svchost.exe (LocalSystemNetworkRestricted) using 45% Mem - virus?
Here's a screen picture showing details: https://skydrive.live.com/redir.aspx?cid=7915bbaf8fa8141b&resid=7915BBAF8FA8141B!220&parid=7915BBAF8FA8141B!196 Problem is that normally during the last months when all programs are closed the CPU gadget would show 0-2 % CPU usage and 35-45% mem usage. And during some background task performance a little more CPU usage. The mem usage hardly ever goes over 50%. But as shown on picture 85% mem is reserved and it seems to be svchost.exe (LocalSystemNetworkRestricted) and when looking up its PID number it says: AudioEndpointBuilder, hidserv, Netman, PcaSvc, SysMain, TrkWks, UxSms, Wlansvc, WPDBusEnum, wudfsvc Also when opening defragmentationprogram it is clearly not running, so it can't be that. It will probably be gone after reboot. But can't it be closed without reboot?
February 17th, 2012 3:32pm

Use a tool like Process Explorer or Process Monitor from sysinternals to see what's going on. It could be that some kind of background service hosted in one of the SVCHost processes is hogging memory. Then disable the process from running at startup by unchecking it's box on the startup tab of msconfig if you seem to figure out that it is something not needed. If it is a service, then go to services and change the startup type to disabled from the properrties of the service if you find that you don't need it.
Free Windows Admin Tool Kit Click here and download it now
February 17th, 2012 5:04pm

Process Monitor shows a very long list of regedit stuff. Process Explorer shows a kind of directory list with sub-programs and there are PID numbers, CPU usage and something called private bytes and working set. I've rebooted PC now but next time it happens I can try these. (Looks complicated)
February 17th, 2012 9:32pm

The problem soon arose again: 4GB and 85% mem reserved! It is obviously very familiar as there are plenty of topics about it already. There's a website offering a fixtool but after scan it's not very clear and applies for payment. Another website suggests kaspersky cleanup and antimalware. I already got MSE running. But I tried this kaspersky thing. It had to be installed in safe mode. It came up with nothing. And I couldn't find it in the uninstall list. Process Monitor shows a list of subprograms involved. .... Just restored from a stable System Image Backup.
Free Windows Admin Tool Kit Click here and download it now
February 18th, 2012 2:02pm

You just gave up way too quickly. It is actually quite easy to figure out these kinds of issues if you know what to look for. The private working set is your memory, while the other number corresponds to CPU usage. Some programs in general take up a lot of CPU and/or memory. Mostly the hoggers are either AV programs or other security programs. Now it is very different when you have malware running, but as long as you know the list of processes that normally run on your system, you can learn to recognize the illegitimate ones. So think before you just go restoring stuff unless you really don't want to deal with the issue at hand. I love troubleshooting because it gives me something to do, but other folks on here probably aren't as crazy as me.
February 18th, 2012 10:09pm

Not having time to looking into "machine code" is not the same as giving up. It didn't bother MSE that 85% mem was gone with no program on the run.
Free Windows Admin Tool Kit Click here and download it now
February 18th, 2012 11:38pm

Well I'm sorry you feel that way. But those numbers are relatively easy to decipher.
February 19th, 2012 8:29pm

Hi guys, I got the same problem with Local system network restricted that it chews up my CPU to 80% for doing nothing at the startup on my win 7. I found out the reason is because of the Superfetch service which pre-loads apps when u start the computer up. Check it out here : http://en.wikipedia.org/wiki/Windows_Vista_I/O_technologies#SuperFetch There's likely a chance that there 's a conflict in one of those drivers or dll files of the apps. For my particular laptop is my wireless card's driver. So jump into services.msc >> Superfetch >> stop then disable it may help u get away with it. Hope that helps Cheers Ken
Free Windows Admin Tool Kit Click here and download it now
April 17th, 2012 8:09am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics