svhost.exe memory leek

Question

svhost.exe memory leek

Anonymous

teh spec :

win7 ultimate x64

4gb of ram ddr3

quadcore intel I5

nvidia GTS450

Asrock h55m-le motherboard

svhost.exe is using to much of my ram in some cases it consume over 1gb of ram.

this is from proces sexplorer data:

Process CPU Private Bytes Working SetPID Description Company Name

System Idle Process 96.39 0 K 24 K0

System 0.09 444 K 3,372 K4

Interrupts 0.45 0 K 0 K n/a Hardware Interrupts and DPCs

smss.exe 536 K 1,220 K 300Windows Session Manager Microsoft Corporation

avgrsa.exe 0.01 50,988 K 752 K396 AVG Resident Shield Service AVG Technologies CZ, s.r.o.

avgcsrva.exe 0.01 62,456 K 508 K448 AVG Scanning Core Module - Server Part AVG Technologies CZ, s.r.o.

csrss.exe < 0.01 2,444 K 6,348 K716 Client Server Runtime Process Microsoft Corporation

wininit.exe 1,740 K 4,912 K 776Windows Start-Up Application Microsoft Corporation

services.exe 5,940 K 10,008 K 900 Services and Controller app Microsoft Corporation

svchost.exe 4,856 K 9,624 K 1012Host Process for Windows Services Microsoft Corporation

WmiPrvSE.exe 2,968 K 6,460 K 236 WMI Provider Host Microsoft Corporation

dllhost.exe 2,816 K 7,328 K 3880 COM Surrogate Microsoft Corporation

nvSCPAPISvr.exe 2,952 K 6,496 K 176 Stereo Vision Control Panel API Server NVIDIA Corporation

nvvsvc.exe 2,996 K 7,640 K 392NVIDIA Driver Helper Service, Version 310.90 NVIDIA Corporation

nvxdsync.exe 8,176 K 17,896 K 1540 NVIDIA User Experience Driver Component NVIDIA Corporation

nvtray.exe 6,148 K 12,496 K 3264 NVIDIA Settings NVIDIA Corporation

nvvsvc.exe < 0.01 5,700 K 11,900 K1556 NVIDIA Driver Helper Service, Version 310.90 NVIDIA Corporation

svchost.exe 4,716 K 8,648 K 792Host Process for Windows Services Microsoft Corporation

svchost.exe 29,064 K 28,584 K 1084 Host Process for Windows Services Microsoft Corporation

audiodg.exe 19,940 K 20,676 K 6064 Windows Audio Device Graph Isolation Microsoft Corporation

svchost.exe 0.09 110,740 K 178,572 K1116 Host Process for Windows Services Microsoft Corporation

dwm.exe 1,820 K 5,468 K 3340Desktop Window Manager Microsoft Corporation

svchost.exe < 0.01 18,148 K 31,292 K1144 Host Process for Windows Services Microsoft Corporation

taskeng.exe 2,012 K 5,420 K 3396 Task Scheduler Engine Microsoft Corporation

RtkDashClient.exe 2,140 K 764 K 3468 Realtek Dash Client Tool Realtek Semiconductor Corporation

CTAudSvc.exe 1,332 K 4,376 K 1260 Creative Audio Service Creative Technology Ltd

svchost.exe 2,532 K 5,716 K 1288Host Process for Windows Services Microsoft Corporation

svchost.exe < 0.01 9,852 K 16,992 K1324 Host Process for Windows Services Microsoft Corporation

svchost.exe < 0.01 14,780 K 16,580 K1448 Host Process for Windows Services Microsoft Corporation

spoolsv.exe 23,280 K 36,052 K 1652 Spooler SubSystem App Microsoft Corporation

svchost.exe 13,264 K 16,644 K 1728 Host Process for Windows Services Microsoft Corporation

NetworkLicenseServer.exe < 0.01 5,652 K9,340 K 1940 ABBYY network license server ABBYY

armsvc.exe 1,208 K 3,920 K 1960Adobe Acrobat Update Service Adobe Systems Incorporated

ADCDLicSvc.exe < 0.01 1,204 K 3,180 K 1984 System Level Service Utility Autodata Limited

avgidsagent.exe < 0.01 24,796 K 13,256 K 1440 AVG Identity Protection Service AVG Technologies CZ, s.r.o.

avgwdsvc.exe 0.01 8,984 K 18,912 K1900 AVG Watchdog Service AVG Technologies CZ, s.r.o.

avgnsa.exe 6,376 K 336 K 2736AVG Online Shield Service AVG Technologies CZ, s.r.o.

avgemca.exe 3,524 K 8,456 K 2744 AVG E-mail Scanner AVG Technologies CZ, s.r.o.

