1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Resolved Hog! Host Process For Windows Services.

Discussion in 'Windows 10' started by fkaramagi, 2016/05/23.

  1. 2016/05/23
    fkaramagi

    fkaramagi Well-Known Member Thread Starter

    Joined:
    2010/11/01
    Messages:
    130
    Likes Received:
    2
    I am using NetworX to monitor internet data usage on computers on a P2P LAN. There is a data hog on a Windows 10, 32-bit, laptop– Host Process for Windows Services. The application is using 60% of the data bundle and I do not know what it is. (Please see attachment).

    If you know, what it is and how I can stop it, please let me know.
     

    Attached Files:

    fkaramagi,
    #1
  2. 2016/05/23
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,072
    Likes Received:
    400
    Services are Windows programs that start when Windows loads and that continue to run in the background. Most Windows services are executable (.EXE) files, but some services are DLL files. Windows has no direct way of executing a DLL file it needs a program that can act as a launcher for these types of programs. The launcher for DLL services is SVCHOST.EXE, otherwise known as the Generic Host Process for Win32 Services. Each time you see a SVCHOST process, it is actually a process that is managing one or more distinct Windows DLL services.

    To see which services are using svchost.exe, open a command window and enter this command, and press enter:
    Code:
    tasklist /svc /fi  "imagename eq svchost.exe "
    It will list all services connected to svchost. Copy+paste the result.
     
    TonyT,
    #2
    fkaramagi likes this.


  3. to hide this advert.

  4. 2016/05/23
    fkaramagi

    fkaramagi Well-Known Member Thread Starter

    Joined:
    2010/11/01
    Messages:
    130
    Likes Received:
    2
    Please see attachment SVHost Processes.jpg
     
    fkaramagi,
    #3
  5. 2016/05/23
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,072
    Likes Received:
    400
    Ok. It may be just local network traffic. To see all network connections in command window use this command
    netstat -a

    And pls copy and paste the result instead of screenshot.
     
    TonyT,
    #4
  6. 2016/05/24
    fkaramagi

    fkaramagi Well-Known Member Thread Starter

    Joined:
    2010/11/01
    Messages:
    130
    Likes Received:
    2
    C:\Users\user>netstat -a

