SVCHOST is consuming cpu utilization!
SVCHOST is consuming cpu utilization!
How do I see which service under the Image Name of svchost.exe is causing the problem and how do I stop that individual service ?
Just killing the svchost.exe PID that is using the CPU affects a number of services that are needed.
This is on Windows XP with SP2.
Here is part of the tasklist detail:
C:\Program Files\Windows Resource Kits\Tools>tasklist /svc
Image Name PID Services
========================= ====== ==========================
System Idle Process 0 N/A
System 4 N/A
smss.exe 472 N/A
csrss.exe 976 N/A
winlogon.exe 1004 N/A
services.exe 1048 Eventlog, PlugPlay
lsass.exe 1060 PolicyAgent, ProtectedStorage, SamSs
ati2evxx.exe 1224 Ati HotKey Poller
svchost.exe 1236 DcomLaunch, TermService
svchost.exe 1332 RpcSs
MsMpEng.exe 1524 WinDefend
svchost.exe 1576 AudioSrv, BITS, Browser, CryptSvc, Dhcp,
dmserver, ERSvc, EventSystem, helpsvc,
lanmanserver, lanmanworkstation, Netman,
Nla, RasMan, Schedule, seclogon, SENS,
SharedAccess, ShellHWDetection, srservice,
TapiSrv, Themes, TrkWks, W32Time, winmgmt,
wscsvc, wuauserv
svchost.exe 1616 Dnscache
svchost.exe 1844 LmHosts, RemoteRegistry, SSDPSRV, upnphost,
WebClient
Here is the PSTAT output but just with the offending service:
pid:628 pri: 8 Hnd: 1870 Pf:63823505 Ws: 24144K svchost.exe
tid pri Ctx Swtch StrtAddr User Time Kernel Time State
62c 9 384 7C810665 0:00:00.000 0:00:00.000 Wait:Executive
630 9 1607 7C810659 0:00:00.015 0:00:00.015 Wait:LpcReceive
634 8 680 7C810659 0:00:00.000 0:00:00.000 Wait:DelayExecution
64c 8 27 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
680 9 2372 7C810659 0:00:00.187 0:00:03.765 Wait:UserRequest
694 8 5 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
698 8 72 7C810659 0:00:00.000 0:00:00.000 Wait:LpcReceive
b4 8 260 7C810659 0:00:00.015 0:00:00.000 Wait:UserRequest
c4 8 300 7C810659 0:00:00.015 0:00:00.015 Wait:UserRequest
d0 8 889 7C810659 0:00:00.015 0:00:00.031 Wait:EventPairLow
d4 10 140 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
dc 8 140 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
110 8 2791 7C810659 0:00:00.796 0:00:01.015 Wait:UserRequest
128 8 107 7C810659 0:00:00.000 0:00:00.000 Wait:DelayExecution
13c 8 1412 7C810659 0:00:00.203 0:00:00.156 Wait:EventPairLow
16c 10 122 7C810659 0:00:00.015 0:00:00.000 Wait:UserRequest
178 8 400 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
17c 8 15 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
184 9 18 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
19c 8 139 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
208 10 5120 7C810659 0:00:00.343 0:00:00.281 Wait:LpcReceive
254 11 25 7C810659 0:00:00.000 0:00:00.000 Wait:LpcReceive
558 10 32 7C810659 0:00:00.000 0:00:00.000 Wait:LpcReceive
55c 9 3 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
56c 8 216 7C810659 0:00:00.000 0:00:00.046 Wait:UserRequest
578 15 12 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
