What’s with all those svchost.exe items in Task Manager?October 3, 2011
One of the better explanations I’ve seen for the multiple instances of svchost.exe in Task Manager was written by Jon Thompson in Australian Personal Computer (June 2011 issue, p90-91). Jon wrote (my emphasis):
All modern operating systems have a hierarchy of processes. In Windows 7, there are usually three or four top-level processes. One such process is ‘wininit’, the direct descendant of which is called ‘services.exe’. As you might expect, it’s the job of this process to spawn child processes that run as independent services in the background. However, there’s often a degree of confusion that creeps in the user’s mind over this seemingly simple task.
The confusion is that ‘services.exe’ starts multiple instances of a process called ‘svchost.exe’. Search for the term and you’ll find many forum posts from worried users asking if their PC has been taken over by malware and asking how to kill all those multiple processes. However, it’s normal to have many instances running in parallel, and killing them can harm the running OS. If this happens, you’ll need to reboot and may lose data or even corrupt your hard disk.
The reason for so many instances of ‘svchost.exe’ is that it acts as a launcher for processes that run from DLLs rather than EXE files. These are apportioned between many instances of ‘svchost.exe’ for efficiency, speed and system resilience. ‘Services.exe’ also starts many other service processes that run directly from EXE files. These include the service portion of your anti-malware products and Windows 7, and services for power management and the Windows Live Sign-in Manager.
So, the bottom line is that svchost.exe is a normal part of Windows, and you should have several instances running simultaneously.
If you want something a little more detailed that Task Manager, Microsoft released its new product Process Explorer on 1 September 2011 (actually, Process Explorer was a product from Sysinternals — a company that Microsoft has purchased). You can get Process Explorer from: http://technet.microsoft.com/en-us/sysinternals/bb896653. It’s free and the download is less than 2 MB; it works on all versions of Windows from Windows XP on, and on Windows Server from Windows Server 2003 onwards. (No, I haven’t used it yet — it was recommended in that same APC article.)
[Link last checked September 2011]