TV with DVR & Internet: $89.90/mo
Community Newsletter: Q&A: 9/23/05 Svchost.exe: friend or foe?
- 9/22/05 5:48 PM
9/23/05 Svchost.exe: friend or foe?
by Lee Koo (ADMIN) - 9/22/05 5:48 PM
Members, thank for your participation this week. Chuck if you're reading this post, please join us in this week's discussion to let our members know if your question on svchost.exe was answered. If not, please do post your questions so that our members can help you out.
If any of you have additional advice or recommendations you would like to share with us on this topic, please chime on in. Your participation is appreciated by all. Thanks everyone and have a great weekend!
-Lee Koo
CNET Community
Question:
I wish to know what the program svchost.exe wants to do if I give it permission to access the Internet. My firewall tells me that svchost.exe wants to access the Internet. This is not related to my specific request for anything, and my inclination is to say no. But I am not certain that is the right thing to do. I have searched the Internet for svchost and svchost.exe and gotten lots of hits. The Microsoft knowledge base explains svchost but doesn't convince me I want to let it access to the Internet. But it also suggests I might
be wrong (note: W32Time, Dnscache…). I could tell the firewall to never let svchost.exe have Internet access, or I could tell it to always let svchost.exe have Internet access. But I don't understand enough to know which would be best. Please help me out with this sticky security issue.
Submitted by Chuck M.
Answer:
The Microsoft page describing this process is at http://support.Microsoft.com/default.aspx?scid=kb;en-us;314056 and I've wondered this myself in the past. The svchost.exe runs as a request by DLL's (Direct Link Libraries). This can be a legitimate request from your computer's system processes or any other DLL. More often than not, it is always a Microsoft process request, but it can be used by other programs. Most of these requests are not needed for computer operation but may be needed for such things as updates to programs and operating systems.
This process (program) can be used by any other program or DLL on your computer, so it may from time to time be used for not-so-good intentions; but most of the time, traffic to the Internet can be allowed safely from the svchost.exe. The good news is that you have a good firewall, one that does not allow service utilities like this one default access by design. Many people do (I'm a beta tester of these things). I have firewall filters in place for this process to allow outgoing traffic only and only to some sites. When you go to the Microsoft update site, svchost.exe must be allowed, or you cannot update your system. My firewall blocks all traffic in and out for svchost to any site except Microsoft.com for updates.
I, too, was at first concerned about this service, but after putting a few firewall filters in place, it no longer worries me, and I'd say you will feel comfortable after a few well-placed firewall rules (filters). You can do this yourself by choosing to block all requests to or from svchost.exe on your firewall that do not interfere with your Internet requests. It maybe needed for some other programs, though, such as antivirus updates, but normally not. I say, when in doubt, block it and see what happens.
I hope this helps you understand it a little more. This generic process in Windows could be used for bad things, but keeping your firewall in place and well managed, you should be safe and all your privacy intact. At least from this service. Good luck.
Submitted by Mark P.
Honorable mentions
by Lee Koo (ADMIN) - 9/22/05 3:22 PM
In reply to: 9/23/05 Svchost.exe: friend or foe? by Lee Koo (ADMIN)
Answer:
Chuck M.,
You should make sure that it is actually SvcHost.exe and not SCVHost.exe. SvcHost.exe is the system process that handles executing DLLs. Scvhost.exe is a virus I encountered which seems to be linked to my HP 1310 Printer and its drivers. In my experience, SvcHost.exe has never ever asked for internet access, and that seems quite right because it is an internal system process which I, like you, do not believe needs internet access to work properly. But SCVHost.exe would constantly ask me for internet access (blocked by my firewall).
I think the virus is designed to have you overlook and believe that it is the system process SvcHost.exe and that it needs to access the internet. Most novice computer users would not know the difference and/or wouldn't find it suspicious that it would need internet access (which commends you on being that vigilant of your computer processes). But if you are correct that it is indeed SvcHost.exe that is trying to access the internet, then upon research I've found that "svchost.exe is a process which could be registered as the W32.Welchia.Worm. It takes advantage of the Windows LSASS vulnerability, which creates a buffer overflow and instigates your computer to shut down.
To see more information about this vulnerability please look at the following Microsoft bulletin: http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx."(found from http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/) This might be the cause for it wanting to access the internet and you should look into it and determine if you need to perform a removal process of the Welchia Worm. Here's my 2 cents and I hope that it helps you.
