There are three Windows services that are always running no matter what you do. You can’t close them, or if you can, they magically reappear. There is no explanation for them in Task Manager, and information on them is scant wherever you look. The offenders are Svchost, Ctfmon and Justsched.

So one day I was bored enough to investigate the services to attempt to get to the bottom of them.

Here is what I found.

SVCHost.Exe

I was fiddling with one my machines, as I am wont to do on a regular basis. I was checking out services and exploring which ones could be safely disabled to squeeze a little more out of Windows. It was then that I saw multiple svchost entries clogging up my services window. I had seen these before and tried disabling a few, only to be promptly denied with a sharp beep and a ‘denied’ window.

It was then I decided enough was enough and decided to find out exactly what svchost is and why I have so many of them.

The logical first stop on my journey of discovery was Microsoft.

“svchost.exe is a generic host process name for services that run from dynamic-link libraries.”

Not the clearest of explanations I agree but it did clear up the mystery somewhat. During the life of XP, Microsoft moved from running internal services from.exe files to.dll files. This made the build more modular and meant that different part of the system could all access these.dll files.

It added a little more security too as you can’t run a.dll file directly. It has to be in conjunction with an.exe file. The idea was to cut down on system vulnerabilities among other things. To reference all of these.dll’s a.exe file was created that could call several at a time.

But why so many of them?

This goes back to vulnerability. If all of the file needed were called from one.exe file, what would happen if that exe crashed? The rest of the system would follow soon after. It was decided that the files needed would be grouped under.exe files in a logical way. For example you have a svchost for the desktop, one for networking, one for firewall etc. Under these will be the myriad of files needed to run each service.

See? Easy.

It is also possible to check to see what each one covers too. Open a CMD window and type tasklist/SVC.

You won’t see the most descriptive examples ever but you will get the idea. If you are a Vista user then you can find out a little more by right clicking a svchost process and this will highlight the affected services in the Services window.

The great thing about doing it this way is that you can see the real name under the Description column, so you can choose to disable the service if you don’t want it running. You can also double-click on a svchost.exe instance and select the Services tab, where you can choose to stop one of the services if you choose.

Now this doesn’t really help you if you want to disable these services. The only way to do it is to find out the dependencies of each svchost instance and disabling the services underneath it. This you do by checking each service manually in Task Manager or services.msc.

Ctfmon.exe

Here another service that until now seemed to defy identification. This is another service that magically reappears.

According to Microsoft;

‘Ctfmon.exe activates the Alternative User Input Text Input Processor (TIP) and the Microsoft Office Language Bar.’

Sounds to me like standard users of Windows and Office could do without it. Unless you need Arabic keys or use speech to text it just takes up resources. So I will now describe how we can disable this annoyance once and for all.

Quit all Office programs and navigate to the Control Panel. Double-click Add/Remove Programs and select your Office product, then Change. In the Maintenance Mode Options window, choose Add or Remove Features, and then Next expand the menu for Office Shared Features and select Not Available next to the Alternative User Input..

To remove Alternative User Input Services from Text Services go back to the Control Panel. Select Language, and Regional Options, and then the Languages tab, click Details. Choose Installed Services, select each item, and click Remove. All items must be removed with the exception of the one you are using. Depending on your locale you need to choose the liveliest one. In my instance I chose English United Kingdom.

Then run Regsvr32 /U on the Msimtf.dll and Msctf.dll Files

1. Click Start and then click Run.

2. In the Run dialog box, type the following command:

Regsvr32.exe /u msimtf.dll

3. Click OK.

4. Repeat steps 1 through 3 for the Msctf.dll file.

So that’s it. (Credit to Microsoft for that last bit) One more to go.

Jusched.exe

Even when you close the service, moments later its back again. No warnings, no ‘denied’ popups or annoying beeps. So a little digging on the net and an answer is at hand. Java! Jusched is the Java Update Scheduler. Well that’s okay then I hear you say. No sir! Say I.

This service runs all the time just so it can check for Java updates once every 30 days. Now this seems a little silly to me. Why couldn’t it just run once a month rather than all the time?

Luckily, and unlike svchost you can disable it via the Java control panel. Just uncheck the ‘Check for updates automatically’ box. It will warn you but it isn’t anything to worry about. You can manually check for Java updates if you have a mind to, or run it as a scheduled task as you would have thought it would have done in the first place…

So there you go. Mystery solved.

 

 

Scrubs & Squeeky at Blind services Party 1 of 8 – here is me (Scrubs) & my freind Squeeky at a blind Services party