track down svc host high cpu usage

The last couple times I've booted my computer, svchost has been tying up the processor for at least half an hour before it dies down. I think it started with the previous batch of updates from last week (not the new ones earlier this week).
I can't how to narrow down things other than I noticed that the offending process in Task Manager is "svchost.exe" with a PID of 920.
Doing a "tasklist /svc" yields  the following,
svchost.exe                  920 AudioSrv, BITS, Browser, CryptSvc, Dhcp,    
                                 dmserver, ERSvc, EventSystem, helpsvc,      
                                 LanmanServer, lanmanworkstation, Netman,    
                                 Nla, RasMan, Schedule, seclogon, SENS,      
                                 SharedAccess, ShellHWDetection, srservice,  
                                 TapiSrv, Themes, TrkWks, W32Time, winmgmt,  
                                 wscsvc, wuauserv                            
but I can't recall how to narrow it down further or figure out how to fix it. I don't see any suspicious processes in task manager, and I've checked what each of them is with a Google search.
All these seem like important services. I'm running both Remote Desktop (terminal services) and telnetserver along with FTP server.being installed but not enabled until I need it.



all of tasklist /svc
Image Name                   PID Services                                    
========================= ====== =============================================
System Idle Process            0 N/A                                         
System                         4 N/A                                         
smss.exe                     456 N/A                                         
csrss.exe                    512 N/A                                         
winlogon.exe                 536 N/A                                         
services.exe                 580 Eventlog, PlugPlay                          
lsass.exe                    592 NtLmSsp, PolicyAgent, ProtectedStorage, SamSs
svchost.exe                  744 DcomLaunch, TermService                     
svchost.exe                  804 RpcSs                                       
MsMpEng.exe                  884 MsMpSvc                                     
svchost.exe                  920 AudioSrv, BITS, Browser, CryptSvc, Dhcp,    
                                 dmserver, ERSvc, EventSystem, helpsvc,      
                                 LanmanServer, lanmanworkstation, Netman,    
                                 Nla, RasMan, Schedule, seclogon, SENS,      
                                 SharedAccess, ShellHWDetection, srservice,  
                                 TapiSrv, Themes, TrkWks, W32Time, winmgmt,  
                                 wscsvc, wuauserv                            
svchost.exe                  976 Dnscache                                    
svchost.exe                 1080 Alerter, LmHosts, RemoteRegistry, SSDPSRV   
spoolsv.exe                 1204 Spooler                                     
svchost.exe                 1300 WebClient                                   
inetinfo.exe                1356 IISADMIN, SMTPSVC, W3SVC                    
tlntsvr.exe                 1428 TlntSvr                                     
wuauclt.exe                 1688 N/A                                         
alg.exe                      380 ALG                                         
csrss.exe                    416 N/A                                         
winlogon.exe                 800 N/A                                         
logonui.exe                 1140 N/A                                         
rdpclip.exe                 2064 N/A                                         
explorer.exe                2292 N/A                                         
msseces.exe                 2588 N/A                                         
wuauclt.exe                 2060 N/A                                         
taskmgr.exe                  340 N/A                                         
cmd.exe                     2356 N/A                                         
wmiprvse.exe                2352 N/A                                         
tasklist.exe                2364 N/A                                         

 

Question Info


Last updated June 20, 2018 Views 6,236 Applies to:

I'm having the same problem making my computer almost unuseable.

My overactive svchost is running the following:

svchost.exe                  560 AudioSrv, BITS, CryptSvc, Dhcp, ERSvc,      
                                 EventSystem, helpsvc, HidServ, lanmanserver,
                                 Netman, Nla, Schedule, SENS, SharedAccess,  
                                 ShellHWDetection, srservice, Themes, TrkWks,
                                 w32time, winmgmt, wscsvc, wuauserv, WZCSVC 

 

Should SharedAccess be disabled?

I can't update Microsoft security Essentials or run Windows Update in Internet Explorer. Both hang.

3 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

There is a way to narrow it down further.  Notice that all of these candidates are "services".  So log in as an administrator and bring up the "services" screen:

   Start -> Run -> "services.msc"

In this screen, you can locate the services that are listed in your "tasklist /svc" output.  When you find one, double-click on it.  You will then be able to "suspend" or "stop" the service.  Keep an eye on the CPU usage when you suspend or stop each task and if the CPU suddenly goes back to normal, you have found the problem service.  Note that unless you change the "startup type" box, any changes you make here can be undone simply by restarting your computer.

 

From my experience, the first service I would try is "winmgmt" which shows up as the service "Windows Management Instrumentation".  I have seen this take close to 100% CPU for long periods of time before settling down.

 

HTH,

  JW

 

5 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

It's wuauserv. Turning off autocratic updates fixes the problem, but it takes all night now to get a listing of updates the manual way (or with autocratic updates). 
Worse, XP Mode on my Windows 7 machine is doing it too, even when I tried it with a fresh virtual machine on a new account.

I believe it's Microsoft sabotaging XP so they can say "if your computer is running slow, you need to update to Windows 8 32-bit). XP isn't going to be supported much longer, so we're not going to bother fixing the problem.
Please don't tell me I don't want to do something without also providing the information requested.

3 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

My Windows7 virtual machine does this same thing.  Turn off PID 920 and everything else takes off running just fine.

Thank you Microsoft...again.

4 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

For the virtual machine, the only thing I can suggest is to try manually using Windows Update, and download all the updates manually. Then it should help with the problem.

Also then disable automatic updates, and then either disable Windows Update in services.msc, or disable it via an administrative (elevated) command line with IIRC

"sc config wuauserv start=disabled"

The problem seems to have fixed itself on my machine two years ago. Microsoft got their act together, so I can only guess that you have a lot of updates on the virtual machine to install.

Please don't tell me I don't want to do something without also providing the information requested.

2 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.