    Active Connections

    Proto Local Address Foreign Address State
    TCP 0.0.0.0:80 KFs_Dell_14iR:0 LISTENING
    TCP 0.0.0.0:135 KFs_Dell_14iR:0 LISTENING
    TCP 0.0.0.0:445 KFs_Dell_14iR:0 LISTENING
    TCP 0.0.0.0:554 KFs_Dell_14iR:0 LISTENING
    TCP 0.0.0.0:1801 KFs_Dell_14iR:0 LISTENING
    TCP 0.0.0.0:2103 KFs_Dell_14iR:0 LISTENING
    TCP 0.0.0.0:2105 KFs_Dell_14iR:0 LISTENING
    TCP 0.0.0.0:2107 KFs_Dell_14iR:0 LISTENING
    TCP 0.0.0.0:2869 KFs_Dell_14iR:0 LISTENING
    TCP 0.0.0.0:5357 KFs_Dell_14iR:0 LISTENING
    TCP 0.0.0.0:7680 KFs_Dell_14iR:0 LISTENING
    TCP 0.0.0.0:10243 KFs_Dell_14iR:0 LISTENING
    TCP 0.0.0.0:26143 KFs_Dell_14iR:0 LISTENING
    TCP 0.0.0.0:49408 KFs_Dell_14iR:0 LISTENING
    TCP 0.0.0.0:49409 KFs_Dell_14iR:0 LISTENING
    TCP 0.0.0.0:49410 KFs_Dell_14iR:0 LISTENING
    TCP 0.0.0.0:49411 KFs_Dell_14iR:0 LISTENING
    TCP 0.0.0.0:49412 KFs_Dell_14iR:0 LISTENING
    TCP 0.0.0.0:49413 KFs_Dell_14iR:0 LISTENING
    TCP 0.0.0.0:49414 KFs_Dell_14iR:0 LISTENING
    TCP 127.0.0.1:1001 KFs_Dell_14iR:0 LISTENING
    TCP 127.0.0.1:43227 KFs_Dell_14iR:0 LISTENING
    TCP 127.0.0.1:49415 KFs_Dell_14iR:0 LISTENING
    TCP 127.0.0.1:50481 KFs_Dell_14iR:wsd TIME_WAIT
    TCP 127.0.0.1:50482 KFs_Dell_14iR:wsd TIME_WAIT
    TCP 192.168.1.13:139 KFs_Dell_14iR:0 LISTENING
    TCP 192.168.1.13:49966 li124-212:http ESTABLISHED
    TCP 192.168.1.13:50371 65.55.252.93:https TIME_WAIT
    TCP 192.168.1.13:50396 edge-star-shv-01-lhr3:https TIME_WAIT
    TCP 192.168.1.13:50398 edge-star-shv-01-lhr3:https TIME_WAIT
    TCP 192.168.1.13:50445 eu:https TIME_WAIT
    TCP 192.168.1.13:50446 static-41-190-142-18:http TIME_WAIT
    TCP 192.168.1.13:50447 static-41-190-142-17:http TIME_WAIT
    TCP 192.168.1.13:50448 msnbot-191-232-139-170:https TIME_WAIT
    TCP 192.168.1.13:50453 edge-star-shv-01-lhr3:https TIME_WAIT
    TCP 192.168.1.13:50454 edge-star-shv-01-lhr3:https TIME_WAIT
    TCP 192.168.1.13:50456 edge-star-shv-01-lhr3:https TIME_WAIT
    TCP 192.168.1.13:50457 edge-star-shv-01-lhr3:https TIME_WAIT
    TCP 192.168.1.13:50458 edge-z-1-p2-shv-01-lhr3:https TIME_WAIT
    TCP 192.168.1.13:50460 edge-z-1-p2-shv-01-lhr3:https TIME_WAIT
    TCP 192.168.1.13:50461 edge-z-1-p2-shv-01-lhr3:https TIME_WAIT
    TCP 192.168.1.13:50462 edge-z-1-p2-shv-01-lhr3:https TIME_WAIT
    TCP 192.168.1.13:50463 edge-z-1-p2-shv-01-lhr3:https TIME_WAIT
    TCP 192.168.1.13:50467 edge-z-1-p2-shv-01-lhr3:https TIME_WAIT
    TCP 192.168.1.13:50468 edge-z-1-p2-shv-01-lhr3:https TIME_WAIT
    TCP 192.168.1.13:50470 msnbot-191-232-139-170:https TIME_WAIT
    TCP 192.168.1.13:50471 USER-PC:netbios-ssn TIME_WAIT
