How to get a service name from a process ID?

[prell]

Services seem to run under services.exe -- A service always just looks like "services.exe" in the process list. Is there any way (any program, etc.) I can see which process is actually being executed?

My issue is that I have a service seemingly scanning my entire hard drive, and I have System Restore turned off, so I can't guess what it is.

[+BudMan MVC]

where did you get the idea that services all run under services.exe?? Thats not true..

Anyway - what your looking for is tasklist

/SVC Displays services in each process.

tasklist /svc

example...
Image Name				   PID Services
========================= ====== =============================================
System Idle Process			0 N/A
System						 4 N/A
smss.exe					1012 N/A
csrss.exe				   1060 N/A
winlogon.exe				1084 N/A
services.exe				1128 Eventlog, PlugPlay
lsass.exe				   1140 ProtectedStorage, SamSs
svchost.exe				 1300 DcomLaunch, TermService
svchost.exe				 1460 RpcSs
svchost.exe				 1544 AudioSrv, CryptSvc, EventSystem, helpsvc,
								 HidServ, lanmanserver, lanmanworkstation,
								 Netman, Nla, seclogon, SENS,
								 ShellHWDetection, Themes, winmgmt, wuauserv
svchost.exe				 1588 Dnscache
svchost.exe				 1604 LmHosts, RemoteRegistry
spoolsv.exe				 1832 Spooler
agent.exe					204 AcronisAgent
schedul2.exe				 216 AcrSch2Svc
DkService.exe				304 Diskeeper
FrameworkService.exe		 352 McAfeeFramework
Mcshield.exe				 388 McShield
naPrdMgr.exe				 440 N/A

[prell]

Ahhh! Thank you, BudMan!

(I have to admit I just went on intuition about all services being run under services.exe).

Okay so now I've determined the culprit: Eventlog (or PlugPlay). What would either of those services need to scan my hard drive for? In filemon I see a bunch of things like this:

8:33:54 AM	services.exe:964	READ 	C:\WINDOWS\system32\config\SYSTEM		Offset: 184320 Length: 4096	
8:33:54 AM	services.exe:964	QUERY INFORMATION	C:\WINDOWS\Help\iisHelp\iis\htm\asp\comp4dk5.htm	SUCCESS	FileNameInformation	
8:33:54 AM	services.exe:964	CLOSE	C:\WINDOWS\Help\iisHelp\iis\htm\asp\comp4d2o.htm	SUCCESS		
8:33:54 AM	services.exe:964	QUERY INFORMATION	C:\WINDOWS\Help\iisHelp\iis\htm\asp\comp4dk5.htm	SUCCESS	FileBasicInformation	
8:33:54 AM	services.exe:964	QUERY SECURITY	C:\WINDOWS\Help\iisHelp\iis\htm\asp\comp4dk5.htm	BUFFER OVERFLOW		
8:33:54 AM	services.exe:964	QUERY SECURITY	C:\WINDOWS\Help\iisHelp\iis\htm\asp\comp4dk5.htm	SUCCESS		
8:33:54 AM	services.exe:964	DIRECTORY	C:\WINDOWS\Help\iisHelp\iis\htm\asp	SUCCESS	FileNamesInformation	
8:33:54 AM	services.exe:964	OPEN	C:\WINDOWS\Help\iisHelp\iis\htm\asp\comp4ng2.htm	SUCCESS	Options: Open  Access: All	
8:33:54 AM	services.exe:964	QUERY INFORMATION	C:\WINDOWS\Help\iisHelp\iis\htm\asp\comp4ng2.htm	SUCCESS	FileNameInformation	

This is done for files all over my hdd. Any idea what this is all about?

[+BudMan MVC]

Ahhh! Thank you, BudMan!

This is done for files all over my hdd. Any idea what this is all about?

Off the top I can not think why either of those would be accessing files?? I do not see my services.exe access files all over.. the eventlog sure, but not files from all over the drive..

If I had to guess I would guess some type of infection? Are you running any type of indexing software.. are you running a virus scan?

Could it have something to do with logging of people accessing websites? Your examples were IIS related..