It involves a level of indirection, in that individual executable
system services hide inside those. The svchosts are not equally loaded.
The things running in them are sorted according to type. The end
result is one svchost ends up with most of them in it.
Process Explorer is 1.2MB.
http://technet.microsoft.com/en-us/sysinternals/bb896653
When you hold your mouse over each svchost, it lists the
services inside. If you do Properties on the svchost, it
will give a path to the executable used for it (not that
it matters).
If you have WinXP Pro, you can use "tasklist /svc" command.
http://i60.tinypic.com/14l7vow.gif
The SVCHOST with PID 1588 in that picture, is the one
that has all the network services. It could be that
the glitchy one is "wuauserv".
*******
I found an article with the following advice, for SVCHOST
problems. You can split out a suspected service, into its
own separate SVCHOST. To verify that it is the one
sucking cycles.
You can split it out into its own service by running:
"sc config <service> type= own"
And revert it via
"sc config <service> type= share"
In this case, we would type this in command prompt.
sc config wuauserv type= own
That puts wuauserv into its own private SVCHOST.
Then, when it sucks cycles, that SVCHOST will
be the one standing out and it's a way of confirming
that it was the one.
There is a bug in Windows Update. Even when you're
not connected to the network, the computer is
always thinking about Windows Update. It likes
to play with its to-do list and things like wuauserv
can go into a loop for half an hour (dragging the
PC to its knees). The issue had to do with Internet
Explorer and pruning the dependency tree, when
examining the packages installed on the computer.
To stop it, you install the latest "cumulative update"
for Internet Explorer. If your machine was
running Internet Explorer 6, you'd look for
the Cumulative Update for it.
"Cumulative Security Update for Internet Explorer for Windows XP (KB2936068)"
http://www.microsoft.com/en-us/download/details.aspx?id=42431
WindowsXP-KB2936068-x86-ENU.exe (4.0 MB)
If you're running some other version of
Internet Explorer, you can drill down to
it with this. There is probably a download
for every possible combo of OS and IE (five
pages worth of links).
http://www.microsoft.com/en-us/search/DownloadResults.aspx?q=KB2936068
Once a Cumulative Security update for IE is loaded,
that tends to prune the loop that wuauserv gets into.
Since there won't be any more security updates
for IE on your WinXP, that is likely the last
one you'd need to install.
So if you want, you can force wuauserv to run in a
separate svchost. Reboot the computer for the "sc config"
change to take effect. Verify in Task Manager that it
is the pig. Then, you can try the last Cumulative
Security update for IE6. (Or for some other IE like
IE8 if that is what you're using. I don't list
that one above, so you'll have to drill down.)
As usual, safety first. Set a Restore Point or do a backup,
if you think that you'll mess things up.
Paul