, out of 512. This seems like a
minor problem, but it's really driving me nuts because it happens so
often. Does anyone have any ideas? I thought about viruses (but don't
have any as near as I can tell) and excessive Spyware running (same),
very fragmented hard disks (but each gets defragged weekly), etc...
System info: I'm running XP Pro SP1 on a dual P3-800 system with 512 MB
ram, two 40GB hard disks (C:, D connected to the on-motherboard IDE
controller and a 150GB (G hard disk connected via a Promise Ultra133
TX2 IDE controller. Page files are on the D (1-2 GB) and G (1-4 GB)
drives; the OS and program executables are on the C drive.
StartupTracker info follows:
-- Registry --
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
No Items Found
-- Registry --
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
vptray C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
-- Registry --
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
No Items Found
-- Registry --
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe C:\WINDOWS\System32\ctfmon.exe
-- Registry --
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce
No Items Found
-- Start Menu - Current User --
No Items Found
-- Start Menu - All Users --
No Items Found
-- Disabled Items --
msmsgs
qttask
Acrobat Assistant
Microsoft Office
-- Registry - Shell Value - HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon --
Explorer.exe
-- Running Processes --
System Idle Process
System
smss.exe \SystemRoot\System32\smss.exe
csrss.exe
winlogon.exe winlogon.exe
services.exe C:\WINDOWS\system32\services.exe
lsass.exe C:\WINDOWS\system32\lsass.exe
svchost.exe C:\WINDOWS\system32\svchost -k rpcss
svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
spoolsv.exe C:\WINDOWS\system32\spoolsv.exe
Crypserv.exe crypserv.exe
DefWatch.exe "C:\Program Files\Symantec_Client_Security\Symantec
AntiVirus\DefWatch.exe"
Rtvscan.exe "C:\Program Files\Symantec_Client_Security\Symantec
AntiVirus\Rtvscan.exe"
RemotSvc.exe "C:\Program Files\Dantz\Client\Remotsvc.exe"
retroclient.exe "C:\Program Files\Dantz\Client\retroclient.exe"
svchost.exe C:\WINDOWS\System32\svchost.exe -k imgsvc
explorer.exe C:\WINDOWS\Explorer.EXE
VPTray.exe "C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe"
ctfmon.exe "C:\WINDOWS\System32\ctfmon.exe"
wisptis.exe "C:\WINDOWS\System32\wisptis.exe" -Embedding
taskmgr.exe taskmgr.exe
mozilla.exe "C:\Program Files\mozilla.org\Mozilla\mozilla.exe" -mail
StartupTracker3.exe "C:\Documents and Settings\Ben
Rosenau\Desktop\Utilities and
Installers\StartupTracker3\StartupTracker3.exe"
wmiprvse.exe
-- Running Services --
Name: AudioSrv
Description: Manages audio devices for Windows-based programs. If this
service is stopped, audio devices and effects will not function
properly. If this service is disabled, any services that explicitly
depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: Browser
Description: Maintains an updated list of computers on the network and
supplies this list to computers designated as browsers. If this service
is stopped, this list will not be updated or maintained. If this service
is disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: Crypkey License
Description:
Startup Mode: Auto
Run from: crypserv.exe
Name: CryptSvc
Description: Provides three management services: Catalog Database
Service, which confirms the signatures of Windows files; Protected Root
Service, which adds and removes Trusted Root Certification Authority
certificates from this computer; and Key Service, which helps enroll
this computer for certificates. If this service is stopped, these
management services will not function properly. If this service is
disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: DefWatch
Description:
Startup Mode: Auto
Run from: C:\Program Files\Symantec_Client_Security\Symantec
AntiVirus\DefWatch.exe
Name: Dhcp
Description: Manages network configuration by registering and updating
IP addresses and DNS names.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: dmserver
Description: Detects and monitors new hard disk drives and sends disk
volume information to Logical Disk Manager Administrative Service for
configuration. If this service is stopped, dynamic disk status and
configuration information may become out of date. If this service is
disabled, any services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: Dnscache
Description: Resolves and caches Domain Name System (DNS) names for this
computer. If this service is stopped, this computer will not be able to
resolve DNS names and locate Active Directory domain controllers. If
this service is disabled, any services that explicitly depend on it will
fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k NetworkService
Name: ERSvc
Description: Allows error reporting for services and applictions running
in non-standard environments.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: Eventlog
Description: Enables event log messages issued by Windows-based programs
and components to be viewed in Event Viewer. This service cannot be stopped.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\services.exe
Name: EventSystem
Description: Supports System Event Notification Service (SENS), which
provides automatic distribution of events to subscribing Component
Object Model (COM) components. If the service is stopped, SENS will
close and will not be able to provide logon and logoff notifications. If
this service is disabled, any services that explicitly depend on it will
fail to start.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: FastUserSwitchingCompatibility
Description: Provides management for applications that require
assistance in a multiple user environment.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: helpsvc
Description: Enables Help and Support Center to run on this computer. If
this service is stopped, Help and Support Center will be unavailable. If
this service is disabled, any services that explicitly depend on it will
fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: lanmanserver
Description: Supports file, print, and named-pipe sharing over the
network for this computer. If this service is stopped, these functions
will be unavailable. If this service is disabled, any services that
explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: lanmanworkstation
Description: Creates and maintains client network connections to remote
servers. If this service is stopped, these connections will be
unavailable. If this service is disabled, any services that explicitly
depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: LmHosts
Description: Enables support for NetBIOS over TCP/IP (NetBT) service and
NetBIOS name resolution.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k LocalService
Name: Messenger
Description: Transmits net send and Alerter service messages between
clients and servers. This service is not related to Windows Messenger.
