I Need To Make A Change With My IT Support! Call (225) 706-8414

Match running Windows Services to Processes and CPU Use

So, you want to figure out which services are consuming CPU. This happens often since so much software runs as a Windows Service.

Solution

It can be hard to figure out why svchost.exe is consuming a large amount of the CPU since the Task Manager doesn’t break down exactly what service is consuming the CPU. However, you can get this breakdown using the command-line “tasklist.exe” command.

Tasklist provides a listing of currently running processes:

C:> tasklist

Image Name                     PID Session Name        Session#    Mem Usage
========================= ======== ================ =========== ============
System Idle Process              0                                          0              28 K
System                                     4                                          0             256 K
smss.exe                             688                                          0             460 K
csrss.exe                              752                                          0        15,068 K
winlogon.exe                      792                                          0         11,752 K
services.exe                        852                                          0        74,632 K
lsass.exe                             872                                           0        16,560 K
svchost.exe                      1064                                           0          2,856 K
svchost.exe                       1136                                           0          3,852 K
svchost.exe                      1228                                           0          5,044 K

We can use the /SVC command-line option to get a mapping of processes to services:

C:> tasklist /SVC
Image Name                     PID Services
========================= ======== ============================================
System Idle Process            0 N/A
System                                   4 N/A
smss.exe                           688 N/A
csrss.exe                            752 N/A
winlogon.exe                    792 N/A
services.exe                      852 Eventlog, PlugPlay
lsass.exe                            872 Netlogon, PolicyAgent, ProtectedStorage,
SamSs
svchost.exe                     1064 DcomLaunch
svchost.exe                      1136 RpcSs
svchost.exe                     1228 Dhcp, Dnscache
svchost.exe                   1284 Alerter, LmHosts, W32Time
svchost.exe                   1296 AeLookupSvc, BITS, CryptSvc, dmserver,
EventSystem, helpsvc, lanmanserver,
lanmanworkstation, Netman, Nla, RasMan,
Schedule, seclogon, SENS,
ShellHWDetection,
TrkWks, winmgmt,
wuauserv, WZCSVC

Notice that we can now map actual services to each svchost.exe.

Now we just need to get the PID of the problem svchost.exe.

  1. Open Task Manager, right-click the Task Bar, click Task Manager
  2. Click the Processes tab
  3. Click View
  4. Click Select Columns..
  5. Select “PID (Process Identifier)”
  6. Click OK

At this point, you should be able to get the PID of the problem svchost.exe and use tasklist /SVC to determine which services are mapped to that process. You can then begin troubleshooting which service is causing the CPU load.

atkb#171

 

Concerned About Cyber Attacks?

CLICK HERE >

Want to Migrate to the Cloud?

CLICK HERE >
Office 365

Ready to Experience Microsoft Office 365?

Want the latest IT news directly in your inbox? Subscribe now!