    TCP 192.168.1.13:50473 edge-z-1-p2-shv-01-lhr3:https TIME_WAIT
    TCP 192.168.1.13:50474 msnbot-191-232-139-170:https TIME_WAIT
    TCP 192.168.1.13:50476 msnbot-191-232-139-2:https TIME_WAIT
    TCP 192.168.1.13:50483 eu:https TIME_WAIT
    TCP 192.168.1.13:50484 msnbot-191-232-139-170:https TIME_WAIT
    TCP 192.168.1.13:50486 static-41-190-142-8:http TIME_WAIT
    TCP 192.168.1.13:50487 static-41-190-142-10:http ESTABLISHED
    TCP 192.168.1.13:50488 msnbot-191-232-139-2:https TIME_WAIT
    TCP 192.168.1.13:50489 eu:https ESTABLISHED
    TCP 192.168.1.13:50491 edge-star-shv-01-lhr3:https ESTABLISHED
    TCP 192.168.1.13:50492 edge-star-shv-01-lhr3:https ESTABLISHED
    TCP 192.168.1.13:50495 edge-star-shv-01-lhr3:https ESTABLISHED
    TCP 192.168.1.13:50500 JHS-PC:wsd TIME_WAIT
    TCP 192.168.1.13:50501 JHS-PC:wsd TIME_WAIT
    TCP 192.168.1.13:50504 JHS-PC:wsd TIME_WAIT
    TCP 192.168.1.13:50505 JHS-PC:wsd TIME_WAIT
    TCP 192.168.1.13:50506 msnbot-191-232-139-170:https TIME_WAIT
    TCP 192.168.1.13:50508 static-41-190-142-18:http ESTABLISHED
    TCP 192.168.1.13:50513 msnbot-191-232-139-2:https TIME_WAIT
    TCP 192.168.1.13:50516 edge-z-1-p2-shv-01-lhr3:https ESTABLISHED
    TCP 192.168.1.13:50517 edge-z-1-p2-shv-01-lhr3:https ESTABLISHED
    TCP 192.168.1.13:50518 msnbot-191-232-139-170:https TIME_WAIT
    TCP 192.168.1.13:50520 edge-z-1-p2-shv-01-lhr3:https ESTABLISHED
    TCP 192.168.1.13:50521 msnbot-191-232-139-170:https TIME_WAIT
    TCP 192.168.1.13:50523 edge-z-1-p2-shv-01-lhr3:https ESTABLISHED
    TCP 192.168.1.13:50524 edge-z-1-p2-shv-01-lhr3:https ESTABLISHED
    TCP 192.168.1.13:50525 edge-z-1-p2-shv-01-lhr3:https ESTABLISHED
    TCP 192.168.1.13:50526 edge-z-1-p2-shv-01-lhr3:https ESTABLISHED
    TCP 192.168.1.13:50527 edge-z-1-p2-shv-01-lhr3:https ESTABLISHED
    TCP 192.168.1.13:50528 edge-z-1-p2-shv-01-lhr3:https ESTABLISHED
    TCP 192.168.1.13:50529 msnbot-191-232-139-170:https TIME_WAIT
    TCP [::]:80 KFs_Dell_14iR:0 LISTENING
    TCP [::]:135 KFs_Dell_14iR:0 LISTENING
    TCP [::]:445 KFs_Dell_14iR:0 LISTENING
    TCP [::]:554 KFs_Dell_14iR:0 LISTENING
    TCP [::]:1801 KFs_Dell_14iR:0 LISTENING
    TCP [::]:2103 KFs_Dell_14iR:0 LISTENING
    TCP [::]:2105 KFs_Dell_14iR:0 LISTENING
    TCP [::]:2107 KFs_Dell_14iR:0 LISTENING
    TCP [::]:2869 KFs_Dell_14iR:0 LISTENING
    TCP [::]:3587 KFs_Dell_14iR:0 LISTENING
    TCP [::]:5357 KFs_Dell_14iR:0 LISTENING
    TCP [::]:7680 KFs_Dell_14iR:0 LISTENING
    TCP [::]:10243 KFs_Dell_14iR:0 LISTENING
    TCP [::]:26143 KFs_Dell_14iR:0 LISTENING
    TCP [::]:49408 KFs_Dell_14iR:0 LISTENING
    TCP [::]:49409 KFs_Dell_14iR:0 LISTENING
