how to find out what is running

J

John John

Download Process Explorer from Microsoft's web site. Or run tasklist
against svchost ( tasklist /svc ) to obtain the PID's then run tasklist
again againt the PID. Run Tasklist form the Command Prompt. For help
on tasklist do tasklist /?

http://support.microsoft.com/kb/314056

John
 
G

GS

I noticed on the security log of access denied for PID 200 listening to
external traffic

The process is listed as svchost.exe. how do go about what is running it?


Event Type: Failure Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 861
Date: 2007-03-15
Time: 08:18:24
User: NT AUTHORITY\SYSTEM
Computer: MyPC
Description:
The Windows Firewall has detected an application listening for incoming
traffic.

Name: -
Path: C:\WINDOWS\system32\svchost.exe
Process identifier: 200
User account: SYSTEM
User domain: NT AUTHORITY
Service: Yes
RPC server: No
IP version: IPv4
IP protocol: UDP
Port number: 6689
Allowed: No
User notified: No

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
 
G

GS

thank you, I went through the list for the offending PID of 200, they all
are Microsoft dll. so I am still puzzled which on is and why is trying to
listen to incoming tp/ip connectiona ndn the xp rpo system stopped it.
xpsp2res.dll has a myriad of variation under different mui sub-folder

ntdll.dll kernel32.dll ADVAPI32.dll
RPCRT4.dll ShimEng.dll AcGenral.DLL
USER32.dll GDI32.dll WINMM.dll ole32.dll
msvcrt.dll OLEAUT32.dll MSACM32.dll
VERSION.dll SHELL32.dll SHLWAPI.dll
USERENV.dll UxTheme.dll comctl32.dll
comctl32.dll NTMARTA.DLL WLDAP32.dll
SAMLIB.dll
xpsp2res.dll
shsvcs.dll
WINSTA.dll NETAPI32.dll dhcpcsvc.dll
DNSAPI.dll WS2_32.dll WS2HELP.dll
iphlpapi.dll Secur32.dll rsaenh.dll
CLBCATQ.DLL COMRes.dll schedsvc.dll
NTDSAPI.dll IMAGEHLP.dll WTSAPI32.dll
SETUPAPI.dll WINTRUST.dll CRYPT32.dll
MSASN1.dll msv1_0.dll MSIDLE.DLL
audiosrv.dll wkssvc.dll cryptsvc.dll
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

svchost puzzle 6
what process is svchost.exe associated with 2
Tasklist versus Tlist 1
svchost.exe 2
tasklist /svc doesn't work for me on XP! to aid in Trojan identification 5
Web Server on XP 1
Generic Host Process for Win32 Services Error 7
Help to fix SLOW WinXP bootup 27

Top