Add memory columns to taskmgr as necessary to see what is going on. Get the PID from taskmgr that is consuming your resources.
Run something along the lines of tasklist /svc /FO csv |findstr /i svchost.exe Find said svchost PID in the output and look at the services that are running in it. Of course there are the more elegant tools ASB mentioned but the vast majority of the time I can deduce what service is hogging a system in a few seconds simply by doing that without any additional software. From: Richard Stovall [mailto:[email protected]] Sent: Wednesday, July 28, 2010 3:05 AM To: NT System Admin Issues Subject: Re: SVCHOST grabbing CPU time, leaking memory and hanging PC You've got a lot going on here. My suggestion? Backup your important data, nuke and repave. On Wed, Jul 28, 2010 at 5:53 AM, Richard Daawes <[email protected]> wrote: Thanks for the input Ken, there are four copies of svchost.exe on my PC, identical in size but different time stamps, see list derived from attrib and dir in CLI. I used the one in the dllcache folder to replace the system32 copy. BTW tried the others and same result, also system restore fails because that doesn't replace svchost.exe C:\>attrib svchost.exe /s C:\WINDOWS\$NtServicePackUninstall$\svchost.exe C:\WINDOWS\ServicePackFiles\i386\svchost.exe A C:\WINDOWS\system32\dllcache\svchost.exe A C:\WINDOWS\system32\SVCHOST.EXE C:\>dir svchost.exe /s Volume in drive C is PC_No_1. Volume Serial Number is 6458-9F33 Directory of C:\WINDOWS\$NtServicePackUninstall$ 04/08/2004 01:56 14,336 svchost.exe 1 File(s) 14,336 bytes Directory of C:\WINDOWS\ServicePackFiles\i386 14/04/2008 01:12 14,336 svchost.exe 1 File(s) 14,336 bytes Directory of C:\WINDOWS\system32 16/07/2010 18:34 14,336 SVCHOST.EXE 1 File(s) 14,336 bytes Directory of C:\WINDOWS\system32\dllcache 19/03/2009 20:07 14,336 svchost.exe 1 File(s) 14,336 bytes Total Files Listed: 4 File(s) 57,344 bytes 0 Dir(s) 216,816,939,008 bytes free This is going off on a big tangent and members please accept my apologies but I have to respond to your "huh!", plenty of MSDOS apps were designed allowing user info to be embeded in executables or libraries; DBase 2 and 3, Paradox and Flexiguard (boot controlling app) immediately come to mind. Serial numbers, owner ID, custom logos etc could be incorporated. The original file would stay the same size but its time stamp changed. A suitable block of blanks is replaced with meaningful data. As an example at the uni I worked for Norton 2 replaced core commands in COMMAND.COM like copy, del, md or rd with our secret equivalents to thwart mischievous students and irresponsible staff; as long as replacement commands were the same length as originals, MSDOS didn't wimp about it. Regarding Firefox not playing vids, Youtube has a white screen for movie to play and no prompts, Flixy has a black screen for movie to play and states I need to upgrade flash plugins etc - which of course makes no discernable change. Richard ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
