svchost.exe taking 25% cpu
Solution 1
Whenever anyone finds themselves in a situation like this, the first step is to stop each of the hosted services one-by-one, waiting a few moments between each, and checking to see if the usage drops. Once you have narrowed down the problem to the specific service, then you can do a web-search to find out if others have experienced the same problem.
In this instance, it was likely indeed the DNS service (Mikle did not indicate why he thinks it is not, and his assumption about the HAL is specious).
Of the services indicated, the only one that is known to cause a 100% CPU load is the DNS service. (The only references to a high CPU load in regards to the other services is with Vista+ where they are sharing the same svchost
instance as the DNS service. Sadly it often ends up going undiagnosed.[1][2]) That it would only have taken 25% of the CPU load makes sense because he said it was a four-core processor, so the DNS service was using 100% of the core it was using.
The problem occurs whenever the HOSTS
file grows “too large”; for some reason, whenever the HOSTS
file has too many entires, the DNS service goes into a tail-spin, starts pegging the CPU, and never recovers (no, leaving it a long time to eventually finish does not work because it never finishes, even after days).
What had likely happened in this case is that Mikle had downloaded and installed a large HOSTS
file like those available from some MSMVPs or had used SpyBot’s immunization function.
Unfortunately the only option in this case is to either strip the HOSTS
file down to only a few entries, or to disable the DNS service.
Note that once the DNS service flies off the handle, you will not likely be able to simply stop it like a normal service; you must actually kill the instance of svchost.exe
that is hosting it. This isn’t so bad in XP because it usually gets its own copy, but in 7, it shares a copy with a few other services (though nothing critical, so you can simply re-start the other services once you have disabled the DNS service).
Solution 2
I had this happening too; but it may or may not be what was happening to you. As you asked this ~5 years ago, this will more likely help others than the asker. I too have a large HOSTS file, and this can indeed cause the DNS service to be very busy just after boot; but this phenomenon will go away after the Internet is responding normally. With just over 171,000 entries, my Core I3-2100 becomes usable after 2-3 min. If it persists after that time, it probably is not that.
I did what the guy proffering the Process Explorer answered, and found the culprit. In my case, I have an ASUS mobo, and so I trustingly installed the Asus AI Suite II. It installs a file called "AsRoutineController.exe" which Process Explorer indicated was using 24-25% of the CPU, which is to say, virtually all of a single core. It seems related to the bar that starts the AI Suite applets. Stopping the AI Suite II from the System Tray caused it to stop. Restarting the AI Suite II app did NOT cause the problem to resume. Unfortunately, I have seen this happen on a fresh boot in the past, even after the 'Net begins responding normally. It thus seems that the only way to prevent it from sapping 25% of your processing power is to simply uninstall the AI Suite II, if that is what is causing it for you.
Solution 3
Start Process Explorer (also from Microsoft Sysinternals) as administrator.
Look at the Threads tab of the svchost.exe that is consuming too much,
you can get the Stack of a very busy Thread to see what it is doing or copy the Stack here.
Solution 4
It's the DNS Client doing it. Stop the service and it'll quit. (The service isn't required anyway. It purports to speed up DNS lookups but I haven't noticed a difference since I set it to Manual.)
Related videos on Youtube
Mikle
Updated on September 17, 2022Comments
-
Mikle almost 2 years
For some time now I have been noticing that one of my svchost.exe was constantly taking 25% cpu time on my 4 core, Win7 Ultimate PC. This particular service host is hosting:
- Cryptographic Services (CryptSvc)
- Dns Client (DnsCache)
- Network Location Awareness (NlaSvc)
- Workstation (Lanman Workstation)
I suspected a virus but Windows Essential is up to date and reports nothing, and Autoruns doesn't show anything unusual.
Thanks for the help!
As per request the stack of the thread taking up 25% cpu:
ntkrnlpa.exe!KeSetEvent+0x2a1 ntkrnlpa.exe!KeDelayExecutionThread+0x5cc ntkrnlpa.exe!KeWaitForMutexObject+0x393 ntkrnlpa.exe!KeQueryHighestNodeNumber+0x9fe halmacpi.dll!KfRaiseIrql+0xcb halmacpi.dll!KeRaiseIrqlToSynchLevel+0x8f halmacpi.dll!HalEndSystemInterrupt+0x67 halmacpi.dll!HalInitializeProcessor+0xae8 ncsi.dll!NcsiIdentifyUserSpecificProxies+0x3a47 ncsi.dll+0x31f0 ncsi.dll!NcsiIdentifyUserSpecificProxies+0x4c92 ncsi.dll+0x1e93 ncsi.dll+0x20a2 ncsi.dll+0x1808 ncsi.dll+0x2240 ntdll.dll!RtlIsCriticalSectionLockedByThread+0x474 kernel32.dll!BaseThreadInitThunk+0x12 ntdll.dll!RtlInitializeExceptionChain+0x63 ntdll.dll!RtlInitializeExceptionChain+0x36
Looks like a problem with some kind of interrupts problem in the HAL? I'll try updating all my drivers and report back.
-
Mikle almost 14 yearsI didn't think to check the stack and threads of the process, silly me :)
-
Mikle almost 14 yearsI updated the question, it's not the DNS client, but thanks for helping.
-
Synetech about 10 yearsIt does indeed sound like the DNS service, but it only happens if the
HOSTS
file is large and has many entries. Also, you cannot stop it once it has started pegging the CPU; you must kill the process. Then you must set it to disabled because simply killing it won’t help since it will immediately start the next time you do anything that requires looking up a domain name. And for the record, it definitely makes DNS lookups faster. Without it enabled, it takes ~3~7 seconds for any given web page to show up every time you start a new session. With it, they’ll show up in ~1 second. -
user5389726598465 almost 5 yearshow to kill the instance of svchost.exe? It restarts immediately in task manager
-
Synetech almost 5 yearsYou can't just kill the process; Windows will just assume it crashed and restart it. You need to disable the service.
-
user5389726598465 almost 5 yearsIt's greyed out (disabling the service)
-
Synetech almost 5 yearsThe DNS service won't let you disable it? 🤨 Where is it greyed out, the Task Manager or the Services snap-in? You need to run it with elevated privileges (run as admin). Another option is to do it through regedit, but that too needs to be run as admin.
-
user5389726598465 almost 5 yearsIn the services snap-in. Running as administrator did not enable the disable button. Where are instructions or how to do it through the registry? I can't use my main image until this is solved so I'm native booting a vhd which is slower.
-
Synetech almost 5 yearsRunning the services snap-in as admin won't let you disable the DNS service? 🤨 Hmm, that's very strange since it's not exactly a critical (or even necessary) service. I'm guessing this is Windows 10 right? Yet another reason I have no interest in 10. 😒
-
Synetech almost 5 yearsIf it is the DNS service, you can rename the
HOSTS
file so that it's not reading that and hanging. Otherwise, you can manually disable the DNS service by opening the registry in admin mode, and going toHKLM\SYSTEM\CurrentControlSet\services\Dnscache
, then changingStart
to4
(disabled). Reboot and it should no longer run. Of course, this also means you won't be caching IP addresses, so it might have a slight impact on Internet performance. (You can get around this with a third-party DNS program if necessary.)