6b0 9 571 7C810659 0:00:00.062 0:00:00.015 Wait:UserRequest
cc 9 253 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
160 8 328 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
288 8 1258 7C810659 0:00:00.218 0:00:00.171 Wait:EventPairLow
2e8 9 3134 7C810659 0:00:00.000 0:00:00.140 Wait:UserRequest
370 9 44 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
80 9 5 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
49c 9 5 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
6fc 9 64 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
5e0 8 99 7C810659 0:00:00.000 0:00:00.078 Wait:UserRequest
8e0 10 80 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
930 9 18 7C810659 0:00:00.000 0:00:00.015 Wait:UserRequest
a58 8 577 7C810659 0:00:00.000 0:00:00.015 Wait:UserRequest
a6c 8 4 7C810659 0:00:00.000 0:00:00.000 Wait:LpcReply
ad8 9 102 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
ae0 8 299 7C810659 0:00:00.015 0:00:00.000 Wait:EventPairLow
b38 8 1494 7C810659 0:00:00.031 0:00:00.078 Wait:LpcReceive
b48 10 109 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
b64 9 109284 7C810659 0:00:07.484 0:00:05.500 Wait:LpcReceive
b68 9 1 7C810659 0:00:00.000 0:00:00.000 Wait:DelayExecution
b70 10 69 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
bec 8 1 7C810659 0:00:00.000 0:00:00.000 Wait:EventPairLow
bf0 9 3 7C810659 0:00:00.000 0:00:00.000 Wait:EventPairLow
c00 9 2 7C810659 0:00:00.000 0:00:00.000 Wait:EventPairLow
c2c 10 58 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
c4c 8 1 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
cec 8 17 7C810659 0:00:00.000 0:00:00.015 Wait:UserRequest
e1c 8 9049 7C810659 0:00:00.156 0:00:00.015 Wait:LpcReceive
e20 8 852 7C810659 0:00:00.015 0:00:00.000 Wait:EventPairLow
e28 9 5839 7C810659 0:00:00.421 0:00:00.234 Wait:LpcReceive
e58 9 9078 7C810659 0:00:00.093 0:00:00.062 Wait:LpcReceive
eb8 8 9043 7C810659 0:00:00.125 0:00:00.078 Wait:LpcReceive
f58 8 49 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
f0 9 91 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
f74 9 43812 7C810659 0:00:02.421 0:00:02.015 Wait:LpcReceive
f78 8 1156415 7C810659 0:25:58.062 0:09:26.828 Wait:UserRequest
1fc 8 138 7C810659 0:00:00.000 0:00:00.000 Wait:LpcReceive
1074 9 2406 7C810659 0:00:00.218 0:00:00.187 Wait:LpcReceive
17e0 9 149899 7C810659 0:00:09.843 0:00:07.562 Wait:DelayExecution
17d4 9 19833 7C810659 0:00:01.421 0:00:01.015 Wait:LpcReceive
718 8 9625 7C810659 0:00:00.375 0:00:00.390 Wait:LpcReceive
13ac 9 62412 7C810659 0:00:03.640 0:00:03.656 Wait:LpcReceive
17bc 8 49819 7C810659 0:00:03.578 0:00:02.812 Wait:LpcReceive
1248 9 12673 7C810659 0:00:00.671 0:00:00.703 Wait:DelayExecution
ee4 8 15753 7C810659 0:00:00.859 0:00:00.796 Ready
How do I see which service under the Image Name of svchost.exe is causing the problem and how do I stop that individual service ?
Just killing the svchost.exe PID that is using the CPU affects a number of services that are needed.
This is on Windows XP with SP2.
