Tuesday, October 13, 2009

Vista, svchost.exe and my CPU

Last week I started to have issues with my Vista Laptop. Until now Vista has been great with me, I never understood why people complained about it anyway. After each boot and login my cpu maxed out. Initially with taskmanager I was not able to see which process was eating my processor, so got the tool Process Explorer (Sysinternals ... now Microsoft) and watched what happened.

It seemed that the svchost.exe was eating all my cpu cycles. Hovering with the mouse on it showed the services which it involved.



There was definitely a service which was doing something terribly wrong. Right click - Properties and then the Threads tab showed me that the dnsrslvr.dll!Reg_DoRegisterAdapter+0x501 was the cause. After googling for this I found only 1 entry, which luckily was the entry which helped me.

Summary on how to resolve this is as follows:

There seems to be a network adapter definition in the registry which is incorrectly referenced. In order to find this you need to use the Process Monitor tool and filter on the registery changes only and you will see a lot of entries like:

RegOpenKey HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{0751F0D9-4F38-4FCB-8EA8-2E05F05FC711} SUCCESS Desired Access: Read

What you now need to do is to get the GUID of the adapter, in the example above it is:
0751F0D9-4F38-4FCB-8EA8-2E05F05FC711

and use the registry editor and navigate to the following path:

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{0751F0D9-4F38-4FCB-8EA8-2E05F05FC711}

and remove this entry. The moment I removed it from the registry, my issue was solved.

Note: If you are more careful it would be better to create a backup of your registry and/or create a restore point.

It seems that the adapter was an vmware adapter (I do have vmware installed), and for some reason it got corrupted. I didnt test vmware yet, so I dont know what the impact of this would be on vmware.

Probably another solution would be to uninstall vmware.

2 comments:

Anonymous said...

Awesome! Thanks for posting this. BTW, uninstalling VMWare did not work. However, once I removed the registry key all was well again. Saved me having to reformat.

Anonymous said...

Thanks

No one I found on the web had an answer to this perplexing problem.

Genius!

Chas Callaway