Submitted by: Michael M.
***********************************************************************
Answer:
One of the possibilities is that Chuck M. has a virus as listed in the task list portion of the "Answers That Work" web site as follows:
"You have a virus. It may be one of the following viruses :
Backdoor.IRC.Zcrew, W32.HLLW.Deborms.C, W32.Mimail.J@mm, or the W32.Paylap.@mm virus which mimics a PayPal account renewal screen. Note that there are other lesser known, or newer (!!) viruses which also show as a program called SVCHOST32.EXE."
Another use for the file is a legitimate use by Windows as follows:
"Windows 2000/XP/2003 only. SVCHOST is a generic process which acts as a host for processes that run from DLLs rather than EXEs. At startup SVCHOST checks the Services portion of the Registry to construct a list of DLL-based services that it needs to load, and then loads them. There can be many instances of SVCHOST running, as there will be one instance of SVCHOST for every DLL-based service or grouping of services (the grouping of services is determined by the programmers who wrote the services in question)."
The URL of this very helpful site is:
http://www.answersthatwork.com/home_page.htm
Hope this helps.
Submitted by: Mike L.
***********************************************************************
Answer:
Good Question, Chuck!
One of my favorite web sites to look up things like this is processlibrary.com. The process library says the following about svchost.exe:
"svchost.exe is a system process belonging to the Microsoft Windows Operating System which handles processes executed from DLLs. This program is important for the stable and secure running of your computer and should not be terminated. " Note that this info is ©2005 Processlibrary.com. All Rights Reserved.
It does also mention that it could be part of a virus hiding as that file, so I would scan your computer with a good, up-to-date virus scanner before doing anything. If the Virus Scan comes out with nothing, it's safe to let this file through the firewall.
Submitted by: Daniel K. of Basking Ridge, NJ
***********************************************************************
Answer:
Chuck First, SvcHost.exe is a system process that is part of the Microsoft Windows Operating System which handles processes executed from DLLs. DLL stands for Dynamic Link Library or you can say SvcHost is a generic process, which acts as a host for other processes running from DLLs; which runs in the background and it uses the network and internet. In the Task Manager if you click on the Process tab there will be more than one entry for this process, I have seem up to 5 entries on some machines and I get worried if there over 4 in Task Manager.
The svchost.exe file is located in the c:\windows\System32 folder. So to see what processes are using Svchost.exe, use tlist.exe from the Windows 2000
CD-ROM; the syntax is "tlist -s" at the command prompt; and for Windows XP at the command prompt use "tasklist /svc" without the quotes in both syntax.
This is an example of what you will see when you use the syntax "tasklist /svc" in Windows XP: notice the processes running under SvcHost.exe.
H:\Documents and Settings\David>tasklist /svc
Image Name PID Services
=====================================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 468 N/A
csrss.exe 524 N/A
winlogon.exe 548 N/A
services.exe 592 Eventlog, PlugPlay
lsass.exe 604 PolicyAgent, ProtectedStorage, SamSs svchost.exe 772 RpcSs
svchost.exe 824 AudioSrv, Browser, CryptSvc, Dhcp, dmserver,
ERSvc, EventSystem, helpsvc, lanmanserver,
lanmanworkstation, Messenger, Netman, Nla,
RasMan, SENS, ShellHWDetection, srservice,
TapiSrv, Themes, TrkWks, uploadmgr, W32Time,
winmgmt, WZCSVC
svchost.exe 996 Dnscache
svchost.exe 1016 Alerter, LmHosts, SSDPSRV, WebClient
The svchost.exe file is located in the c:\windows\System32 folder. In other cases, svchost.exe is a virus, spyware, trojan or worm!
Second, In other cases, svchost.exe is a virus, spyware, trojan or worm! If a virus svchost.exe will be under these: Symantec Security Response - W32.Welchia.Worm, W32.Assarm@mm; McAfee - W32/Jeefo It takes advantage of the Windows LSASS vulnerability, which creates a buffer overflow and instigates your computer to shut down. To see more information about this vulnerability look at the following Microsoft bulletin: http://www.microsoft.com/technet/security/bulletin/ms04-011.msp
If You want to find out about certain processes and what they do, even if they are a security risk use this website: http://www.processlibrary.com/index.php
This website http://www.neuber.com/taskmanager/process/index.html lists processes by category. System Processes, Application processes, Malware Processes, And Other Processes
I hope this helps, Chuck.
