Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I infected? svchost.exe high memory usage, slowing down computer


  • Please log in to reply
4 replies to this topic

#1 Bodum

Bodum

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:01 AM

Posted 13 April 2018 - 12:48 PM

Hi Bleeping computer, 

 

The past few days I have noticed that occasionally my computer is running slowly while doing basic tasks such as word processing. This is not normal. I have a firewall and AV provided by Bitdefender total security and they haven't caught anything. Well, I took at a look at running processes and services and noticed that svchost.exe was using up to 1,400,000 K memory. I checked and my computer was not updating. It had the latest updates installed on 4/10/18. Please help! I don't want to poke around and break something. 

 

Thank you for your help!

 

Sincerely, 

 

Chris

 

 



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:01 AM

Posted 13 April 2018 - 02:06 PM

Use the programs below to clean, remove malware and remove adware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of Google Chrome and Avast.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Malwarebytes - Clean Mode

  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update its database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

Download AdwCleaner by Xplode onto your desktop. (compatible with Windows 7, 8 and 10)

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Bodum

Bodum
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:01 AM

Posted 13 April 2018 - 05:26 PM

Hi Buddy215!

 

Ok, I ran through the scans. It didn't find anything that I can see. Here are the log files. However, as I was typing this, CCleaner told me I have 1.2 Gb of files to remove, and I ran it less than an hour ago. I ran CCleaner again. There were 940,061 KB in Google Chrome - Internet Cache. However, I have been using Firefox. There was also 196,294 KB in System - Memory Dumps and 70,885 KB in Internet Explorer - Temporary Internet files. I don't use Internet Explorer. These seems strange to me.

 

Malwarebytes - Clean Mode

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/13/18
Scan Time: 3:48 PM
Log File: f81531fa-3f5b-11e8-9d19-00fffc9e2511.json
Administrator: No

-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.4726
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Michita-PC\Chris

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 329093
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 6 min, 30 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

 

Adware Cleaner

# -------------------------------
# Malwarebytes AdwCleaner 7.1.0.0
# -------------------------------
# Build:    04-12-2018
# Database: 2018-04-11.1
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    04-13-2018
# Duration: 00:00:35
# OS:       Windows 7 Home Premium
# Scanned:  40609
# Detected: 6


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

PUP.Optional.Legacy             Ask
PUP.Optional.Legacy             Ask
PUP.Optional.Legacy             Ask
PUP.Optional.Legacy             AOL
PUP.Optional.Legacy             AOL
PUP.Optional.Legacy             AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 

 

CCleaner - Windows Startups

Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes    HKCU:Run    GoogleDriveSync    Google Inc    "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
Yes    HKCU:Run    OPENVPN-GUI    OpenVPN Technologies, Inc.    C:\Program Files\OpenVPN\bin\openvpn-gui.exe
No    HKLM:Run    AdobeGCInvoker-1.0    Adobe Systems, Incorporated    "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"
Yes    HKLM:Run    Bdagent    Bitdefender    "C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe"
Yes    HKLM:Run    BdVpnApp    Bitdefender    C:\Program Files\Bitdefender\Bitdefender VPN\BdVpnApp.exe
Yes    HKLM:Run    HotKeysCmds    Intel Corporation    C:\Windows\system32\hkcmd.exe
Yes    HKLM:Run    IgfxTray    Intel Corporation    C:\Windows\system32\igfxtray.exe
Yes    HKLM:Run    Persistence    Intel Corporation    C:\Windows\system32\igfxpers.exe
No    HKLM:Run    SmartAudio    Conexant Systems, Inc.    C:\Program Files\CONEXANT\SAII\SACpl.exe /t
 

CCleaner - Scheduled Tasks

Yes    Task    Adobe Flash Player PPAPI Notifier    Adobe Systems Incorporated    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_pepper.exe -check pepperplugin
Yes    Task    AdobeGCInvoker-1.0-Michita-PC-Chris    Adobe Systems, Incorporated    C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe
Yes    Task    Synaptics TouchPad Enhancements    Synaptics Incorporated    \Program Files\Synaptics\SynTP\SynTPEnh.exe
Yes    Task    {EFB4458F-69BC-494D-93B7-9BC0B96901D6}    Blizzard Entertainment    C:\Program Files (x86)\StarCraft II\StarCraft II.exe
 

