Most of the times the high utilization of "System" process can be caused by
device drivers and you can use these to find out which driver is causing the
problem.
But first disconnect the network cable. If the CPU utilization decreases,
there could be a network hardware problem.
If network hardware has been ruled out, you can track down the thread ID and
the
load address of that thread using perfmon, pviewer, and pstat. You can then
determine if a driver is causing the high CPU time:
The following must be done in REAL TIME. You cannot do this with a perfmon
log.
1. Start performance monitor and make sure you are in chart view (realtime).
2. Hit the plus sign, select the thread object, and counter % processor time.
3. Under instance, add all of the system threads to the chart.
4. Look for the thread that is taking all of the CPU time and note the
instance
number (thread ID).
5. Once you find the thread, get the instance number from the bottom of
perfmon
where it displays the counter.
6. Start pviewer.exe, this is from the resource kit.
7. In pviewer, under process, select the system process. Find the thread ID
that matches the instance number from perfmon under Threads.
8. Get the start address under thread information.
9. Run pstat.exe with the command pstat > pstat.txt. Look at the bottom of
the
pstat.txt, match up Load Addr with the start address you found from pviewer.
If you can't find it just search the whole file for the start address. If
you
get a match, this is the driver that is causing the problem. You will need
to
find out what that driver is and either replace, upgrade or disable it.
If you do not get an exact match, then look for the closest driver match
within the
address range that you determined in the previous steps.
And if possible try disabling antivirus and than monitor it for some time.