    TCP [::]:49410 KFs_Dell_14iR:0 LISTENING
    TCP [::]:49411 KFs_Dell_14iR:0 LISTENING
    TCP [::]:49412 KFs_Dell_14iR:0 LISTENING
    TCP [::]:49413 KFs_Dell_14iR:0 LISTENING
    TCP [::]:49414 KFs_Dell_14iR:0 LISTENING
    TCP [::1]:50464 KFs_Dell_14iR:icslap TIME_WAIT
    TCP [::1]:50465 KFs_Dell_14iR:icslap TIME_WAIT
    TCP [::1]:50466 KFs_Dell_14iR:icslap TIME_WAIT
    TCP [::1]:50469 KFs_Dell_14iR:wsd TIME_WAIT
    TCP [::1]:50477 KFs_Dell_14iR:wsd TIME_WAIT
    TCP [::1]:50478 KFs_Dell_14iR:wsd TIME_WAIT
    TCP [::1]:50479 KFs_Dell_14iR:wsd TIME_WAIT
    TCP [::1]:50480 KFs_Dell_14iR:wsd TIME_WAIT
    TCP [::1]:50542 KFs_Dell_14iR:wsd TIME_WAIT
    TCP [::1]:50545 KFs_Dell_14iR:wsd TIME_WAIT
    TCP [fe80::a5c8:c471:e52:d0ef%5]:5357 Frank-PC:55096 ESTABLISHED
    TCP [fe80::a5c8:c471:e52:d0ef%5]:5357 Frank-PC:55100 ESTABLISHED
    TCP [fe80::a5c8:c471:e52:d0ef%5]:5357 Frank-PC:55106 ESTABLISHED
    TCP [fe80::a5c8:c471:e52:d0ef%5]:5357 Frank-PC:55110 ESTABLISHED
    TCP [fe80::a5c8:c471:e52:d0ef%5]:50498 JHS-PC:wsd TIME_WAIT
    TCP [fe80::a5c8:c471:e52:d0ef%5]:50499 JHS-PC:wsd TIME_WAIT
    TCP [fe80::a5c8:c471:e52:d0ef%5]:50502 JHS-PC:wsd TIME_WAIT
    TCP [fe80::a5c8:c471:e52:d0ef%5]:50503 JHS-PC:wsd TIME_WAIT
    TCP [fe80::a5c8:c471:e52:d0ef%5]:50533 JHS-PC:wsd TIME_WAIT
    TCP [fe80::a5c8:c471:e52:d0ef%5]:50534 JHS-PC:wsd TIME_WAIT
    TCP [fe80::a5c8:c471:e52:d0ef%5]:50537 JHS-PC:wsd TIME_WAIT
    TCP [fe80::a5c8:c471:e52:d0ef%5]:50538 JHS-PC:wsd TIME_WAIT
    UDP 0.0.0.0:123 *:*
    UDP 0.0.0.0:3544 *:*
    UDP 0.0.0.0:3702 *:*
    UDP 0.0.0.0:3702 *:*
    UDP 0.0.0.0:3702 *:*
    UDP 0.0.0.0:3702 *:*
    UDP 0.0.0.0:3702 *:*
    UDP 0.0.0.0:3702 *:*
    UDP 0.0.0.0:5004 *:*
    UDP 0.0.0.0:5005 *:*
    UDP 0.0.0.0:5353 *:*
    UDP 0.0.0.0:5355 *:*
    UDP 0.0.0.0:49408 *:*
    UDP 0.0.0.0:49410 *:*
    UDP 0.0.0.0:49413 *:*
    UDP 0.0.0.0:49415 *:*
    UDP 0.0.0.0:59429 *:*
    UDP 127.0.0.1:1900 *:*
    UDP 127.0.0.1:49416 *:*
    UDP 127.0.0.1:49420 *:*
    UDP 192.168.1.13:137 *:*
    UDP 192.168.1.13:138 *:*
    UDP 192.168.1.13:1900 *:*
    UDP 192.168.1.13:49419 *:*
    UDP 192.168.1.13:54252 *:*
    UDP [::]:123 *:*
    UDP [::]:3540 *:*
    UDP [::]:3702 *:*
    UDP [::]:3702 *:*
    UDP [::]:3702 *:*
    UDP [::]:3702 *:*
    UDP [::]:3702 *:*
    UDP [::]:3702 *:*
    UDP [::]:5004 *:*
    UDP [::]:5005 *:*
    UDP [::]:5353 *:*
    UDP [::]:5355 *:*
    UDP [::]:49409 *:*
    UDP [::]:49414 *:*
    UDP [::]:59430 *:*
    UDP [::1]:1900 *:*
    UDP [::1]:49418 *:*
    UDP [fe80::a5c8:c471:e52:d0ef%5]:1900 *:*
    UDP [fe80::a5c8:c471:e52:d0ef%5]:49417 *:*