Submitted by: Calvin H.
Svc-Who?
by ggood - 9/23/05 7:14 AM In reply to: Honorable mentions by Lee Koo (ADMIN)
Calvin,
I learned quite a bit from your reply but have a question or two that were evoked by it.
You say that svcHost is a legimate win process and other times death or worse.
But is there a way to distinguish readily which one you are dealing with ant any given moment"
also do you know the significance if any of the numbers that appear as part of the process name in these lists eg:
svchost.exe 1016 Alerter, LmHosts, SSDPSRV, WebClient
(The number 1016 in the above example)
TIA,
ggood
yes....
by funkid7 - 9/23/05 11:28 AM In reply to: Svc-Who? by ggoodkeep track of each running procs PID number. When you boot up to desktop; look at the PId numbers and write them down. If during that time a new one arises with a different PID and it just says under User Name, your name; then it may not be a good one.
My way is to disable its process and wait....if you are correct and it is a bad one it will shut down, but may restart when you access the internet. Then it IS a bad one for sure! svchost or SVCHOST should never start up, when accessing the internet. svchost for the network service is already there doing that. a second one popping up at e-mail time is a bad thing.
Svchost.exe processes.
by Marko Polo - 9/23/05 4:25 PM In reply to: Svc-Who? by ggoodRealistically it is not possible for a user to know exactly what DLL or other call caused any particular incident of Svchost.exe. That number next to the name is the process ID. It can be used to trace the origin's of any process with one. There are several places and ways to find this but the long and short of it is use common sense when allowing any access to the net in or out of your computer. If you deny it and everything works, then your good to go. As a hint, I set up filter rules for windows update site right after I install the firewall. Once you get rules for the update site in place,(nearly)all other access can be denied. Hav'nt broken any apps yet.
Surf safe, build two walls.
Warmly, Marko
There is a way…
by theUg - 9/25/05 8:11 PM In reply to: Svchost.exe processes. by Marko Polo…though I cannot say where you can see it. I assume I have seen command lines for various svchost.exe processes, which clearly state to which DLL it handles in msconfig utility or elswhere.
thank you! very helpful
by Cadillac84 - 10/10/05 6:28 AM In reply to: Honorable mentions by Lee Koo (ADMIN)
I have added both sites to my troubleshooting favorites folder. It is interesting to see how some security threats use names only slightly altered from legitimate programs.
lsas v lsass
scvhost v svchost
I'm sure there are others. Thanks for the tips.
Chuck M.
Other advice from our members
by Lee Koo (ADMIN) - 9/22/05 3:25 PM
In reply to: 9/23/05 Svchost.exe: friend or foe? by Lee Koo (ADMIN)
Answer:
Chuck, first you should have a general understanding of Svchost. The Svchost.exe file checks the services part of the Windows operating system registry to put together a list of services that it must load in order to run properly. There can be multiple instances of Svchost.exe which are running at the same time. Each instance of Svchost.exe session contains a group of services which your operating system is running. By grouping the different, but related services your system runs more efficiently and it makes it easier to find a problem if one arises.
If you stop a session of Svchost from running, (by ending the process), it will only start up again if you need to use any of the services which are needed. Svchost is a benign process run by your operating system. It poses no threat to you and in reality it is one or more of the services which is in you instance you describe, is needed to access the communications protocols needed to access the internet. There is no reason for you not to allow your firewall to permit access.
Good Luck
Submitted by: Barry S. of Lakewood, Ohio
***********************************************************************
Answer:
The answer to your question is simple. SvcHost.exe or “Service Host” is a built-in part of the Windows operating system. What it is doing is providing a host service (in your case its internet access) to windows services that need it like:
Windows automatic update service
DNScache “domain name server cache” Essential for browsers to quickly convert a web URL into a direct address to the site server for faster browsing.
It is essential that you grant access to this service if you want these services to function properly on your computer. SvcHost.exe is a very common program on your computer. Just open your task manager and click on the “Processes Tab”, there you will find several instances of SvcHost.exe running providing a common service to any number of applications. One service would be for audio, another for multimedia. That’s the way windows works, it provides services to the applications that you have installed on it.
