svchost.exe taking 25% cpu

windows-7 cpu-usage svchost
15,860

Solution 1

Whenever anyone finds themselves in a situation like this, the first step is to stop each of the hosted services one-by-one, waiting a few moments between each, and checking to see if the usage drops. Once you have narrowed down the problem to the specific service, then you can do a web-search to find out if others have experienced the same problem.

In this instance, it was likely indeed the DNS service (Mikle did not indicate why he thinks it is not, and his assumption about the HAL is specious).

Of the services indicated, the only one that is known to cause a 100% CPU load is the DNS service. (The only references to a high CPU load in regards to the other services is with Vista+ where they are sharing the same svchost instance as the DNS service. Sadly it often ends up going undiagnosed.[1][2]) That it would only have taken 25% of the CPU load makes sense because he said it was a four-core processor, so the DNS service was using 100% of the core it was using.

The problem occurs whenever the HOSTS file grows “too large”; for some reason, whenever the HOSTS file has too many entires, the DNS service goes into a tail-spin, starts pegging the CPU, and never recovers (no, leaving it a long time to eventually finish does not work because it never finishes, even after days).

What had likely happened in this case is that Mikle had downloaded and installed a large HOSTS file like those available from some MSMVPs or had used SpyBot’s immunization function.

Unfortunately the only option in this case is to either strip the HOSTS file down to only a few entries, or to disable the DNS service.

Note that once the DNS service flies off the handle, you will not likely be able to simply stop it like a normal service; you must actually kill the instance of svchost.exe that is hosting it. This isn’t so bad in XP because it usually gets its own copy, but in 7, it shares a copy with a few other services (though nothing critical, so you can simply re-start the other services once you have disabled the DNS service).

Solution 2

I had this happening too; but it may or may not be what was happening to you. As you asked this ~5 years ago, this will more likely help others than the asker. I too have a large HOSTS file, and this can indeed cause the DNS service to be very busy just after boot; but this phenomenon will go away after the Internet is responding normally. With just over 171,000 entries, my Core I3-2100 becomes usable after 2-3 min. If it persists after that time, it probably is not that.

I did what the guy proffering the Process Explorer answered, and found the culprit. In my case, I have an ASUS mobo, and so I trustingly installed the Asus AI Suite II. It installs a file called "AsRoutineController.exe" which Process Explorer indicated was using 24-25% of the CPU, which is to say, virtually all of a single core. It seems related to the bar that starts the AI Suite applets. Stopping the AI Suite II from the System Tray caused it to stop. Restarting the AI Suite II app did NOT cause the problem to resume. Unfortunately, I have seen this happen on a fresh boot in the past, even after the 'Net begins responding normally. It thus seems that the only way to prevent it from sapping 25% of your processing power is to simply uninstall the AI Suite II, if that is what is causing it for you.

Solution 3

Start Process Explorer (also from Microsoft Sysinternals) as administrator.

Look at the Threads tab of the svchost.exe that is consuming too much,
you can get the Stack of a very busy Thread to see what it is doing or copy the Stack here.

Solution 4

It's the DNS Client doing it. Stop the service and it'll quit. (The service isn't required anyway. It purports to speed up DNS lookups but I haven't noticed a difference since I set it to Manual.)

Share:
15,860

Related videos on Youtube

Mikle
Author by

Mikle

Updated on September 17, 2022

Comments

  • Mikle
    Mikle almost 2 years

    For some time now I have been noticing that one of my svchost.exe was constantly taking 25% cpu time on my 4 core, Win7 Ultimate PC. This particular service host is hosting:

    1. Cryptographic Services (CryptSvc)
    2. Dns Client (DnsCache)
    3. Network Location Awareness (NlaSvc)
    4. Workstation (Lanman Workstation)

    I suspected a virus but Windows Essential is up to date and reports nothing, and Autoruns doesn't show anything unusual.

    Thanks for the help!

