Change which service that uses which svchost




I have a problem that one svchost.exe process randomly fails/crashes
upon shutdown (it seems that if I shutdown my computer rather fast
after login - in a couple of minutes - it is much more likely to

By using this command >>tasklist /svc /fi "Imagename eq
svchost.exe" I was able to see which process that was in which svchost.
After some hours of investigation and testing with the services in the
"netsvcs" svchost, I'm pretty sure that it is the Automatic Update
service ("wuauserv") that sometime causes this svchost to crash. That
is truely bad since it's needed for Windows Update (even if running
manual from the webpage), so I will need to find a solution later on
(btw, the log information that is generated at the crash really tells
nothing: "Faulting application svchost.exe, version, faulting
module unknown, version, fault address 0x00000000.").

Anyway, as a first step, I'm thinking of moving out the wuauserv
service from the netsvcs svchost (maybe also the other two services
used by Windows Update: EventLog and Background Intelligent Transfer
Service), so that if it crashes upon shutdown, it won't take all the
other services with it in the crash, atleast they can shutdown nicely

As far as I can tell the command C:\WINDOWS\system32\svchost.exe -k
netsvcs which is listed for the Automatic Update service tells that
this service should be in the "netsvcs" svchost. How can this be
altered to launch the service in a completely new svchost (it is greyed

Btw, this whole crash issue started occuring with no special reason. I
didn't install or change anything in the system. The only thing that I
can notice is that at about the same time as this came up the following
entry was in the Event Log:

Event Type: Error
Event Source: crypt32
Event Category: None
Event ID: 11
Date: 2005-02-16
Time: 10:55:06
User: N/A
Computer: HHD2
Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period
when verifying against the current system clock or the timestamp in the
signed file.

Manually downloading and opening the cab, one can see that the
certificate in it doesn't seem to be valid for some reason which I
don't understand.

I'm not really good at certificates or services, so any help on this
issue would be greatly appreciated.

Many thanks in advance,


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question