If this service is stopped, Alerter messages will not be transmitted. If
this service is disabled, any services that explicitly depend on it will
fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: Netman
Description: Manages objects in the Network and Dial-Up Connections
folder, in which you can view both local area network and remote
connections.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: Nla
Description: Collects and stores network configuration and location
information, and notifies applications when this information changes.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: Norton AntiVirus Server
Description:
Startup Mode: Auto
Run from: C:\Program Files\Symantec_Client_Security\Symantec
AntiVirus\Rtvscan.exe
Name: PlugPlay
Description: Enables a computer to recognize and adapt to hardware
changes with little or no user input. Stopping or disabling this service
will result in system instability.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\services.exe
Name: PolicyAgent
Description: Manages IP security policy and starts the ISAKMP/Oakley
(IKE) and the IP security driver.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\lsass.exe
Name: ProtectedStorage
Description: Provides protected storage for sensitive data, such as
private keys, to prevent access by unauthorized services, processes, or
users.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\lsass.exe
Name: RemoteRegistry
Description: Enables remote users to modify registry settings on this
computer. If this service is stopped, the registry can be modified only
by users on this computer. If this service is disabled, any services
that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k LocalService
Name: Retrospect Client
Description:
Startup Mode: Auto
Run from: C:\Program Files\Dantz\Client\Remotsvc.exe
Name: RpcSs
Description: Provides the endpoint mapper and other miscellaneous RPC
services.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost -k rpcss
Name: SamSs
Description: Stores security information for local user accounts.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\lsass.exe
Name: Schedule
Description: Enables a user to configure and schedule automated tasks on
this computer. If this service is stopped, these tasks will not be run
at their scheduled times. If this service is disabled, any services that
explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: seclogon
Description: Enables starting processes under alternate credentials. If
this service is stopped, this type of logon access will be unavailable.
If this service is disabled, any services that explicitly depend on it
will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: SENS
Description: Tracks system events such as Windows logon, network, and
power events. Notifies COM+ Event System subscribers of these events.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: ShellHWDetection
Description:
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: Spooler
Description: Loads files to memory for later printing.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\spoolsv.exe
Name: srservice
Description: Performs system restore functions. To stop service, turn
off System Restore from the System Restore tab in My Computer->Properties
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: SSDPSRV
Description: Enables discovery of UPnP devices on your home network.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k LocalService
Name: stisvc
Description: Provides image acquisition services for scanners and cameras.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k imgsvc
Name: TermService
Description: Allows multiple users to be connected interactively to a
machine as well as the display of desktops and applications to remote
computers. The underpinning of Remote Desktop (including RD for
Administrators), Fast User Switching, Remote Assistance, and Terminal
Server.
Startup Mode: Manual
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: TrkWks
Description: Maintains links between NTFS files within a computer or
across computers in a network domain.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: uploadmgr
Description: Manages synchronous and asynchronous file transfers between
clients and servers on the network. If this service is stopped,
synchronous and asynchronous file transfers between clients and servers
on the network will not occur. If this service is disabled, any services
that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: W32Time
Description: Maintains date and time synchronization on all clients and
servers in the network. If this service is stopped, date and time
synchronization will be unavailable. If this service is disabled, any
services that explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
Name: WebClient
Description: Enables Windows-based programs to create, access, and
modify Internet-based files. If this service is stopped, these functions
will not be available. If this service is disabled, any services that
explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k LocalService
Name: winmgmt
Description: Provides a common interface and object model to access
management information about operating system, devices, applications and
services. If this service is stopped, most Windows-based software will
not function properly. If this service is disabled, any services that
explicitly depend on it will fail to start.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: wuauserv
Description: Enables the download and installation of critical Windows
updates. If the service is disabled, the operating system can be
manually updated at the Windows Update Web site.
Startup Mode: Auto
Run from: C:\WINDOWS\system32\svchost.exe -k netsvcs
Name: WZCSVC
Description: Provides automatic configuration for the 802.11 adapters
Startup Mode: Auto
Run from: C:\WINDOWS\System32\svchost.exe -k netsvcs
THANKS!!!
Ben Rosenau