Isolating a process within svchost

Hello,

I have a workstation that is semi-freezing each hour for about 2 minutes.   Today I have managed to observe the case with process explorer open and found a svchost with 5 services seems to be the cause.

How can I isloate which service is causing the high cpu usage?
How can I split these 5 services to 1 svchost = 1 service?

Screenshots attached!

Thanks
002590.png
002591.png
LVL 1
Chief AvocadoChief of Problem Avocado'sAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dhoppelCommented:
I don't think you can, but then I'm not really sure, but I did want to contribute that the Telephone service can usually be set to manual or disabled to no ill effect ( so long as you're not using a modem or some such). But at least that's one service you can eliminate as a potential problem.
0
jcimarronCommented:
pc-cyt--
The main Process Explorer window should have a CPU column showing which processes are using the most time.
As you mention there are more than one svchost.exe shown.  The svchost instances that are hosting other Services will have those other processes shown immediately below that svchost.  (Make sure View|"Show Process Tree" is being used.)  Their CPU use is also shown.  The svchost.exe instances not hosting other Services will not have other Services shown immediately below.
Or right click an instance of svchost.exe and choose Properties|Services tab to see what Services are being hosted.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Chief AvocadoChief of Problem Avocado'sAuthor Commented:
I've noticed that not all svchosts have a tree of processes beneath it, even though the services tab shows multiple running services.  In my case pid 1452 does have several services which did not show on the tree.

I have narrowed the offending service down stopping a service and waiting for ten past to come round.    I have found that 'DNS Client' is causing the issue.

After some googling, I checked my local 'hosts' file and found a 2MB long list.   If I delete the file and copy over a default win7 file, restart the service then the issue does now seem to be fixed.

The long hosts file is something i was playing with over two years, so not sure I've had an issue for two years or a recent update has caused the issue.

Thanks for your processer explorer help
000273.png
0
jcimarronCommented:
pc-cyt--
I understood you to say that restoring the HOSTS file to its original state (presumably blocking no websites) fixed the problem.  Good for you.
0
Chief AvocadoChief of Problem Avocado'sAuthor Commented:
The use of proccess explorer helped to identify the issue
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.