E_S50STB.EXE 1,608 K 3,948 K 2080 EPSON Status Monitor 3 SEIKO EPSON CORPORATION

E_S50RPB.EXE 1,484 K 3,484 K 2112 EPSON Status Monitor 3 SEIKO EPSON CORPORATION

PnkBstrA.exe < 0.01 1,424 K 4,476 K2164

rndlresolversvc.exe 1,124 K 3,904 K 2196

svchost.exe 2,264 K 6,456 K 2244Host Process for Windows Services Microsoft Corporation

TeamViewer_Service.exe < 0.01 6,384 K13,868 K 2272 TeamViewer 8 TeamViewer GmbH

WLIDSVC.EXE < 0.01 8,244 K 15,680 K2332 Microsoft® Windows Live ID Service Microsoft Corp.

WLIDSVCM.EXE 1,520 K 3,496 K 2484 Microsoft® Windows Live ID Service Monitor Microsoft Corp.

svchost.exe 3,164 K 6,800 K 3088Host Process for Windows Services Microsoft Corporation

taskhost.exe < 0.01 8,456 K 10,084 K3284 Host Process for Windows Tasks Microsoft Corporation

svchost.exe 4,104 K 8,940 K 3628Host Process for Windows Services Microsoft Corporation

XMBLicensing.exe 1,212 K 3,192 K 1968 System Level Service Utility Creative Labs

SearchIndexer.exe < 0.01 39,968 K 36,764 K 4652 Microsoft Windows Search Indexer Microsoft Corporation

SearchProtocolHost.exe < 0.01 2,660 K8,076 K 5096 Microsoft Windows Search Protocol HostMicrosoft Corporation

SearchFilterHost.exe 2,576 K 6,264 K2660 Microsoft Windows Search Filter Host Microsoft Corporation

svchost.exe < 0.01 8,656 K 46,484 K4752 Host Process for Windows Services Microsoft Corporation

wmpnetwk.exe < 0.01 14,464 K 11,224 K 5048 Windows Media Player Network Sharing ServiceMicrosoft Corporation

svchost.exe < 0.01 12,548 K 15,704 K4812 Host Process for Windows Services Microsoft Corporation

NASvc.exe 2,024 K 5,736 K 708NeroUpdate Nero AG

daemonu.exe < 0.01 2,992 K 8,152 K2352 NVIDIA Settings Update Manager NVIDIA Corporation

lsass.exe 6,312 K 14,404 K 908Local Security Authority Process Microsoft Corporation

lsm.exe 2,632 K 4,424 K 916Local Session Manager Service Microsoft Corporation

csrss.exe 0.39 28,572 K 22,936 K800 Client Server Runtime Process Microsoft Corporation

winlogon.exe 3,320 K 7,764 K 860Windows Logon Application Microsoft Corporation

explorer.exe 0.03 65,420 K 81,600 K3384 Windows Explorer Microsoft Corporation

rundll32.exe 6,028 K 5,224 K 4016Windows host process (Rundll32) Microsoft Corporation

SaiVolume.exe 5,996 K 5,036 K 4028 Saitek Volume Monitor Saitek

ProfilerU.exe 0.01 2,704 K 6,372 K4060 Saitek SST Profile Launcher Saitek

SaiMfd.exe 1,680 K 4,308 K 4080Saitek MFD File System Driver Saitek

itype.exe < 0.01 5,960 K 13,140 K4088 IType.exe Microsoft Corporation

ipoint.exe 0.05 8,212 K 17,688 K3160 IPoint.exe Microsoft Corporation

wmdcBase.exe 2,340 K 6,180 K 3324Windows Mobile Device Center Microsoft Corporation

procexp.exe 2,496 K 7,660 K 1836Sysinternals Process Explorer Sysinternals - www.sysinternals.com

procexp64.exe 2.23 31,728 K 53,568 K4624 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

chrome.exe 0.03 122,380 K 108,784 K3876 Google Chrome Google Inc.

chrome.exe < 0.01 70,040 K 63,552 K5220 Google Chrome Google Inc.

chrome.exe 20,796 K 21,152 K 5248 Google Chrome Google Inc.

chrome.exe 4,280 K 8,808 K 5396Google Chrome Google Inc.

recordingmanager.exe 0.07 2,716 K 8,588 K 5428 RealDownloader RealNetworks, Inc.

chrome.exe 10,420 K 13,304 K 6104 Google Chrome Google Inc.

chrome.exe 0.01 44,908 K 56,824 K3348 Google Chrome Google Inc.

chrome.exe 0.06 34,292 K 51,696 K1908 Google Chrome Google Inc.

