• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1634
  • Last Modified:

Svchost in Windows Xp

I have installed Windows XP with service pack 1 on a computer, and before connecting it to the itnernet i made all the updates possible to the anti virus and installed all the hotfixes not included in the service pack ( including the blaster fix ).
But shortly after the install, svchost is constantly putting the cpu in max charge.

How can i fix this?
1 Solution

4660 » What is the Svchost.exe process(es) in Windows XP?

In tip 2060, I explained the Svchost process in Windows 2000.

In tip 4310, you can see multiple Svchost processes in Windows XP.

%SystemRoot%\System32\Svchost.exe is a generic process name for services that run from dynamic-link libraries (DLLs). When you start Windows XP, Svchost,exe constructs multiple lists of service groupings that need to be loaded. Each instance can run at the same time. Svchost,exe groups are delineated at:


Each Value Name contains a list of included serviceDLL values, in a REG_MULTI_SZ data type. These servies are extracted from HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\<Service Short Name>.

To see the list of active services in each process, open a CMD prompt and Type:

Tasklist /SVC

The following was displayed from one of my Windows XP Professional computers:

Image Name                   PID Services
========================= ====== =============================================
System Idle Process            0 N/A
System                         4 N/A
smss.exe                     372 N/A
csrss.exe                    484 N/A
winlogon.exe                 512 N/A
services.exe                 572 Eventlog, PlugPlay
lsass.exe                    584 Netlogon, PolicyAgent, ProtectedStorage,
svchost.exe                  748 RpcSs
svchost.exe                  816 AudioSrv, Browser, CryptSvc, Dhcp, dmserver,
                                 ERSvc, EventSystem, helpsvc, lanmanserver,
                                 lanmanworkstation, Messenger, Netman, Nla,
                                 Schedule, seclogon, SENS, ShellHWDetection,
                                 srservice, TermService, Themes, TrkWks,
                                 uploadmgr, W32Time, winmgmt, WmdmPmSp,
                                 wuauserv, WZCSVC
svchost.exe                  920 Dnscache
svchost.exe                  964 Alerter, LmHosts, RemoteRegistry, SSDPSRV,
spoolsv.exe                 1048 Spooler
explorer.exe                1328 N/A
TaskSwitch.exe              1484 N/A
taskmgr.exe                 1512 N/A
point32.exe                 1536 N/A
msmsgs.exe                  1560 N/A
fastkey.exe                 1568 N/A
IEXPLORE.EXE                1580 N/A
prntscrn.exe                1596 N/A
SetiSpy.exe                 1604 N/A
setiathome-3.03.i386-winn   1676 N/A
svchost.exe                 1828 stisvc
UdServe.exe                 1852 UndeleteService
Fast.exe                    1984 InteractiveLogon
dllhost.exe                 1224 COMSysApp
msdtc.exe                   1208 MSDTC
wmiprvse.exe                3056 N/A
cmd.exe                     3428 N/A
tasklist.exe                3460 N/A
The matching registry entries are:
Key Name:          SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost
  Name:            imgsvc
  Type:            REG_MULTI_SZ
  Data:            StiSvc
  Name:            LocalService
  Type:            REG_MULTI_SZ
  Data:            Alerter
  Name:            netsvcs
  Type:            REG_MULTI_SZ
  Data:            6to4
  Name:            NetworkService
  Type:            REG_MULTI_SZ
  Data:            DnsCache
  Name:            rpcss
  Type:            REG_MULTI_SZ
  Data:            RpcSs
  Name:            termsvcs
  Type:            REG_MULTI_SZ
  Data:            TermService
Try disabling unneeded services:

You can also try the following method to eliminate items from startup:
  Click Start->Run->MSCONFIG

  In the Startup tab, start out by disabling everything you're unfamiliar with (or everything if you're unsure).
  Optionally, you can also disable non-Microsoft services from the Services tab.
  If the problem no longer exists after a reboot, then you can narrow it down as one of the items in your
  startup.  To permanently remove these item(s), proceed as follows...

  Click Start->Run->Regedit
  *Be careful when editing the registry as an accidental deletion can render your system inoperable.
  First navigate to the following key in the registry:
   *You might also find RunOnce, RunOnceEx, RunServices, RunServiceOnce or any of these with a trailing dash (-)

  Once found, click File, Export to save a copy of the key before you delete any items (if necessary).
  After the file has been saved, delete items as needed from the right pane.
  Now find the next startup key:
   *You might also find RunOnce, RunServices, RunServiceOnce or any of these with a trailing dash (-)
  Follow the previous procedures to export a copy before deleting items from the right pane.
You have the Coolwebsearch hijacker I think.
Go to this page http://www.spywareinfo.com/~merijn/downloads.html and download CWshredder
Read that page for further info on that. Say's to run HijackThis afterward's.
Direct Link:
Get that and run it to remove it.
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

VanAlexAuthor Commented:
I checked the running processes and there is nothing abnormal, neither on the registry. I also ran the CWshredder but the problem still remains.
Paste in RUN     eventvwr.exe
On each App, Security, System right click and select Clear all events - Don't save
Reboot and when it starts acting up again go to Event viewer and see what Service or error is causing problems.

If you have Visioneer USB Scanner - http://support.microsoft.com/default.aspx?scid=kb;en-us;303777

You can put services.msc in RUN and thats the service panel to disable any of the below.

Here are a list of other peoples cure to their problem.
1. Run services.msc, and stop 'rip listener'. Change the startup to manual.
2. SSDP Discovery Service was hogging the CPU. It seems this service will stop and start continuously. This defaults to Manual... so i just disabled it.... and what do you know.. no more CPU problems.
3. SSDP UPnP Discovery Service
4. Cpucool installation was occupying all my cpu
5. With a bit of trail and error i found that it was the fax service that was causeing the trouble
6. HOSTS file. Either one of the entries was the culprit or the file itself was corrupt.
7. SVCHOST has a memory leak that causes a linked list of services that should be running to grow continuously. The problem arises when SVChost tries to start a service and can't. It carries on almost forever and eats memory and CPU. In my case the problem service was the SSPD service (Universal Plug and Play), and disabling it fixed my problem. Check the system event log for services being stopped and started over frequently. Another possible cause of a problem of this type is downloading a big hosts file to block ads. This causes DNS client to eat all the CPU whenever the hosts file is referred to. See the post below.
8. checked the Event Log and SSPD Discovery Services was being stopped and started over and over and over...... so I disabled it.
9. s3serv.exe - http://www.tbreak.com/forums/showthread.php?s=3e28390bb6a5d61b4c291fb07bb33c38&p=223331#post223331

Two of the things pointed to HOSTS file located in C:\Windows\System32\Drivers\etc
The normal file is only 734 bytes. One entry in it could be causing the bad things. Did you add entries to this?
Heres the normal file.
# Copyright (c) 1993-1999 Microsoft Corp.
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
# For example:
#     rhino.acme.com          # source server
#     x.acme.com              # x client host       localhost


Need Any help with any of the above - Reply

VanAlexAuthor Commented:
I believe Veegertx got the right awnser, I reinstalled the system and I didn't have the problem again because I still have not placed the original Hosts file with one I have to block ads that is over 1 MB.

Even though I haven't tested it , I'm pretty sure that is it because this was the only PC in the network that was using it.
I noticed it blocked some msft sites, that can explain why it would mess the system when I opened Outlook.

THanks man, sorry for the delay, way too much work.
Thanks and
Glad you enlightened us to this also. I've used those really large HOST files before and I remember problem's but not exactly like you had. Perhap's a firewall may be better with a limited HOST file.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now