Runaway svchost.exe process

opk

Junior Member
Oct 29, 2002
19
0
0
I've got a problem where one of my scvhost.exe (user-system) processes takes up so many resources it causes my system to bog. I ran "> tasklist /svc" and figured out that it's the svchost instance running all these services:
----------------------------
AudioSrv, BITS, Browser, CryptSvc, Dhcp,
dmserver, ERSvc, EventSystem,
FastUserSwitchingCompatibility, helpsvc,
HidServ, Iprip, lanmanserver,
lanmanworkstation, Messenger, Netman, Nla,
RasAuto, RasMan, Schedule, seclogon, SENS,
ShellHWDetection, srservice, TapiSrv,
TermService, Themes, TrkWks, uploadmgr,
W32Time, winmgmt, WmdmPmSp, wuauserv, WZCSVC
----------------------------
Unfortunately, that's the big one. I was hoping it'd be the one running Dnscache or something that'd give me an idea on how to proced. I'm not sure what most of those services do, but i can't immeadiately see any problems.

This happens about once every 48 hours or so. The machine is always on. Specs:
Thunderbird 1100, 512 Mushkin PC 133, Geforce2 Pro AGP & ATI All-In-Wonder 128 PCI, Abit KT7-RAID MoBo, SoundBlaster Live Value.

The process will suck up up to 60% or so of CPU time. It only wants 20 MB or so of memory, and it is sometimes associated with the cisvc.exe process bogging too.

Is this a 'feature' in windows, am i doing something wrong? please help.

 

LiLithTecH

Diamond Member
Jul 28, 2002
3,105
0
0
AudioSrv= Windows Audio
(required with audio card installed)

BITS= Background Intelligent Transfer Service
(should be disabled or set to manual)

Browser= Computer Browser
(not required if only single computer-disable)

CryptSvc= Crytographic Services
(confirms digitally signed driver's and Windows file signatures)

Dhcp= DHCP Client
(required)

dmserver= Logical Disk Manager
(required when running Dynamic logical disks)

ERSvc= Error Reporting Service
(sends report to Microsoft -disable)

EventSystem= COM+ Event System
(required for System Event Notification,

FastUserSwitchingCompatibility= Fast User Switching Compatibility
(disable if only one user)

helpsvc= Help and Support
(required for Microsoft?s online help documents - disable. Will auto-enable when required)

HidServ= Human Interface Device Access
(required for scanners with function buttons (fax, copy) or keyboards with volume/play controls)

Iprip= IPRIP Listener Tool
(normally not installed, most likely from your ISP)

lanmanserver= Server
(can be disabled if you are not sharing local printer)

lanmanworkstation= Workstation
(required for file sharing)

Messenger= Messenger
(not required for home pc - disable)

Netman= Network Connections
(required for managing network)

Nla= Network Location Awareness
(required for ICS, otherwise disable)

RasAuto= Remote Access Auto Connection Manager
(required for Dial-up, some DSL/cable ISP's)

RasMan= Remote Access Connection Manager
(required for ICS, Dial-up, some DSL/Cable ISP's)

Schedule= Task Scheduler
(disable if not used for maintenance - Backups, Auto Updates etc.)

seclogon= Secondary logon
(enables starting processes under alternate credentials - not really required)

SENS= System Event Notification
(required for system event debugging)

ShellHWDetection= Shell Hardware Detection
(used for autoplay devices)

srservice= System Restore Service
(huge resource hog - required if you wish to have a restore point)

TapiSrv= Telephony
(should be set to manual)

TermService= Terminal Services
(disable if not used or set to manual-required for Fast User Switching)

Themes= Themes
(disable if not using desktop themes)

TrkWks= Distributed Link Tracking Client
(maintains links with NTFS files within your computer or across a domain - mostly not used)

uploadmgr= Upload Manager
(disable - not required for basic file sharing)

W32Time= Windows Time
(disable - Set time manually- by default connects to MS Server)

winmgmt= Windows Management Instrumentation
(required by windows-most apps)

WmdmPmSp= Portable Media Serial Number
(probably safe to disable, really a waste)

wuauserv= Windows Automatic Updates
(disable)

WZCSVC= Wireless Zero Configuration
(disable if not using wireless network devices)
 

opk

Junior Member
Oct 29, 2002
19
0
0
Thanks I went through and disabled a few of the superfluous ones and we'll see if it helps the situation. I'm afraid it was the System Restore thing. Stupid me enabled that one myself.

Thanks for your help.
 

bsobel

Moderator Emeritus<br>Elite Member
Dec 9, 2001
13,346
0
0
Originally posted by: opk
Thanks I went through and disabled a few of the superfluous ones and we'll see if it helps the situation. I'm afraid it was the System Restore thing. Stupid me enabled that one myself. Thanks for your help.

Opk, your going about it the right way, disable a few and see if it comes back. Continue to narrow it down until you spot it. During the high usage, is there alot of disk or network activity? If so filemon or tcpmon from sysinternals might give more clues as to what service is the culprit.

I won't comment on every suggestion made by the other poster, but there is no reason to turn off alot of what he suggested you turn off. IMHO turning off system restore is a really bad idea unless you actually backup your system (most users don't). More than one poster here turned it off because someone poster 'turn this and that off' only to find they couldn't correct what would otherwise be an easy problem.

Bill


 

opk

Junior Member
Oct 29, 2002
19
0
0
Yeah, my system is a bit different too. I'm running a "pretend server". One main box with bunches of storage and a few others with Network Neighborhood (or whatever it's called now) links back and forth. I know a few of those i need, and i'm pretty sure most aren't causing my slowdown. I backed off the SysRestore thing to 3% from 15%. I feel that's more prudent. I faintly remember one day thinking, "SysRestore, why not... sounds good, let it run wild :)" I figure a gig will hold a lot, plus i've never had to use it yet.

It was hardly any net activity. It does spike the kernel usage to 100% and fly up to the top of the process list w/ about 60+% of CPU cycles. Since it's a sys process, i can't back it off or kill it. It did cause noticable mouse slowdown, and the big kicker was my sound started stuttering.

Thanks again.