How to diagnose abnormal CPU usage by svchost.exe? [duplicate]

windows cpu-usage services windows-7

Solution 1:

As an instance of svchost.exe hosts multiple system services, here is how to separate the services, each to his own instance of svchost.exe, so as to find out which service consumes the CPU.

The procedure is as follows :

  1. Use Task Manager to show all processes sorted by CPU descending and mark the PID of the processes that consume the CPU

  2. In a Command Prompt (cmd) enter the command
    Tasklist /svc /fi "IMAGENAME eq svchost.exe"
    enter image description here

  3. The problematic instances of svchost.exe can now be located by their PID and on the right you will find a list of the system services that they host

  4. For each of the names in the list enter the following command in a Command Prompt (cmd) that is Run as administrator:
    sc config <name> type= own
    (Note the space between the ‘=’ and ‘own’)

  5. Reboot

The system services that you separated will now each run in its own instance of svchost.exe and can be seen in Task Manager in the Processes tab. You may right-click on an instance and select "Go to Service(s)" to go directly to the service, or use again the tasklist command.

For more information see the Microsoft article
Getting Started with SVCHOST.EXE Troubleshooting.

Solution 2:

Process Explorer makes this easy. I have confirmed this works with Process Explorer v16.20 on 64-bit Windows 7 Professional and 64-bit Windows 10 Pro.

  1. Run Process Explorer elevated.
  2. Locate an svchost.exe process with a high (or even just measureable/non-blank) value in the CPU column. Sorting by the Process or CPU column may assist with this.
  3. Right-click the svchost.exe process and select Properties....
  4. In the process properties window, select the Threads tab. All of the threads in this process will be displayed.
  5. Locate a thread with a high (or, again, just measurable/non-blank) value in the CPU column. Sorting by the CPU column may assist with this.Process Explorer process Threads tab
  6. The Service column will show the name of the service in which that thread is running.

If the service name is not familiar to you...

  1. In the process properties window, select the Services tab. All of the services that run in this process will be displayed.
  2. Match the Service column on the Services tab to the value of the Service column on the Threads tab you located in step 6.Process Explorer process Services tab
  3. The Display Name column will display the friendly name of the service. The description of the selected service will appear below the list of services.

Solution 3:

You can use Task Manager. There are other ways (command line, or even write some program using WinAPI), but I won't discuss them here. Before going any further, your user should have administrative privileges.

On the Processes tab:

  • Check Show processes from all users.
  • Right click on the processes "table header" (that contains column names like Image name, PID, User Name, CPU, ...), and select Select Columns....
    • On the dialog that pops-up, scroll down and make sure you check Command line, and PID (Process Identifier) then press OK.

  • Back to the Processes tab, click on CPU column header so that the processes will be ordered by their CPU consumption (note that the processes might be displayed in ascending/descending order - each click on CPU switches the orders), click until the 2 processes appear at the top of the table. Now you''re able to see their command line (I don't know but I have a feeling that one of them is netsvcs (Network Services)) and also their PIDs.

  • Next, you need to match the 2 processes to the services. For that you can either:

    • Right click on them and then Go to service(s).... This will move to the Services tab, having all the service running in that process selected (for this option you don't need any of the previous steps :) ).
    • Open the Services snapin in mmc. When double clikc-ing on a service (only makes sense to check the ones that are running), Under Path to executable you can see their command line that you should do the match on.
  • On W10 you can view the exact info you need from Resource Monitor (you can start it from Task Manager, Performance tab). There you go to CPU tab and the services and their CPU consumption are listed.

EDIT0: Updated answer to provide a simpler (and making way more sense) approach, instead of scratching my right head side using my left hand style one, that I initially posted.

Related

Running virtual linux using qemu on windows
Highest compression for files(for web transfer)?
VMware Workstation Bridged Network Host UnReachable
CPU Constantly at 100% In Task Manager, But Not in Process Explorer
Undo the Linux trash command
How to use command line whois for "spam infected" domains like apple.com?
Adjust PDF Contrast with Adobe Reader/Acrobat?
Excluding grep from process list
How can I take screenshots of YouTube videos in full screen?
Create a PDF from PowerPoint with animations
How to search for bookmark folders in Firefox
Remove embedded subtitles from an .mkv file?