    As per request the stack of the thread taking up 25% cpu:

    ntkrnlpa.exe!KeSetEvent+0x2a1
ntkrnlpa.exe!KeDelayExecutionThread+0x5cc
ntkrnlpa.exe!KeWaitForMutexObject+0x393
ntkrnlpa.exe!KeQueryHighestNodeNumber+0x9fe
halmacpi.dll!KfRaiseIrql+0xcb
halmacpi.dll!KeRaiseIrqlToSynchLevel+0x8f
halmacpi.dll!HalEndSystemInterrupt+0x67
halmacpi.dll!HalInitializeProcessor+0xae8
ncsi.dll!NcsiIdentifyUserSpecificProxies+0x3a47
ncsi.dll+0x31f0
ncsi.dll!NcsiIdentifyUserSpecificProxies+0x4c92
ncsi.dll+0x1e93
ncsi.dll+0x20a2
ncsi.dll+0x1808
ncsi.dll+0x2240
ntdll.dll!RtlIsCriticalSectionLockedByThread+0x474
kernel32.dll!BaseThreadInitThunk+0x12
ntdll.dll!RtlInitializeExceptionChain+0x63
ntdll.dll!RtlInitializeExceptionChain+0x36

    Looks like a problem with some kind of interrupts problem in the HAL? I'll try updating all my drivers and report back.

  • Mikle
    Mikle almost 14 years
    I didn't think to check the stack and threads of the process, silly me :)
  • Mikle
    Mikle almost 14 years
    I updated the question, it's not the DNS client, but thanks for helping.
  • Synetech
    Synetech about 10 years
    It does indeed sound like the DNS service, but it only happens if the HOSTS file is large and has many entries. Also, you cannot stop it once it has started pegging the CPU; you must kill the process. Then you must set it to disabled because simply killing it won’t help since it will immediately start the next time you do anything that requires looking up a domain name. And for the record, it definitely makes DNS lookups faster. Without it enabled, it takes ~3~7 seconds for any given web page to show up every time you start a new session. With it, they’ll show up in ~1 second.
  • user5389726598465
    user5389726598465 almost 5 years
    how to kill the instance of svchost.exe? It restarts immediately in task manager
  • Synetech
    Synetech almost 5 years
    You can't just kill the process; Windows will just assume it crashed and restart it. You need to disable the service.
  • user5389726598465
    user5389726598465 almost 5 years
    It's greyed out (disabling the service)
  • Synetech
    Synetech almost 5 years
    The DNS service won't let you disable it? 🤨 Where is it greyed out, the Task Manager or the Services snap-in? You need to run it with elevated privileges (run as admin). Another option is to do it through regedit, but that too needs to be run as admin.
  • user5389726598465
    user5389726598465 almost 5 years
    In the services snap-in. Running as administrator did not enable the disable button. Where are instructions or how to do it through the registry? I can't use my main image until this is solved so I'm native booting a vhd which is slower.
  • Synetech
    Synetech almost 5 years
    Running the services snap-in as admin won't let you disable the DNS service? 🤨 Hmm, that's very strange since it's not exactly a critical (or even necessary) service. I'm guessing this is Windows 10 right? Yet another reason I have no interest in 10. 😒
  • Synetech
    Synetech almost 5 years
    If it is the DNS service, you can rename the HOSTS file so that it's not reading that and hanging. Otherwise, you can manually disable the DNS service by opening the registry in admin mode, and going to HKLM\SYSTEM\CurrentControlSet\services\Dnscache, then changing Start to 4 (disabled). Reboot and it should no longer run. Of course, this also means you won't be caching IP addresses, so it might have a slight impact on Internet performance. (You can get around this with a third-party DNS program if necessary.)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

High CPU usage by 'svchost.exe' and 'coreServiceShell.exe'
How do I troubleshoot high 'svchost.exe' usage in Windows 7?
svchost.exe using lots of memory slowing my PC down
How to terminate System Idle Process?
Why is svchost.exe(netsvcs) taking so much RAM?
The `System` process has a high CPU usage. ntoskrnl.exe!KeReleaseInStackQueuedSpinLock+0x1e0 is the culprit. How to fix it?
taskhost.exe uses a lot of CPU and does not quit
Service Host (SVC.exe) using 10-20% of CPU
High Disk Usage (PC keeps freezzing)
Program that logs the CPU usage in Windows 7