Sysinternals Homepage
Forum Home Forum Home > Windows Discussions > Troubleshooting
  New Posts New Posts RSS Feed: dnsrslvr.dll consuming 50% of vista
  FAQ FAQ  Forum Search   Calendar   Register Register  Login Login

dnsrslvr.dll consuming 50% of vista
 Post Reply Post Reply Page  12>
Author
Message Reverse Sort Order
  Share Topic Share Topic  Topic Search Topic Search  Topic Options Topic Options
molotov View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 October 2006
Online Status: Offline
Posts: 17492 		Post Options Post Options   Quote molotov Quote  Post ReplyReply Direct Link To This Post Topic: dnsrslvr.dll consuming 50% of vista
    Posted: 27 August 2009 at 12:11pm
Hi svoy,

Tip: try to start/stop loging events in procmon by clicking CTRL+E, otherwise you will get too much events and out of memory even when you filter problematic TID.
If you capture to a backing file as oppose to the page file, or if you increase the size of the page file, you should not need to worry about this.  Another option may be to choose "Drop Filtered Events" to enable a destructive filter, once you've set the filter you wish to use to capture data.
Daily affirmation:
net helpmsg 4006
Back to Top
svoy View Drop Down
Newbie
Newbie


Joined: 27 August 2009
Location: CH
Online Status: Offline
Posts: 1 		Post Options Post Options   Quote svoy Quote  Post ReplyReply Direct Link To This Post Posted: 27 August 2009 at 11:59am
Thanx again, got same problem.
Tip: try to start/stop loging events in procmon by clicking CTRL+E, otherwise you will get too much events and out of memory even when you filter problematic TID.
Back to Top
kev1n View Drop Down
Newbie
Newbie


Joined: 30 January 2009
Online Status: Offline
Posts: 1 		Post Options Post Options   Quote kev1n Quote  Post ReplyReply Direct Link To This Post Posted: 30 January 2009 at 6:19pm
Thanks guys!  I was having the same problem and that did it for me also.
Back to Top
molotov View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 October 2006
Online Status: Offline
Posts: 17492 		Post Options Post Options   Quote molotov Quote  Post ReplyReply Direct Link To This Post Posted: 16 December 2008 at 11:39am
Excellent - good to hear, Chris! Smile
Daily affirmation:
net helpmsg 4006
Back to Top
csharpdev View Drop Down
Newbie
Newbie


Joined: 11 December 2008
Online Status: Offline
Posts: 7 		Post Options Post Options   Quote csharpdev Quote  Post ReplyReply Direct Link To This Post Posted: 16 December 2008 at 5:10am

Yes, that did the trick. CPU is back to normal and so far, nothing seems to be affected.

THANKS!
Back to Top
molotov View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 October 2006
Online Status: Offline
Posts: 17492 		Post Options Post Options   Quote molotov Quote  Post ReplyReply Direct Link To This Post Posted: 16 December 2008 at 2:46am
I am inclined to suggest making a backup and / or creating a restore point, and then removing [HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{0751F0D9-4F38-4FCB-8EA8-2E05F05FC711}] and rebooting.
Daily affirmation:
net helpmsg 4006
Back to Top
csharpdev View Drop Down
Newbie
Newbie


Joined: 11 December 2008
Online Status: Offline
Posts: 7 		Post Options Post Options   Quote csharpdev Quote  Post ReplyReply Direct Link To This Post Posted: 15 December 2008 at 4:33pm
There is no value for description.
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{0751F0D9-4F38-4FCB-8EA8-2E05F05FC711}
 
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess\Interfaces\3\InterfaceName\{0751F0D9-4F38-4FCB-8EA8-2E05F05FC711}
 
There are 17 other DNSRegisteredAdapters in that hive -
This one is the only one with different keys (The other 16 have keys that are consistent with each other)
 
also in ..CONTROLSET001\Services\Tcpip6\Parameters\Interfaces\{0751F0D9-4F38-4FCB-8EA8-2E05F05FC711}
 
