Finding which service using SVCHOSTS

  • Thread starter Thread starter DarkPhoenix
  • Start date Start date
D

DarkPhoenix

When I first log into an old computer, there is a SVCHOSTS process
that runs for an hour at about 99 CPU. I wish to track down the
service that created it to see if I could disable it without any
problems. I have use Task Manager to end the process with no ill
affects, and so I believe that if there was a way I could find out
which service it is, I could disable it. I tried downloading and
installing more powerful versions of Task Manager to see if I could
find out where the process comes from, but I could not find one that
will do that. Does anyone have any suggestions on how I can trace the
svchosts process back to its service, or at least to the file that
created it?

Philip
 
When I first log into an old computer, there is a SVCHOSTS process
that runs for an hour at about 99 CPU. I wish to track down the
service that created it to see if I could disable it without any
problems. I have use Task Manager to end the process with no ill
affects, and so I believe that if there was a way I could find out
which service it is, I could disable it. I tried downloading and
installing more powerful versions of Task Manager to see if I
could find out where the process comes from, but I could not find
one that will do that. Does anyone have any suggestions on how I
can trace the svchosts process back to its service, or at least to
the file that created it?

Philip
Click to expand...

Get [freeware] Process Explorer.
When you hover your cursor over the svchosts that is causing your
problem, it will show which services that it supports.

<http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/ProcessExplorer.mspx>

HTH,
John
 
From Ramesh's web site: http://windowsxp.mvps.org/svchost.htm
Also: http://support.microsoft.com/?kbid=314056

To find out more about Svchost.exe entries try Process Explorer:
http://www.microsoft.com/technet/sysinternals/SystemInformation/ProcessExplorer.mspx

Once you have Process Explorer installed and running:
In the taskbar select View and check 'Show Process Tree' and 'Show Lower
Pane' options.
(This will provide the detailed info you need)
Next click/Expand the Svchost.exe process that you are interested in.
Then highlight one of the process listed under Svchost, right click and from
the options listed select: Search Online
This should display what out there on the web about that process.

Another tool to try is: What's Running
http://www.whatsrunning.net/whatsrunning/main.aspx

JS
 
Try Start > Run > services.msc and then read the list of services to see
which invoke svchosts - then individually turn them off one at a time,
reboot, and see what happens. Highlight each item, right-clock, select
properties and read the 'Path to executable' to determine what is being
invoked. Just make sure you read the description to avoid turning off
something required.
 
DarkPhoenix said:
When I first log into an old computer, there is a SVCHOSTS process
that runs for an hour at about 99 CPU. I wish to track down the
service that created it to see if I could disable it without any
problems. I have use Task Manager to end the process with no ill
affects, and so I believe that if there was a way I could find out
which service it is, I could disable it. I tried downloading and
installing more powerful versions of Task Manager to see if I could
find out where the process comes from, but I could not find one that
will do that. Does anyone have any suggestions on how I can trace the
svchosts process back to its service, or at least to the file that
created it?
Click to expand...

A likely candidate is automatic updates. Search in this newsgroup for posts
about svchost.exe, there are quite a few recently. Google Groups Advanced
Search is a good tool for searching newsgroups for posts. This newsgroup is
microsoft.public.windowsxp.general.

http://groups.google.com/advanced_search?q=&ie=UTF-8&oe=UTF-8&hl=en
 
Hi DarkPhoenix - You are probably seeing a well known Windows Update problem
for which a fix was recently released:


The newly released 'standalone' version of Windows Update Agent 3.0, v.
7.0.6000.374, for 32 bit machines is available here:
http://download.windowsupdate.com/v7/windowsupdate/redist/standalone/WindowsUpdateAgent30-x86.exe

You will also need to install or re-install KB927891, here:
http://support.microsoft.com/?kbid=927891 for a complete fix.


For those using Windows Server - Courtesy of Bobby Harter, Program Manager,
WSUS, Microsoft, WSUS 3.0 was released on April 30th and is avaialble now on
the Microsoft Download Center. Full information, documentation, samples and
links to the bits can be found here: http://www.microsoft.com/wsus. WSUS
3.0 RC will be supported until May 31st 2007 - WSUS 3.0 supports upgrade of
WSUS 2.0 SP1 and WSUS 3.0 RC.

The MS WSUS team believes that this solves all three 'svchost' problems that
folks have been experiencing. See here:
http://blogs.technet.com/wsus/archive/2007/04/28/update-on.aspx

Note that you may still see high svchost usage, but with these new
components the machine should, however, remain responsive:

From a posting by Sudheer GN of Microsoft -

"Hi,
The biggest difference in WSUS 3.0 client (wrt performance) is that the
machines will still be responsive when WU client scans for updates. There
are also some optimization to reduce the number of update evaluations and
that will reduce the scan time in some scenarios.
It is still expected that CPU usage will be high so that the scan can
complete in lesser amount of time. But other applications can be launched
and used (they will still be a little sluggish because CPU is being shared
with WU client)

--
Sudheer GN
Microsoft, WU Client

This posting is provided "As Is" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm"





--
Regards, Jim Byrd,
My Blog, Defending Your Machine,
http://defendingyourmachine2.blogspot.com/



In DarkPhoenix <[email protected]> typed:
|| When I first log into an old computer, there is a SVCHOSTS process
|| that runs for an hour at about 99 CPU. I wish to track down the
|| service that created it to see if I could disable it without any
|| problems. I have use Task Manager to end the process with no ill
|| affects, and so I believe that if there was a way I could find out
|| which service it is, I could disable it. I tried downloading and
|| installing more powerful versions of Task Manager to see if I could
|| find out where the process comes from, but I could not find one that
|| will do that. Does anyone have any suggestions on how I can trace
|| the svchosts process back to its service, or at least to the file
|| that created it?
||
|| Philip
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

svchost 100% cpu and network connections service 1
Why is the svchost 100% CPU use Bug Not Being Fixed By Microsoft? 2
svchost process spike cpu 100 % 2
memory in svchost.exe 5
Svchost - Round 2 3
svchost problem 4
SVCHOST file running 99% 7
Question about svchost 3

Back
Top