It’s very good to be cautious, but it’s better to be informed and to help you with this I recommend a product like WinPatrol. It is free to install and use but there is a Plus version that is worth paying for because with it you can access information about programs, cookies, and services that you have on your computer. This will help you a great deal in deciding if you want to give access to something or not. With this you could have looked up the SvcHost.exe and it would have told you that it is from Microsoft and that it is safe. For more on WinPatrol go to http://winpatrol.com/ .
Submitted by: Tracy E.
***********************************************************************
Answer:
First of all, svchost.exe is usually a windows service that uses the internet to keep updated. It could be windows update, or; if you are running Windows XP it could be the clock trying to sync up the time. There’s several svchost.exe's that could be running on your system. Unfortunately, you can't really tell which one is which, but they almost always are okay to allow to run. If you check your task manager (alt+Ctrl+Del) you'll see in the processes tab that svchost is probably running about 5 or 6 times, it's not the same program running over and over, but simply the same command running for different programs.
If you are still suspicious of the program running, you can set your firewall to ask every time , the downside to that is you'll probably have the pop-up over and over asking you if it should allow it to run. I would suggest trying to turn off automatic updating in your programs that do update (windows update, spyware removal programs, firewall, the clock, anti-virus etc.) and see if you still get the firewall asking you if it should allow it or not. If you do, run a spyware scan and see if anything comes up, (it probably won't). If nothing comes up from a spyware search, and you run your antivirus and that doesn't show anything, I'd say to allow the program to run, I always have and have had no problems.
Submitted by: Chris S.
***********************************************************************
Answer:
Svchost.exe is a part of Windows that runs DLL files as if they were EXE programs. Thus there are several instances of svchost running at any one time, each started by a different DLL. You can see them in TaskManager under the Processes tab. In Windows XP Professional there is a program called TaskList that will show you which DLL started each svchost. Unfortunately this does not exist in the Home version.
Thus each instance of svchost may be doing almost anything. Some may be good and some may not. You can, in a crude way, try to find out what each does by using TaskManager to stop the process, then try to figure out what doesn't work.
You can also see what services use svchost by searching the Registry for svchost. This should come under "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost". I have, for example, eight services listed: DcomLaunch, HTTPFilter, imgsvc, LocalService, netsvcs, NetworkService, rpcss, and termsvcs. However, I only have seven svchost processes running now.
Most of these are obviously critical system functions and should be left alone.
I found the most useful information by searching Microsoft.com for svchost and at AnswersThatWork.com.
Most svchost requests to access the internet are probably ok, but some may not be. I don't know how you can tell the difference.
Submitted by: Ken
***********************************************************************
Answer:
SvcHost.exe is a hosting process that is used to wrap other processes.
It may be used by a legitimate application, and that application may need to access the internet. If that's the case, you should permit the access.
The problem comes from the fact that several spywares, trojans and viruses do hide in instances of that wrapper. To be safe, you must then deny svchost any network access. Then, you can look if legitimate processes and applications can still make normal internet connection.
I suggest that you install, update and run some spyware/adware remover and a good antivirus and do a virus scan, as you may have an infection.
Submitted by: Alain
***********************************************************************
Answer:
Let svchost access the internet. If you suspect that your computer has a problem with malicious software, run cwshredder, ad-aware se, spybot s&d, and avg antivirus. If your primary virus solution is Norton, you can even leave AVG free edition on the PC full time. Basically, if you suspect that something on your computer wants to access the internet that shouldn’t, you either already have malicious software on the system that needs to be cleaned off, or are overly paranoid. I would err on the side of caution. If you are not familiar with how to do a thorough pm (which includes running the aforementioned applications), then hire a professional that provides in-house service.
Submitted by: Ron O.
***********************************************************************
Answer:
SvcHost.exe is simply a task manager. Multiple copies of this can be running at the same. Each iteration of svchost.exe has one or more subtasks associated with it. Note:
1. service 1088 is RpcSs running subordinate to svchost.exe. This is the memory management service which allocates and deallocates memory.
2. service 1008 contains DcomLaunch which is a security enhancement associated with XP XP2 and TermService which Enable the Remote Desktop exception in Windows Firewall
3. service 1180 has several subsets including audio service, browser, encryption, domain host, fast user switching, shared access, etc. Since this service controls the browser, Dhcp, lan….. etc., it will want access to the web/internet to allow certain functions to be performed.