Here is part of the tasklist detail:
C:\Program Files\Windows Resource Kits\Tools>tasklist /svc
Image Name PID Services
========================= ====== ==========================
System Idle Process 0 N/A
System 4 N/A
smss.exe 472 N/A
csrss.exe 976 N/A
winlogon.exe 1004 N/A
services.exe 1048 Eventlog, PlugPlay
lsass.exe 1060 PolicyAgent, ProtectedStorage, SamSs
ati2evxx.exe 1224 Ati HotKey Poller
svchost.exe 1236 DcomLaunch, TermService
svchost.exe 1332 RpcSs
MsMpEng.exe 1524 WinDefend
svchost.exe 1576 AudioSrv, BITS, Browser, CryptSvc, Dhcp,
dmserver, ERSvc, EventSystem, helpsvc,
lanmanserver, lanmanworkstation, Netman,
Nla, RasMan, Schedule, seclogon, SENS,
SharedAccess, ShellHWDetection, srservice,
TapiSrv, Themes, TrkWks, W32Time, winmgmt,
wscsvc, wuauserv
svchost.exe 1616 Dnscache
svchost.exe 1844 LmHosts, RemoteRegistry, SSDPSRV, upnphost,
WebClient
Here is the PSTAT output but just with the offending service:
pid:628 pri: 8 Hnd: 1870 Pf:63823505 Ws: 24144K svchost.exe
tid pri Ctx Swtch StrtAddr User Time Kernel Time State
62c 9 384 7C810665 0:00:00.000 0:00:00.000 Wait:Executive
630 9 1607 7C810659 0:00:00.015 0:00:00.015 Wait:LpcReceive
634 8 680 7C810659 0:00:00.000 0:00:00.000 Wait:DelayExecution
64c 8 27 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
680 9 2372 7C810659 0:00:00.187 0:00:03.765 Wait:UserRequest
694 8 5 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
698 8 72 7C810659 0:00:00.000 0:00:00.000 Wait:LpcReceive
b4 8 260 7C810659 0:00:00.015 0:00:00.000 Wait:UserRequest
c4 8 300 7C810659 0:00:00.015 0:00:00.015 Wait:UserRequest
d0 8 889 7C810659 0:00:00.015 0:00:00.031 Wait:EventPairLow
d4 10 140 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
dc 8 140 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
110 8 2791 7C810659 0:00:00.796 0:00:01.015 Wait:UserRequest
128 8 107 7C810659 0:00:00.000 0:00:00.000 Wait:DelayExecution
13c 8 1412 7C810659 0:00:00.203 0:00:00.156 Wait:EventPairLow
16c 10 122 7C810659 0:00:00.015 0:00:00.000 Wait:UserRequest
178 8 400 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
17c 8 15 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
184 9 18 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
19c 8 139 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
208 10 5120 7C810659 0:00:00.343 0:00:00.281 Wait:LpcReceive
254 11 25 7C810659 0:00:00.000 0:00:00.000 Wait:LpcReceive
558 10 32 7C810659 0:00:00.000 0:00:00.000 Wait:LpcReceive
55c 9 3 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
56c 8 216 7C810659 0:00:00.000 0:00:00.046 Wait:UserRequest
578 15 12 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
6b0 9 571 7C810659 0:00:00.062 0:00:00.015 Wait:UserRequest
cc 9 253 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
160 8 328 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
288 8 1258 7C810659 0:00:00.218 0:00:00.171 Wait:EventPairLow
2e8 9 3134 7C810659 0:00:00.000 0:00:00.140 Wait:UserRequest
370 9 44 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
80 9 5 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
49c 9 5 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
6fc 9 64 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
5e0 8 99 7C810659 0:00:00.000 0:00:00.078 Wait:UserRequest
8e0 10 80 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
930 9 18 7C810659 0:00:00.000 0:00:00.015 Wait:UserRequest
a58 8 577 7C810659 0:00:00.000 0:00:00.015 Wait:UserRequest
a6c 8 4 7C810659 0:00:00.000 0:00:00.000 Wait:LpcReply
ad8 9 102 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
ae0 8 299 7C810659 0:00:00.015 0:00:00.000 Wait:EventPairLow
b38 8 1494 7C810659 0:00:00.031 0:00:00.078 Wait:LpcReceive
b48 10 109 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
b64 9 109284 7C810659 0:00:07.484 0:00:05.500 Wait:LpcReceive
b68 9 1 7C810659 0:00:00.000 0:00:00.000 Wait:DelayExecution
b70 10 69 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