 
These are all duplicated in ControlSet002 and 003 as well as Current
 
 
 
 
Back to Top
molotov View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 October 2006
Online Status: Offline
Posts: 17492 		Post Options Post Options   Quote molotov Quote  Post ReplyReply Direct Link To This Post Posted: 15 December 2008 at 4:29am
If you search the registry for 0751F0D9-4F38-4FCB-8EA8-2E05F05FC711, where else does it turn up?  In one of the numbers under [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards], what is the data of the Description value, where the ServiceName data matches the GUID 0751F0D9-4F38-4FCB-8EA8-2E05F05FC711?

How many other GUIDs appear as subkeys of [HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters]?
Daily affirmation:
net helpmsg 4006
Back to Top
csharpdev View Drop Down
Newbie
Newbie


Joined: 11 December 2008
Online Status: Offline
Posts: 7 		Post Options Post Options   Quote csharpdev Quote  Post ReplyReply Direct Link To This Post Posted: 15 December 2008 at 12:26am
You are correct! - repeat the following entries a few milllion times...
 
4:18:56.9401163 PM svchost.exe 1472 RegEnumKey HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters SUCCESS Index: 0, Name: {0751F0D9-4F38-4FCB-8EA8-2E05F05FC711}
4:18:56.9401281 PM svchost.exe 1472 RegOpenKey HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{0751F0D9-4F38-4FCB-8EA8-2E05F05FC711} SUCCESS Desired Access: Read
4:18:56.9401436 PM svchost.exe 1472 RegOpenKey HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{0751F0D9-4F38-4FCB-8EA8-2E05F05FC711} SUCCESS Desired Access: Read
4:18:56.9401592 PM svchost.exe 1472 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{0751F0D9-4F38-4FCB-8EA8-2E05F05FC711}\StaleAdapter SUCCESS Type: REG_DWORD, Length: 4, Data: 0
4:18:56.9401712 PM svchost.exe 1472 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{0751F0D9-4F38-4FCB-8EA8-2E05F05FC711}\StaleAdapter SUCCESS Type: REG_DWORD, Length: 4, Data: 0
4:18:56.9401834 PM svchost.exe 1472 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{0751F0D9-4F38-4FCB-8EA8-2E05F05FC711}\RegisteredSinceBoot SUCCESS Type: REG_DWORD, Length: 4, Data: 0
4:18:56.9401952 PM svchost.exe 1472 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{0751F0D9-4F38-4FCB-8EA8-2E05F05FC711}\RegisteredSinceBoot SUCCESS Type: REG_DWORD, Length: 4, Data: 0
4:18:56.9402073 PM svchost.exe 1472 RegQueryValue HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{0751F0D9-4F38-4FCB-8EA8-2E05F05FC711}\Flags NAME NOT FOUND Length: 144
4:18:56.9402192 PM svchost.exe 1472 RegCloseKey HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{0751F0D9-4F38-4FCB-8EA8-2E05F05FC711} SUCCESS 
4:18:56.9402307 PM svchost.exe 1472 RegCloseKey HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters\{0751F0D9-4F38-4FCB-8EA8-2E05F05FC711} SUCCESS 
Back to Top
molotov View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 October 2006
Online Status: Offline
Posts: 17492 		Post Options Post Options   Quote molotov Quote  Post ReplyReply Direct Link To This Post Posted: 14 December 2008 at 3:19pm
(Side note: Process Explorer 11.31 has a workaround for the extra characters that show up in the stack frames.)

The stack indicates a registry operation (which might indicate excessive registry activity). Identify the Thread ID (TID) in Process Explorer, and then run Process Monitor (configure symbols the same way you did with Process Explorer).  Set the filter to TID is <previously noted TID> then Include, and note the registry activity associated with that thread.
Daily affirmation:
net helpmsg 4006
Back to Top
 Post Reply Post Reply Page  12>

Forum Jump Forum Permissions View Drop Down