CCleaner - Installed Programs

Adobe Acrobat Reader DC    Adobe Systems Incorporated    2/25/2018    253 MB    18.011.20038
Adobe Flash Player 29 PPAPI    Adobe Systems Incorporated    3/25/2018    19.8 MB    29.0.0.113
Amazon Kindle    Amazon    2/6/2018        1.21.0.48017
Backup and Sync from Google    Google, Inc.    3/26/2018    56.8 MB    3.40.8921.5350
Battle.net    Blizzard Entertainment    2/15/2018        
Bitdefender Agent    Bitdefender    1/30/2018        22.0.10.67
Bitdefender Device Management    Bitdefender    1/30/2018        22.0.17.208
Bitdefender Total Security    Bitdefender    1/30/2018        22.0.18.224
Bitdefender VPN    Bitdefender    3/26/2018        22.0.7.486
CCleaner    Piriform    4/13/2018        5.41
Conexant HD Audio    Conexant    1/31/2018        8.51.2.63
Deluge 1.3.15        2/17/2018        
e5 Secure Download Manager        1/30/2018        
Google Chrome    Google Inc.    1/30/2018        65.0.3325.181
KeyTweak - Keyboard Remapper (remove only)        1/30/2018        
Malwarebytes version 3.4.5.2467    Malwarebytes    4/13/2018    181 MB    3.4.5.2467
Microsoft .NET Framework 4.7.1    Microsoft Corporation    1/31/2018        4.7.02558
Microsoft Office Home and Student 2013 - en-us    Microsoft Corporation    3/30/2018        15.0.5015.1000
Microsoft Sync Framework 2.0 Core Components (x64) ENU     Microsoft Corporation    1/31/2018    1.33 MB    2.0.1578.0
Microsoft Sync Framework 2.0 Provider Services (x64) ENU     Microsoft Corporation    1/31/2018    3.20 MB    2.0.1578.0
Microsoft Visio Professional 2013    Microsoft Corporation    3/11/2018        15.0.4569.1506
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148    Microsoft Corporation    2/19/2018    788 KB    9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148    Microsoft Corporation    2/19/2018    596 KB    9.0.30729.4148
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810    Microsoft Corporation    2/17/2018    22.1 MB    14.12.25810.0
Mozilla Firefox 59.0.2 (x64 en-US)    Mozilla    3/27/2018    144 MB    59.0.2
Mozilla Maintenance Service    Mozilla    3/27/2018    469 KB    59.0.2
MusicBee 3.1    Steven Mayall    1/31/2018        3.1
Notepad++ (64-bit x64)    Notepad++ Team    3/29/2018    11.3 MB    7.5.6
OpenVPN 2.4.5-I601    OpenVPN Technologies, Inc.    4/8/2018        2.4.5-I601
Panda USB Vaccine 1.0.1.16    Panda Security    1/31/2018        
Revo Uninstaller 2.0.5    VS Revo Group, Ltd.    3/27/2018    21.2 MB    2.0.5
Spotify    Spotify AB    3/26/2018        1.0.77.338.g758ebd78
StarCraft II    Blizzard Entertainment    2/15/2018        
Synaptics Pointing Device Driver    Synaptics Incorporated    2/2/2018    46.4 MB    16.2.10.5
TAP-Windows 9.21.2        4/8/2018        9.21.2
VeraCrypt    IDRIX    1/30/2018        1.21
VLC media player    VideoLAN    1/31/2018        2.2.8
Web Launch Recorder        4/9/2018        2.0
WinCDEmu    Sysprogs    1/30/2018        4.1
 



#4 buddy215

buddy215

  • Moderator
  • 13,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:01 AM

Posted 13 April 2018 - 05:50 PM

You should allow CCleaner to remove what it finds using the default settings. Click on the Run Cleaner button in the bottom right corner.

IE will show temporary files as soon as you boot the computer because of its connection your OS.

 

If you didn't allow AdwCleaner to remove the AOL and Aslk urls from Chrome be sure to rerun it and click on Clean when the scan finishes.

You may have to reset Google Sync first if you use it.

 

Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes    Task    AdobeGCInvoker-1.0-Michita-PC-Chris    Adobe Systems, Incorporated    C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe

Yes    Task    {EFB4458F-69BC-494D-93B7-9BC0B96901D6}    Blizzard Entertainment    C:\Program Files (x86)\StarCraft II\StarCraft II.exe
 

Start a new topic in the malware removal forum by following directions below.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 Bodum

Bodum
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:01 AM

Posted 14 April 2018 - 12:59 PM

Hello! I created the new topic and posted my logs. Here is the link. https://www.bleepingcomputer.com/forums/t/675570/svchostexe-high-memory-usage-slowing-down-computer/






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users