bec 8 1 7C810659 0:00:00.000 0:00:00.000 Wait:EventPairLow
bf0 9 3 7C810659 0:00:00.000 0:00:00.000 Wait:EventPairLow
c00 9 2 7C810659 0:00:00.000 0:00:00.000 Wait:EventPairLow
c2c 10 58 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
c4c 8 1 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
cec 8 17 7C810659 0:00:00.000 0:00:00.015 Wait:UserRequest
e1c 8 9049 7C810659 0:00:00.156 0:00:00.015 Wait:LpcReceive
e20 8 852 7C810659 0:00:00.015 0:00:00.000 Wait:EventPairLow
e28 9 5839 7C810659 0:00:00.421 0:00:00.234 Wait:LpcReceive
e58 9 9078 7C810659 0:00:00.093 0:00:00.062 Wait:LpcReceive
eb8 8 9043 7C810659 0:00:00.125 0:00:00.078 Wait:LpcReceive
f58 8 49 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
f0 9 91 7C810659 0:00:00.000 0:00:00.000 Wait:UserRequest
f74 9 43812 7C810659 0:00:02.421 0:00:02.015 Wait:LpcReceive
f78 8 1156415 7C810659 0:25:58.062 0:09:26.828 Wait:UserRequest
1fc 8 138 7C810659 0:00:00.000 0:00:00.000 Wait:LpcReceive
1074 9 2406 7C810659 0:00:00.218 0:00:00.187 Wait:LpcReceive
17e0 9 149899 7C810659 0:00:09.843 0:00:07.562 Wait:DelayExecution
17d4 9 19833 7C810659 0:00:01.421 0:00:01.015 Wait:LpcReceive
718 8 9625 7C810659 0:00:00.375 0:00:00.390 Wait:LpcReceive
13ac 9 62412 7C810659 0:00:03.640 0:00:03.656 Wait:LpcReceive
17bc 8 49819 7C810659 0:00:03.578 0:00:02.812 Wait:LpcReceive
1248 9 12673 7C810659 0:00:00.671 0:00:00.703 Wait:DelayExecution
ee4 8 15753 7C810659 0:00:00.859 0:00:00.796 Ready
Process Explorer (http://www.sysinternals.com/Utilities/ProcessExplorer.html) might help you find out what is causing your svchost to run so run so much.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The above link takes you to:
http://www.microsoft.com/technet/sysinternals/Utilities/ProcessExplorer.html
Which is a Microsoft page with all sorts of info...so what now?
http://www.microsoft.com/technet/sysinternals/Utilities/ProcessExplorer.html
Which is a Microsoft page with all sorts of info...so what now?
Oops, sorry, MS changed the links on us. Here are the correct links:
Process Explorer: http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/ProcessExplorer.mspx
Rootkit Revealer: http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx
Process Explorer: http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/ProcessExplorer.mspx
Rootkit Revealer: http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx
ASKER
r-k,
I was about to rebuild the laptop, was really getting desperate. Biggest problem was, this laptop was my wife's. I had given away her old Sony laptop and given her my newer Fujitsu-Siemens Laptop. Ever since then, we have been having this problem.
I had installed AntiSpywareBOT, REGCLEAN and also MS Windows Defender. They all found problems which they resolved, but my problem persisted.
I had tried everything and didn't try your advice on a possibly corrupt user profile - until tis afternoon. I mean, how can that affect the system so badly ?
Well guess what, it did. All I had to do was:
... log off as WIFE
... logon as ME
.......problem wasn't there anymore
... logoff as ME
...logon as WIFE....VOILA!!!
Thanks for your help..
...
I was about to rebuild the laptop, was really getting desperate. Biggest problem was, this laptop was my wife's. I had given away her old Sony laptop and given her my newer Fujitsu-Siemens Laptop. Ever since then, we have been having this problem.
I had installed AntiSpywareBOT, REGCLEAN and also MS Windows Defender. They all found problems which they resolved, but my problem persisted.
I had tried everything and didn't try your advice on a possibly corrupt user profile - until tis afternoon. I mean, how can that affect the system so badly ?
Well guess what, it did. All I had to do was:
... log off as WIFE
... logon as ME
.......problem wasn't there anymore
... logoff as ME
...logon as WIFE....VOILA!!!
Thanks for your help..
...
Great to hear that. Thanks and good luck.