You mentioned Dnscache which is the cache manager when you are working with a domain server.
I have best luck running McAfee firewall with requiring VPN access to work. I allow/trust svchost.exe and access to the internet. All programs which do not necessarily need internet access or I don’t want to have the access I block.
Image Name PID Services
============================================= =============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 692 N/A
csrss.exe 776 N/A
winlogon.exe 800 N/A
services.exe 844 Eventlog, PlugPlay
lsass.exe 856 PolicyAgent, ProtectedStorage, SamSs
svchost.exe 1008 DcomLaunch, TermService
svchost.exe 1088 RpcSs
svchost.exe 1180 AudioSrv, BITS, Browser, CryptSvc, Dhcp,
dmserver, ERSvc, EventSystem,
FastUserSwitchingCompatibility, helpsvc,
HidServ, lanmanserver, lanmanworkstation,
Netman, Nla, RasMan, Schedule, seclogon,
SENS, SharedAccess, ShellHWDetection,
srservice, TapiSrv, Themes, TrkWks, W32Time,
winmgmt, wscsvc, wuauserv, WZCSVC
svchost.exe 1224 Dnscache
svchost.exe 1264 LmHosts, RemoteRegistry, SSDPSRV, WebClient
spoolsv.exe 1568 Spooler
mainserv.exe 1664 APC UPS Service
cvpnd.exe 1688 CVPND
msssrv.exe 1724 McAfeeAntiSpyware
MDM.EXE 1856 MDM
MpfService.exe 1872 MpfService
MSKSrvr.exe 1900 MskService
nvsvc32.exe 2032 NVSvc
SMAgent.exe 200 SoundMAX Agent Service (default)
svchost.exe 184 stisvc
wdfmgr.exe 268 UMWdf
ups.exe 336 UPS
wdService.exe 364 WebDriveService
alg.exe 980 ALG
mcvsrte.exe 1640 MCVSRte
McShield.exe 1440 McShield
explorer.exe 2168 N/A
ONETOU~2.EXE 1608 N/A
hpcmpmgr.exe 2292 N/A
hpztsb10.exe 2620 N/A
mcvsshld.exe 488 N/A
mcagent.exe 3128 N/A
MSKAgent.exe 2392 N/A
htpatch.exe 1460 N/A
INSTAN~1.EXE 2320 N/A
McVSEscn.exe 276 N/A
msscli.exe 400 N/A
pcx.exe 2156 N/A
DrgToDsc.exe 1084 N/A
SM1bg.exe 2188 N/A
MpfTray.exe 2644 N/A
hpwuSchd2.exe 2452 N/A
jusched.exe 3536 N/A
point32.exe 1388 N/A
rundll32.exe 3332 N/A
MWSOEMON.EXE 3728 N/A
PlgUni.exe 1952 N/A
ctfmon.exe 2252 N/A
PrintScreen.exe 3360 N/A
RegistryRepairPro.exe 3408 N/A
Weather.exe 1456 N/A
OUTLOOK.EXE 444 N/A
MpfAgent.exe 3092 N/A
apcsystray.exe 3036 N/A
WINWORD.EXE 3716 N/A
agentsvr.exe 1204 N/A
iexplore.exe 1128 N/A
cmd.exe 1072 N/A
cmd.exe 3040 N/A
tasklist.exe 3936 N/A
wmiprvse.exe 280 N/A
Submitted by: Norm S.
***********************************************************************
Answer:
Hi,
I have SvcHost.exe as a windows file in the system32 folder . . .on my Win Xp home edition. I also, checked the registry for sure it is a valid file.
So, MORE INFORMATION
The Svchost.exe file is located in the %SystemRoot%\System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. Multiple instances of Svchost.exe can run at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can run, depending on how and where Svchost.exe is started. This allows for better control and easier debugging.
Now as to why the internet wants to access it, well .. . you are connecting or connected to the net . . . several parts (software) need to be in place with selected services running . . .
Best I can do,
Submitted by: Jerry Z. of South Beach, OR
***********************************************************************
Answer:
Hi there Chuck,
Well, there are numerous worms and viruses that use normal system processes ( like Svchost.exe and others ) to hide themselves from your eyes. I would suggest not giving it access to the Internet, because it might be part of some kind of virus or worm. Be careful about those.
