Why is svchost.exe consuming all my CPU / disk?

If you’ve ever opened your task manager to see what is running on your machine you’ve likely wondered why svchost is running, why it’s running more than once, and why some take much more CPU than others.

Well the quick answer to your question is svchost is really not the process being run. svchost is what windows uses to run what are known as “Windows Services”. To view the Windows Services that are installed on your computer go here:
Control Panel->Administrative Tools->Services

Every service listed in Windows Services will spawn a svchost process when it runs. So in order to know why a particular svchost process is eating your computer you’ll need to track down which Windows Service it is. Thankfully there is a command line tool that makes this pretty easy. In Task Manager take note of the Process Id (PID) of the svchost in question. Then run this from the command line:
tasklist /fi “pid eq XXX” /svc
Where XXX is equal to the PID you took note of from Task Manger.

If you remembered the /svc switch you will see all the services your process depends on. If you’re having issues with non responsiveness it’s these service(s) that need to be dealt with.

Better yet, if you have Windows Vista or newer, in Task Manager right click the process in question and select “Go to service(s)”. This will show you a list of all the services running under that instance of svchost.

This site has pretty good detail on this topic: http://www.howtogeek.com/howto/windows-vista/what-is-svchostexe-and-why-is-it-running/

Happy process hunting!

  1. Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: