How can I determine what is murdering my CPU?

My system is periodically becoming very sluggish. Everything is hard to do when it gets like this, including typing. The mouse pointer is generally fairly responsive, but clicking is not. After a while (5 mins or so), it seems to return to normal.

The machine is quite new (Surface Book 2), as is the Windows 10 installation. It has a heap of free space on the SSD drive. I run only Windows Defender.

I've already run sfc /scannow to no avail:

I also ran chkdsk /r and it reported nothing (though it was unclear whether it would report problems if it found them).

Process Explorer shows an awful lot of red (kernel?) activity during these periods, but there doesn't appear to be any one process that is clearly a culprit. Here's a capture I took during one of the periods of poor performance:

What techniques/guides can I follow to get to the bottom of this problem? Specifically, how can I identify the root cause of the high kernel load?

me--

Posted 2019-01-22T09:28:10.933

Reputation: 235

run a malware scan with MalwareBytes anti Malware... Cake.Bakery.exe seems odd given the other things running on the machine. – Stese – 2019-01-22T10:30:54.070

Are you using Powershell DSC to install windows components? Perhaps using the xDismFeature from the Windows Powershell Desired State Configuration (DSC) Resource Kit? – Ben – 2019-01-22T11:25:19.540

Answers

First, check if you have Powershell Desired State Configuration using the xDismFeature plugin. This plugin is extremely slow and I have experienced exactly this issue due to that plugin. It's associated with high CPU and disk IO in the WinPrvSE process (the WMI host process). If it is xDismFeature, then you might mitigate it by running DSC less frequently, or by patching xDismFeature to reduce the disk usage.

https://github.com/PowerShell/xDismFeature/pull/15

Otherwise, read on:

TL;DR: it looks like you are running a lot of resource-hungry software.

As you can see Windows Defender is using 7% of cpu and so is WmiPrvSE. This generally indicates it's trying to do a malware scan or an auto-update. You should allow this to finish, then check for updates, and install any pending updates.

Next do a full malware scan with Windows Defender.

I can see that ShareX is using a lot of CPU and RAM. Consider using Microsoft Terminal Services/Remote desktop instead. You can also screenshot with the built-in tool using Win+Shift+S.

Finally, you are clearly hosting docker instances. This is not free either, and you can expect these to use RAM, IO, and CPU.

Ben

Posted 2019-01-22T09:28:10.933

Reputation: 1 406

I'm struggling to find any information on how I can check whether Powershell Desired State Configuration using DISM is enabled or not. I haven't explicitly enabled it, but maybe it comes out of the box? Any ideas how I can check? – me-- – 2019-01-30T03:29:25.420

@me-- Run Get-DscConfiguration from an elevated powershell session. – Ben – 2019-01-30T14:11:09.910

OK thanks: "Current configuration does not exist", so I guess it's not that then :) – me-- – 2019-01-30T23:44:48.357

Run it in safe mode and see if problem remains, if it doesn't you will know that it is an application problem if it does it is either windows or hardware problem.

woohoos

Posted 2019-01-22T09:28:10.933

Reputation: 1

You need to rule out where this is coming from, by doing it in steps.

Run a full malware scan with Malwarebytes Anti-Malware or similar.
Run a 3rd Party Anti-Virs scan, such as Trend House-Call.
Check Event viewer for errors during the 'slow' time' Check both System and Application logs.
Run under safe mode, as in WooHoos answer.
Ensure windows is fully up to date. It can be updating in the background.
Disable/Stop/Kill programs one by one to see if there is a specific process causing the issues.

One of these things should highlight/fix the issue.

Stese

Posted 2019-01-22T09:28:10.933

Reputation: 1 037