    C:\Users\user>
    KFs_Dell_14iR is my laptop (this laptop)
    192.168.1.13 is a PC on the LAN
    Frank-PC too, is also a PC
     
    fkaramagi,
    #5
  7. 2016/05/24
    fkaramagi

    fkaramagi Well-Known Member Thread Starter

    Joined:
    2010/11/01
    Messages:
    130
    Likes Received:
    2
    Here is the earlier one. Am sorry about the screen shot

    C:\Users\user>tasklist /svc /fi "imagename eq svchost.exe

    Image Name PID Services
    ========================= ======== ============================================
    svchost.exe 832 BrokerInfrastructure, DcomLaunch, LSM,
    PlugPlay, Power, SystemEventsBroker
    svchost.exe 892 RpcEptMapper, RpcSs
    svchost.exe 1036 AudioEndpointBuilder,
    DeviceAssociationService, NcbService,
    Netman, PcaSvc, SmsRouter, SysMain, TrkWks,
    WdiSystemHost, WlanSvc, wudfsvc
    svchost.exe 1136 Audiosrv, Dhcp, EventLog,
    HomeGroupProvider, lmhosts, Wcmsvc, wscsvc
    svchost.exe 1144 FDResPub, SSDPSRV, TimeBroker, upnphost,
    wcncsvc
    svchost.exe 1196 BITS, Browser, DoSvc, iphlpsvc,
    LanmanServer, ProfSvc, Schedule, SENS,
    SharedAccess, ShellHWDetection, Themes,
    UserManager, winmgmt, wuauserv
    svchost.exe 1204 EventSystem, fdPHost, FontCache,
    LicenseManager, netprofm, nsi, W32Time,
    WdiServiceHost, WinHttpAutoProxySvc
    svchost.exe 1440 CryptSvc, Dnscache, LanmanWorkstation,
    NlaSvc, TermService
    svchost.exe 1492 BFE, CoreMessagingRegistrar, DPS, MpsSvc,
    NcdAutoSetup, WwanSvc
    svchost.exe 1980 DiagTrack
    svchost.exe 1988 AppHostSvc
    svchost.exe 380 hpqcxs08, hpqddsvc
    svchost.exe 1564 W3SVC, WAS
    svchost.exe 1764 Net Driver HPZ12
    svchost.exe 2112 Pml Driver HPZ12
    svchost.exe 2288 StateRepository, tiledatamodelsvc
    svchost.exe 6080 ClipSVC
    svchost.exe 1480 N/A
    svchost.exe 5656 p2pimsvc, p2psvc, PNRPsvc
    svchost.exe 8124 StiSvc

    C:\Users\user>
     
    Last edited: 2016/05/24
    fkaramagi,
    #6
  8. 2016/05/24
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,072
    Likes Received:
    400
    All of the netstat results are networking activities on the local computer itself (127.0.0.1/ 0.0.0.0) or on the local network (192.168.1.x). No worries. Most are likely the activities of apps which have network connectivity, e.g. weather, news, media sharing, printers, file sharing, etc. Monitor occasionally and you'll probably see remote addresses in netstat when an app connects to retrieve a news feed or a program or Windows checks for updates.

    This one:
    TCP 192.168.1.13:50371 65.55.252.93:https TIME_WAIT
    is a Microsoft server, probably windows update.
    This one is some server in Africa:
    TCP 192.168.1.13:50508 static-41-190-142-18:http ESTABLISHED

    Run Adwcleaner to remove unwanted 'crapware'. AdwCleaner
    Then If still feel that there's unknown activity then post in the malware forum here.
     
    Last edited: 2016/05/24
    TonyT,
    #7
  9. 2016/05/24
    fkaramagi

    fkaramagi Well-Known Member Thread Starter

    Joined:
    2010/11/01
    Messages:
    130
    Likes Received:
    2
    Thank you Tony.
    NetworX gives the option to "INGORE LAN TRAFFIC ". I will try it out.
    I am a bit confused about the servers you mention below. Our IP ranges are 192.168.1.1 ~ 192.168.1.255. 192.168.1.13 falls in there.
    I have run AdwCleaner - it is presenting a lot of stuff to delete, even in the registry. Not sure what to delete!
    kf

     
    fkaramagi,
    #8
  10. 2016/05/24
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,072
    Likes Received:
    400
    netstat- a lists all connections to all servers & devices, LAN and WAN.
    You'll see connections as "active" or "closed" or "time wait" or "listen "..
    Active = a connection is going in in the present time.
    Closed means there was an active connection but the connection has been closed.
    Time wait = there was an active connection and will close after x seconds.
    Listen = some software is listening, waiting for a connection to be initiated from somewhere. For example, if you had a Web server installed it would "listen" on port 80, awaiting connections from users.

    Get rid of all that adwcleaner finds.
     
    TonyT,
    #9
  11. 2016/05/26
    fkaramagi

    fkaramagi Well-Known Member Thread Starter

    Joined:
    2010/11/01
    Messages:
    130
    Likes Received:
    2
    Thank you TonyT.
    I have done the cleaning. I have learnt quite a lot from this thread.
    Let me observe my "consumption" over the next week.
    kf

     
    fkaramagi,
    #10

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...