The name of the .exe file.
The path is not displayed. Several of them may be in
C:\Windows\system32.
To find the path, run the Windows
System Information program
(- usually (for XP) by clicking Start | All Programs | Accessories | System Tools | System Information |
Software Environment | Running Tasks)
which has a column with the paths. Also see the
Loaded Modules and
Services sections of the Software Environment.
Even
System Information is not very informative about the
svchost.exe tasks (services that run from DLLs),
and there are usually several of these running.
Start | Run.. | type Regedit and navigate to
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\SvcHost
for a list of the SvcHost groups and the services in each, and to
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\
for details on each service.
Except for XP Home, Start | Run... | type
TaskList /SVC will include SvcHost in a list the PIDs and active services.
- for XP Home, download TaskList.exe from e.g.
ComputerHope,
and run it in a DosBox.
- Typical list (plus 2 columns from Windows Task Manager) is:
| Image name | PID | Services | User Name | Mem Usage
|
|---|
| svchost.exe | 804 | DcomLaunch TermService | SYSTEM | 1,752K
|
| svchost.exe | 948 | RpcSs | NETWORK SERVICE | 1,756K
|
| svchost.exe | 1120 | see below | SYSTEM | 59,072K
|
| svchost.exe | 1196 | Dnscache | NETWORK SERVICE | 2,148K
|
| svchost.exe | 1360 | LmHosts SSDPSRV upnphost | LOCAL SERVICE | 2,080K
|
| svchost.exe | 532 | WebClient | LOCAL SERVICE | 140K
|
| svchost.exe | 2112 | stisvc | SYSTEM | 2,108K
|
| svchost.exe | 2976 | HTTPFilter | SYSTEM | 224K
|
| svchost.exe | 4736 | hpqcxs08 | SYSTEM | 112K
|
The services for the PID 1120 in the list above are:
AudioSrv - audio management.
BITS - Background Intelligent Transfer Service: transfers files in the background using idle network bandwidth.
Used by Windows Update, MSN Explorer. See
The Elder Geek
: may generate traffic on its own.
[The BITS service has been a cause of some PCs suddenly running very slowly, with this svchost process doing many disk transfers
and taking nearly all the CPU time.
See e.g.
Windows XP taken over by svchost.exe
and
techguy: Help needed with excessive disk activity....
For Vista, see
BITS Repair Tool for Windows Vista (KB940520)
or
An update is available to fix a Background Intelligent Transfer Service (BITS) crash on a Windows Vista-based computer.
Or set updates to Manual: Start | Control Panel ! Automatic Updates | Notify but do not download.]
Browser - lists computers on the network.
CryptSvc - confirms signatures of Windows files; manages Trusted Root Certification; enrolls this PC for certificates.
Dhcp - registers and updates IP addresses and DNS names.
ERSvc - Error Reporting.
EventSystem - logs events, Cannot be stopped. Log viewable by clicking Start | Control Panel | Administrative Tools
and double clicking
Event Viewer.
FastUserSwitchingCompatibility - management for applications in a multiple user environment.
If there is only one user on the system, this can be disabled.
helpsvc - Help and Support Center.
HidServ - Human Interface Devices: hot buttons, remote controls etc.
lanmanserver - LAN server.
lanmanworkstation - network connections for XP Pro and Windows Server 2003.
Netman - Network and Dial-Up Connections.
Nla - Network Location Awareness: network configuration and location.
RasAuto - Remote Access AutoDial Manager: maintains network addresses.
RasMan - Remote Access Service Manager: 'dial-up' connections, but required for most RAS, ADSL or Cable connections..
Schedule - automated tasks.
seclogon - Secondary Logon: processes starting under alternate credentials
(i.e. as a different user: e.g. runas /user:username cmd).
SENS - System Event Notification Service.
SharedAccess - Internet Connection Sharing; and Windows Firewall/Interent Connection Firewall.
ShellHWDetection - Autoplay notifications.
TapiSrv - Telephony API.
Themes - theme management.
TrkWks - tracking links to files.
W32Time - synchronizes a time server with an outside time source.
winmgmt - Windows managemet Instrumentation Service. Use WMI scripting to get PC info.
wscsvc - Windows Security Centre Service.
wuauserv - Windows Automatic Update Service.
WZCSVC - Wireless Zero Configuration: auto config 802.11 adapters.
For a description of most of the services, and to start or stop them,
click Start | Control Panel | Administrative Tools, and double click
Services.
A numerical value given to the process while it is running.
CPU Usage The percentage CPU time used by process since the last update.
(Click Performance View Update Speed to change the update rate.)
CPU Time The CPU time the process has used since starting.
Memory Usage The amount of main memory used by the process in kilobytes.
Memory Usage Delta The change in Memory Usage since the last update.
Peak Memory Usage The maximum amount of memory used by the process since the Task Manager started.
Page Faults The number of page faults caused by the process since it started.
There can be a lot of these, mostly caused intentionally.
A page fault occurs when a process tries to access data not in its current working set, and has to go to a new RAM area or to RAM data stored on disc.
Page Faults Delta The change in the number of page faults since the last update.
User Objects Number of internal Windows Manager objects (like windows) in use by the process.
I/O Reads since the process began.
I/O Read Bytes since the process began.
I/O Writes since the process began.
I/O Write Bytes since the process began.
I/O Other seeks, network I/O, etc. since the process began.
I/O Other Bytes since the process began.
Virtual Memory Size How much this process is using of the
Pagefile (an area of disc reserved for swapping RAM data in and out of physical memory).
Paged Pool How much this process is using of the
Paged Pool (data queued up for writing to the Pagefile).
Nonpaged Pool How much memory this process is using that cannot be swapped out to disc.
Base Priority The execution priority of the process's threads.
Handle Count The number of handles (many things, such as file I/O, require a 'handle') in the process's object table.
Thread Count The number of threads running under the process.
GDI/GDI+ Objects Number of Grapics Device Interface objects the process is using.
GDI does the low level graphics, such as drawing lines and curves, and rendering fonts and colours.>
GDI+ introduced with Windows XP, is a considerable extension of GDI, but considerably slower.
that created the window. (A thread executes the
V( 111, 222 )-( 333, 444 ) - The window is capable of being seen, but may be partially or totally obscured by other windows.
N.B. the second coordinate of each pair is the distance from the top of the screen, the reverse of a normal "y" coordinate.
The two pairs of coordinates are the screen positions in pixels of the top left and bottom right corners.
The top left corner coordinates may be negative (i.e. top left corner is off the screen),
and the bottom right coordinates may exceed the screen size.
Maximised windows often have the top left corner coorsdinates slightly negative, e.g. (-4,-4).
To assist in locating coordinate positions on the screen, the small program ScreenPosn.exe displays its own position in a small window
which can be dragged whereever required..
Hidden - the window is not capable of being seen.
Hidden (GDI) - Each GDI+ (Microsoft Graphics Device Interface) instance contains a hidden top-level window. See
above.
H( 111, 222 )-( 333, 444 ) - the window is marked as being hidden, but a position on the screen has also been given.
Minimised - The window is currently minimised.
is an MSDEV project, compiled using Microsoft Visual C++ vsn 6.
For a description of the MSDEV files that are generated by the compiler,
and therefore (except for the executable) not included in the download,
see the
