Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What is SVCHOST doing


  • Please log in to reply
8 replies to this topic

#1 JJ2K

JJ2K

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 14 March 2009 - 05:17 PM

OK I know there are many instances of SVCHOST but can I see what each one is linked to, because when I start up my P.C it crunches away for a while, gives me a headache.

I press ctrl alt del and sort processes by mem usage, and svchost is at the top using about 30K and explorer.exe so it's got to be one of them?

So can I find out what an instance SVCHOST.exe is doing
and should explorer.exe be high in mem usage?

BC AdBot (Login to Remove)

 


#2 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:12:22 AM

Posted 14 March 2009 - 05:53 PM

svchost.exe loads a single or a group of services at Windows startup. Each instance of svchost.exe loads one or more services.

Open command prompt window by StartMenu -> Run and entering cmd.

If you are running Windows XP Professional, in the command prompt, type tasklist /svc

You will get a list of each process running services. You can see which services each instance of svchost.exe is loading some services.

Alternately you can download ProcessExplorer from http://technet.microsoft.com/en-us/sysinternals/default.aspx.

When you run it, you can see how much CPU each process is comsuming. More CPU consumption, more slow computer (except System Idle Process). You can right click on each svchost.exe instance and select Properties. Select Services and you can see what services are loaded by that instance.

#3 JJ2K

JJ2K
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 14 March 2009 - 07:30 PM

Thanks,

I've managed to remove all but my firewall from "Startup" in msconfig,, and have also deleted the so-called "windows search 4.0" which has annnoyed me ever since I installed it. but the problem still persists.

Is there something which could leave a log on what is running at startup? Unfortunatly I have XP Home, so the tasklist /svc will not work. Although i'm going to check out Process Manager now.

#4 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,574 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:01:22 AM

Posted 14 March 2009 - 07:40 PM

ProcessExplorer is the best. Click on each instance and it'll show what service it's running.

To see what runs at startup you can use AutoRuns
http://technet.microsoft.com/en-us/sysinte...s/bb963902.aspx
and/or HijackThis
http://majorgeeks.com/download3155.html

To see what startups and what services you can disable and make the computer work as it should, see this site
http://www.blackviper.com/

tasklist /svc will not work - correct in Home XP.

Edited by tos226, 14 March 2009 - 07:42 PM.


#5 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,539 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:10:22 PM

Posted 14 March 2009 - 09:49 PM

Take a look here: How to determine what services are running under a SVCHOST.EXE process

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#6 JJ2K

JJ2K
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 15 March 2009 - 08:26 AM

Thanks Romeo, tos and Animal,

I've checked out both Process Explorer and AutoRuns, very good programs.

Basically when the P.C is starting up it crunches loudly, for about a couple of minutes, when there is nothing going on. During this time Process Explorer and Task Manager show basically 99 CPU for System Idle Process. Task Manager also shows explorer.exe or svchost.exe at the top of Mem Usage, but Process Explorer does not show this(Mem Usage) data, so I cannot see which svchost it is relating to?

So is Mem Usage what causes the crunching, or the CPU figure?

If it's the CPU figure then what is System Idle Process doing?

I'm going to trim down some more at startup, then if that doesn't do it it could be one of the services I disabled after reading the Black Viper guide, so i'll re-enable them and see if it makes a difference!

Edited by JJ2K, 15 March 2009 - 08:28 AM.


#7 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:12:22 AM

Posted 15 March 2009 - 10:14 AM

System Idle Process is in Windows sends a series of HLT instructions to CPU to stop processes which are complete or not needed anymore. It saves power and keeps CPU unused and cool.

System Idle Process in other words means that CPU is idle i.e. doing nothing. If your system is completely idle (doing nothing) System Idle Process would show 100%. So if System Idle Process shows 99%, your CPU usage is only 1% which is good.

#8 JJ2K

JJ2K
  • Topic Starter

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 17 March 2009 - 10:40 AM

OK well I removed pretty much everything from starting up, and as usual the last program to be removed was the offending program.

In my case it was cmdagent.exe, the service for the comodo firewall.

Anyways i've performed a reinstall of this program and it seems to be working better. What was strange is that in Process Explorer, and Task Manager it didn't show cmdagent.exe as using a lot of CPU or MEM Usage, yet it was causing the crunching, because it stopped when I disabled this.

So maybe these programs (taskman + process explorer) don't show things as clearly as they are actually happening?

I'm glad this problem happened anyhow, as it's enabled me to remove a whole load of rubbish I had at startup, poor programs they weren't even the cause of the problem and still got removed :thumbsup:

#9 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,574 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:01:22 AM

Posted 18 March 2009 - 06:46 PM

When you right click on the headings, Process Explorer gives you an option to pick more columns than you're likely seeing at this point.
When you click on any process and review its Properties, there are several tabs which show exactly what runs at the moment.
When you click View and System information, you can view pictures (it'll bump up your CPU usage for a bit so graphs display) and then when you hover over the graphs you can see who done what :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users