VDeck.exe < 0.01 10,508 K 6,336 K3692 VIA HD Audio CPL VIA

AMBSPISyncService.exe 6,012 K 11,188 K3844 License Sync Service (X-Fi MB) Creative Technology Ltd

Sound_Blaster_X-Fi_MB_Cleanup.0001 944 K 3,132 K3492 Cleanup Macrovision Europe Ltd.

VolPanlu.exe < 0.01 9,672 K 11,304 K1132 VolPanlu.exe Creative Technology Ltd

EEventManager.exe < 0.01 3,084 K 8,980 K 4112 EEventManager Application SEIKO EPSON CORPORATION

jusched.exe 1,048 K 3,908 K 4280Java(TM) Update Scheduler Sun Microsystems, Inc.

realsched.exe 1,936 K 380 K 4336RealNetworks Scheduler RealNetworks, Inc.

avgui.exe < 0.01 5,764 K 17,244 K4360 AVG User Interface AVG Technologies CZ, s.r.o.

Process: svchost.exe Pid: 1116

Type Name

ALPC Port \RPC Control\OLE00E1E2967AD94A75B6F7F5B33A16

ALPC Port \UxSmsApiPort

ALPC Port \Security\TRKWKS_PORT

ALPC Port \RPC Control\trkwks

Desktop \Default

Directory \KnownDlls

Directory \BaseNamedObjects

Event \KernelObjects\MaximumCommitCondition

Event \BaseNamedObjects\TermSrvReadyEvent

Event \KernelObjects\SuperfetchScenarioNotify

Event \Security\TRKWKS_EVENT

Event \BaseNamedObjects\WinSta0_DesktopSwitch

Event \KernelObjects\SuperfetchTracesReady

Event \KernelObjects\SuperfetchParametersChanged

Event \KernelObjects\PrefetchTracesReady

Event \BaseNamedObjects{A2DA10D8-7E2D-4d8f-86B7-4D1C99659749}_PCAEVENT

Event \BaseNamedObjects\PCA_DRIVER_INSTALL

File C:\Windows\System32

File \Device\KsecDD

File \Device\0000007b\rearlineouttopo

File \Device\0000007b\viamicincapturetopo

File \Device\0000007b\vialineincapturetopo

File \Device\PcwDrv

File \Device\Mup..

File C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac

File D:$Extend$ObjId

File C:$Extend$ObjId

File \Device\HarddiskVolume7

File \Device\HarddiskVolume2

File \Device\HarddiskVolume3

File E:\System Volume Information\tracking.log

File \Device\NamedPipe\trkwks

File D:\System Volume Information\tracking.log

File C:\System Volume Information\tracking.log

File E:$Extend$ObjId

File \Device\00000080

File \Device\0000008b

File \Device\FileInfo

File \Device\WMIDataDevice

File C:\Windows\System32\en-US\FirewallAPI.dll.mui

File \Device\KsecDD

File C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9

File C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac

Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

Key HKLM\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions

Key HKLM\SYSTEM\ControlSet001\Control\SESSION MANAGER

Key HKU.DEFAULT\Control Panel\International

Key HKCR

Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\NetCache

Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist

Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Superfetch

Key HKLM\SYSTEM\ControlSet001\Control\SESSION MANAGER\MEMORY MANAGEMENT\PrefetchParameters

Key HKU.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion

Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags

Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EMDMgmt

Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher

Key HKLM\SYSTEM\ControlSet001\Enum

Key HKLM\SYSTEM\ControlSet001\services

Key HKLM\SYSTEM\ControlSet001\Control\CLASS

Key HKLM\SYSTEM\ControlSet001\Control\DeviceClasses

Key HKLM\SYSTEM\ControlSet001\Control\CoDeviceInstallers

Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage

Key HKLM\SYSTEM\ControlSet001\services

Key HKLM\SOFTWARE\Microsoft\Tracing\svchost_RASDLG

Key HKLM\SYSTEM\ControlSet001\Control\Network\Connections

Key HKLM\SYSTEM\ControlSet001\services\crypt32

Key HKLM\SOFTWARE\Microsoft\SystemCertificates\Homegroup Machine Certificates

Key HKU.DEFAULT\Printers\Connections

Key HKU.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Windows

Key HKLM\SOFTWARE\Microsoft\IdentityStore\Providers

Mutant \BaseNamedObjects\OOC State Mutex

Mutant \BaseNamedObjects\RasPbFile

Mutant \BaseNamedObjects\d3b1bbc7-c020-4056-9ded-7c6f40b5a2fc

Process dwm.exe(3340)

Process svchost.exe(1116)