I suggest you go to http://www.processlibrary.com and look for more processes that are a security risk. This is a good site to know more about processes and what they do. It also gives you a list of the good and the bad process and gives you information about them as well.
Forget about Norton or Mcafee to protect your pc, they are worthless, trust me. I hope the site I gave you will help you get more information about some processes.
Submitted by: Pcfreakske2000
***********************************************************************
Answer:
svchost.exe is a system process that is used in the Windows operating system that handles processes from DLLs. svchost is important for the stability and security of your system. To answer your question, when you have automatic time updates turned on, it runs a svchost shared process that connects to the internet to set your clock. It's perfectly fine to allow access to svchost through your firewall but you can also turn that off by right-clicking on the clock in your taskbar, adjust date/time and then selecting the internet time tab.
Submitted by: Matthew O.
***********************************************************************
Answer:
You cannot simply stop any of the svchost processes running.
Some of them are crucial to Windows itself. It is a tricky one and there is no definitive answer. Lots of spyware, adware, viruses etc. will run a process with this name, safe in the knowledge that you can't stop them! Clever stuff, but very annoying!
Think about which processes you have that might want to access the Net.
Probably anti-virus stuff will - media player will - Windows itself WON'T
Try killing the process and see what happens.
Good luck,
Submitted by: Kevin D.
DLL = DYNAMIC link libraries
by longofest - 9/23/05 3:36 AM In reply to: 9/23/05 Svchost.exe: friend or foe? by Lee Koo (ADMIN)
Typo in the post. Setting the record straight.
DLL
by dolbyg - 9/23/05 6:44 AM In reply to: DLL = DYNAMIC link libraries by longofestI was about to send the same correction that DLL stands for dynamic-link library, but I am on the West coast. I don't get up that early.
Svchost.exe can be a keylogger
by donmayor - 9/23/05 3:41 AM In reply to: 9/23/05 Svchost.exe: friend or foe? by Lee Koo (ADMIN)
I have seen a keylogger program that names itself as svchost.exe. How to detect if this program of yours is a key logger is this: open your taskmanager and go to processes. You would see more than one svchost.exe, look at the user names beside the svchost.exe; it has to be either of these: network service, local system, system. If it any of it shows the user name logged into the computer, it is probably a spyware or keylogger. Kill it. It is probably located in C:\program files\common files\microsoft shared\dao\svchost.exe
I have seen a good dozen
by funkid7 - 9/23/05 11:32 AM In reply to: Svchost.exe can be a keylogger by donmayorThese nifty little buggers, will call themselves SVCHOST EXE in all capitals. That shouldn't be all capitals. some of them(keyloggers you call them) will have the gaul to name themselves svchost exe. like your OS does.
I have palyed and played and gambled with SVC's, thru 3 OS's and 4 differnet models of computer. they are one dooddad I know about.
Why so many svchost.exe processes running?
by jasperstones - 9/23/05 12:31 PM In reply to: Svchost.exe can be a keylogger by donmayorCan anyone explain why I have so many svchost.exe
processes running at the same time. Windows task
manager currently shows 8 running at the same time:
4 are attributed to SYSTEM
2 are attributed to LOCAL SYSTEM
2 are attributed to NETWORK SERVICE
I realize it depends upon installed softwarre etc.
but is it normal to have so many "multiple versions"
of that process running at the same time?
Any help is genuinely appreciated!
jasperstones
4/2/2
by funkid7 - 9/24/05 12:42 AM In reply to: Why so many svchost.exe processes running? by jasperstonesWinXP? More than one registered administrators log-on? that may explain the double svchosts for network and local. The 4 system svc's, could all be legitimate. As I said here in one other post; each and every personal desktop has it's own variable processes.
One Anti-virus utility may open one, another brand may not.
PhotoShop definitely enables a service; this is because it has a website help link, that executes with the program. MSpaint will share that same svchost, if I leave the host running. Then, if I close MSPaint and shut svc down and then re-open MSPaint again a svchost with a different PID will open.
This is why no one is willing to answer your question; it could mean anything. Crazy crap isn't it?!
That is why I learned what mine were for, specifically and what programs execute them. Mine is different from your, so my experiments won't help you. They only help my tailored sys.
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
