Svchost Continuously Accesses Hard Drive

Status
Not open for further replies.
Jorolat

Jorolat

Hi,

In Windows Task Manager an instance of svchost.exe (with a PID number
of 972) is continuously accessing my hard drive at a frequency of just
under once per second.

With the help I got on a related post I've used tasklist.exe to
establish that svchost.exe (PID 972) has the following components:

AudioSrv, BITS, Browser, CryptSvc, Dhcp,
ERSvc, EventSystem, helpsvc, lanmanserver,
lanmanworkstation, Netman, Nla, RasMan,
Schedule, seclogon, SENS, SharedAccess,
ShellHWDetection, srservice, TapiSrv,
Themes, TrkWks, W32Time, winmgmt, wscsvc,
wuauserv, WZCSVC

Bearing in mind I'm a novice what I would like to do (subject to
advice!) is disable each service one by one in an attempt to narrow
down the source of the problem?

Would this be a realistic way to go about the problem? If so what
would be the best way to do it & would I need to reboot each time I
disable a service?

Hope you can help smile.gif

(nb I've run Avast, Trend, Sophos, McAfee, Spybot and Adaware without finding any problems)

Jorolat
 
Jorolat said:
Hi,
Click to expand...
Hi,

AudioSrv = Windows Audio - needed for audio,

BITS = Background Intelligent Transfer Service - can be set to manual, needed by Windows Update,

Browser = Computer Browser - can be set to manual or disabled if not sharing files & printers with other computers,

CryptSvc = Cryptographic Services,

Dhcp = DHCP Client,

ERSvc = Error Reporting Service - personally I've set this disabled, it just logs errors,

EventSystem = Event Log,

helpsvc = Help and Support, not needed unless you have tendency to hit F1,

lanmanserver = Server, not needed if not sharing files & printers with other computers,

lanmanworkstation = Workstation, not needed if not sharing files & printers with other computers,

Netman = Network Connections,

Nla = Network Location Awareness, not needed unless you're using wireless networking or something that changes settings often,

RasMan = Remote Access Connection Manager,

Schedule = Task Scheduler, not needed unless you've scheduled tasks,

seclogon = Secondary Logon, not needed unless you need to start applications with different rights than the current user has,

SENS = System Event Notification, I'm not sure which applications use this but I've disabled this myself,

SharedAccess = Windows Firewall/ICS, not needed if you're using 3rd party firewall and not sharing the connection,

ShellHWDetection = Shell Hardware Detection, if you disable this, all CD/DVD drives will show up as "CD Drive",

srservice = this is something I don't have,

TapiSrv = Telephony, not needed unless you're using a modem or a fax,

Themes = Themes, if you use the classic (Win2k) look then you don't need this,

TrkWks = Distributed Link Tracking Client, not needed if you're using FAT32 or if you're not using links with NTFS,

W32Time = Windows Time, not needed if you don't want to set computer clock automatically from the Internet,

winmgmt = Windows Management Instrumentation,

wscsvc = this is something I don't have,

wuauserv = this is something I don't have,

WZCSVC = Wireless Configuration, not needed unless you use wireless networking.

would I need to reboot each time I disable a service?
Click to expand...
You don't need to reboot. Just run services.msc (or open Control Panel - Administrative Tools - Services) and change the settings from there.
 
Thanks for the info Mictlantecuhtli :)

I'll try services.msc tomorrow (getting late here) because when I looked at services through Control Panel not all of the ones I'm interested in are listed.

Jorolat
 
Today I installed XP slipstreamed with SP2 onto a new hard drive (but I'm back on the old OS & HDD now) and as soon as I installed the modem drivers the svchost disc activity started. I uninstalled the drivers & the problem went away.

I ain't gotta clue why this is so & it'll be a few days before I can spend some time on it. In the meantime, if anyone has any ideas I'ld be glad to hear them!

Jorolat
 
See if the modem drivers install a new system service. If it looks unimportant (fax?) then just stop and disable it.
 
Status
Not open for further replies.

Similar threads

M
Solved Possible virus?
2
Replies
29
Views
10K
Broni
Broni
queenofgoddess
  • Locked
Inactive-A I have read your instructions for problem help and have pasted the results below
2
Replies
26
Views
6K
Broni
Broni
SFX099
Solved Cvxasync.exe causing havoc, logs included
2
Replies
29
Views
6K
Broni
Broni

Latest posts

Back