Section \BaseNamedObjects\__ComCatalogCache__

Section \BaseNamedObjects\windows_shell_global_counters

Thread svchost.exe(1116): 1120

Thread svchost.exe(1116): 5968

Thread svchost.exe(1116): 1128

Thread svchost.exe(1116): 1156

Thread svchost.exe(1116): 1192

Thread svchost.exe(1116): 1284

Thread svchost.exe(1116): 1296

Thread svchost.exe(1116): 1356

Thread svchost.exe(1116): 1364

Thread svchost.exe(1116): 1136

Thread svchost.exe(1116): 2264

Thread svchost.exe(1116): 1296

Thread svchost.exe(1116): 1408

Thread svchost.exe(1116): 1424

Thread svchost.exe(1116): 2264

Thread svchost.exe(1116): 2328

Thread svchost.exe(1116): 1828

Thread svchost.exe(1116): 2460

Thread svchost.exe(1116): 2832

Thread svchost.exe(1116): 3280

Thread svchost.exe(1116): 1824

Thread svchost.exe(1116): 2936

Thread svchost.exe(1116): 3000

Thread svchost.exe(1116): 1408

Thread svchost.exe(1116): 3912

Thread svchost.exe(1116): 1432

Thread svchost.exe(1116): 4800

Thread svchost.exe(1116): 3084

Thread svchost.exe(1116): 4748

Thread svchost.exe(1116): 1748

Thread svchost.exe(1116): 2884

Thread svchost.exe(1116): 1748

Thread svchost.exe(1116): 3300

Thread svchost.exe(1116): 4672

Thread svchost.exe(1116): 1924

Thread svchost.exe(1116): 2676

Token NT AUTHORITY\SYSTEM:3e7

Token Hackzoor-PC\Hackzoor:68dd7

Token NT AUTHORITY\SYSTEM:3e7

Token Hackzoor-PC\Hackzoor:68dd7

WindowStation \Windows\WindowStations\Service-0x0-3e7$

and this is from services tab for that exactly svhost.exe :

wdiSystemHost 1116Diagnostic System Host running

UxSms 1116 Desktop Window Manager running

trkWks 1116distributed Link tracking Client running

SysMain 1116 Superfetch running

pcaSvc 1116 Program complability assistant Service running

Netman 1116Network conections running

HomeGrouplistener 1116HomegroupListener running

hidserv 1116Human interface device acssess running

CscService 1116offline files running

audioEndpointBuilder 1116windows audio endpoint bulider running

when i kill this svhost.exe i dont get lose anything,like sound,net connections i just got free mem and faster pc.So i am pretty sure that this is some kind of virus or malware that is just shown in process tree like svhost.exe.When i reset my pc this service is up,when i kille it in some time this process is up aggain. How i can fix this issue or remove it from my pc?

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

3 answers

Answer 1

Hi,

Thank you for the update.

I would suggest you to perform a Clean Boot**** to see if there is any software conflict as clean boot helps to eliminate software conflicts.

Note: After performing the troubleshooting steps in clean boot, follow How to reset the computer to start as usual after troubleshooting with clean boot section from the article to start the computer to Normal startup mode.

Reply with the results.

Answer 2

Hi and Thanks for fast response.

I did check my pc for viruses and spayware.i used programs : AVG antivirus,Malwarebytes and Microsoft Safety Scanner. From all softwares only malwarebytes detected 4 trojan viruses and celan it sucssessfuly.

I run troubleshooting for performance and i only got to disable some of programs that is startiing with my system.Only error report is in windows Logs/System and error codes are : 7031,7011,7006,7001.7003,7006,7000,8003,7034,703217011,2019 and warrning codes: 11,219.

I did do regulary disck clean,regystry clean and repair.

So basicly i did prety much all i could do and i stil have same memory leek problem.Is there any more options about this problem?

Thanks

Answer 3

Hi Filip Cenic,

Welcome to the Microsoft Community. As per the description svhost.exe is using to much of ram. Provide the following information:

· Have you made any changes on the computer prior to the issue?

· Do you get any error message?

· What is the make and model of the computer?

I will help you with this issue. The Svchost.exe file is located in the %SystemRoot%\System32 folder. At startup, Svchost.exe checks the services part of the registry to construct a list of services that it must load. Multiple instances of Svchost.exe can run at the same time. Each Svchost.exe session can contain a grouping of services. Therefore, separate services can run, depending on how and where Svchost.exe is started.

I would suggest you to follow these methods.

Method 1: Follow the steps from the article.

Optimize Windows 7 for better performance

Method 2: Perform a scan using Microsoft safety scanner.

http://www.microsoft.com/security/scanner/en-us/default.aspx

Note: Any data files that are infected may only be cleaned by deleting the file entirely, which means there is a potential for data loss.

Refer these articles for more information:

**Slow PC? Optimize your computer for peak performance**

**How to make a computer faster: 6 ways to speed up your PC**

Hope this helps. Let us know if you need further assistance with Windows related issues. We will be happy to help.

Share via

svhost.exe memory leek

3 answers