SVCHOST using large amounts of Phys. Memory

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Kraizy

Thread Starter
Joined
Feb 24, 2015
Messages
14
Hi there,

I'm having issues with svchost using up to 90% or more of my physical memory. This usually happens around 3-5mins after logging into my profile.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz, Intel64 Family 6 Model 37 Stepping 5
Processor Count: 4
RAM: 1974 Mb
Graphics Card: NVIDIA GeForce 310M, 512 Mb
Hard Drives: C: Total - 431937 MB, Free - 154115 MB; D: Total - 29690 MB, Free - 14788 MB;
Motherboard: LENOVO, Base Board Product Name
Antivirus: Avira Desktop, Disabled

I've looked around your forums and found various threads with this same issue that have been solved however a lot of them have had different solutions to their svchost issue and I was afraid to just randomly try out one fix after another as it might not be applicable to my problem and I might end up breaking my laptop instead.

Here are a few screenshot I took of the offending process.




The last screenshot is the properties of the offending process and I used the program Process Explorer to view it. By the time I took that picture svchost.exe was using up to 500k of physical memory.

Also I've tried Ending the process tree using the task manager which works for awhile but then it just starts up after a minute or two. Ending the process tree a second time causes it to stay closed which I'm happy for. :)

Also even after closing svchost and seeing everything's normal in the task manager my laptop tends to slow down every now and then and even freeze up while doing something as simple as checking my Facebook, loading a Youtube video, or playing games like MapleStory or DragonNest. I'm not sure if the this is related to the svchost problem but any with both would be awesome!
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,155
Your Lenovo computer has only 2 GB(2048 MB) of RAM and has 68 running processes, so it's no surprise that it's using more than 90% of its RAM.

Adding more RAM to it and reducing the number of running processes will go a long way towards improving speed and performance.

--------------------------------------------------

What's the complete description(model name, model number, etc.) of that computer?

http://support.lenovo.com/us/en/products/?type=Desktops-and-all-in-ones&c=1 (Desktops)

http://support.lenovo.com/us/en/products/?type=Laptops-and-netbooks&c=1 (Laptops)

--------------------------------------------------
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,155
Yeah I know it's a bit low-end. My main PC died on me so my dad gave me his spare laptop to use and that's when I found out it had a few problems.

It's a Lenovo G460.
Lenovo G460

Features And Specifications

It supports a maximum of 8 GB of DDR3 PC3-8500(1066 MHz) RAM.

It's currently running with 2 GB of RAM, so that means it has a 1 GB module in both slots or it has a 2 GB module in one slot and has an empty slot.

Depending on the current module setup and whether you want to increase it to 4 GB or 8 GB will determine what you need to buy.
 

Attachments

Phantom010

Retired Trusted Advisor
Joined
Mar 9, 2009
Messages
34,801
That svchost.exe process seems legit and it's in the right location. However, the autostart location looks very suspicious to me. What exactly is the SDGame service?
 

Kraizy

Thread Starter
Joined
Feb 24, 2015
Messages
14
@Phantom010 Yeah it doesn't sound like something that should be running svchost but I'm not sure what SDgame is.

@flavallee I've never tried buying ram for a laptop before since I've never owned one but I'll see what the prices are. Since I'm just a callcenter agent I'll probably just keep saving up till I can fix my main PC.

But is there anything I can do to stop the svchost from eating up so much of my physical memory when I first bootup the laptop? My usual fix is to just end the process tree twice which is enough to make it go away however I'm not sure if what I'm doing is safe.
 

Phantom010

Retired Trusted Advisor
Joined
Mar 9, 2009
Messages
34,801
But is there anything I can do to stop the svchost from eating up so much of my physical memory when I first bootup the laptop? My usual fix is to just end the process tree twice which is enough to make it go away however I'm not sure if what I'm doing is safe.
Yes. Determining what SDGame is.

Let's start with the following scanners. If not enough, you'll probably need more powerful tools only available in the Virus & Other Malware Removal forum.


Please download AdwCleaner.

  • Double-click the adwcleaner.exe to run the tool.
  • Click Scan.
  • When the scan is finished, click Cleaning.
  • When the cleaning process is over, click Logfile and a Notepad window will be opened.
  • Please post the contents into your next reply.
-----------------------------------------------------------------------

Please download and run the free Malwarebytes Anti-Malware.

  • Select the language and click OK.
  • Accept the agreement.
  • Make sure the Enable the Free Trial box is deselected and the Launch Malwarebytes Anti-Malware box is selected, and then click on Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Scan Now.
  • The scan may take some time to complete, so please be patient.
  • When the scan is completed, click on Quarantine All.
  • Click on Copy to Clipboard.
  • Paste the contents into your next reply.
  • You may be prompted to restart the computer instead, to complete the removal process.
  • If indeed prompted, upon restart, launch Malwarebytes Anti-Malware again and select History > Application Logs.
  • Find your Scan Log (the date when run will identify it).
  • Select the right box, then hit the View button. The History Log window will open.
  • At the bottom of that window are two options, Copy to Clipboard and Export.
  • Select Copy to Clipboard.
  • Paste the contents into your next reply.
 

Kraizy

Thread Starter
Joined
Feb 24, 2015
Messages
14
I'll do these right away but I'll post again on this thread in a couple of hours since it's already 12am where I am and need to get some sleep.

Thanks for all the quick replies guys! I hope this gets this laptop up and running. I'll also swing by the computer store on my way home and check if they have any laptop rams I can afford.

Cheers!
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,155
@flavallee I've never tried buying ram for a laptop before since I've never owned one but I'll see what the prices are. Since I'm just a callcenter agent I'll probably just keep saving up till I can fix my main PC.
Here are some examples and prices for quality 2 GB and 4 GB DDR3 PC3-8500(1066 MHz) SODIMM modules.

2 GB

4 GB

------------------------------------------------------------
 

Phantom010

Retired Trusted Advisor
Joined
Mar 9, 2009
Messages
34,801
RAM will definitely help, but possible malware shouldn't be overlooked. 2 GB is perfect for XP, but a little on the low-end for Windows 7.
 

Kraizy

Thread Starter
Joined
Feb 24, 2015
Messages
14
Here are the logs you asked for.

AdwCleaner:
# AdwCleaner v4.111 - Logfile created 25/02/2015 at 01:29:17
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Kevin - ARCHIE-PC
# Running from : C:\Users\Kevin\Desktop\Security and Maintenance\adwcleaner_4.111.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Uniblue
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\Archie\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Archie\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Archie\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Jing\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Kevin\AppData\Local\PackageAware
Folder Deleted : C:\Users\Kevin\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Archie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Deleted : C:\Users\Archie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Users\Archie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage
File Deleted : C:\Users\Archie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Uniblue

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v31.0 (x86 en-GB)

[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CT3072253.HomepageBeforeUnload", "hxxp://isearch.avg.com/?cid={D6C9C4B4-282B-4C67-AC9B-2BBE8B63EDBB}&mid=2a5e8642023847d1bb7a62ea04cfbf80-5bc9721f8d06e4296afd3656eaa8a9b3bec1b3a8&lang=en&ds[...]
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CT3072253.SearchEngineBeforeUnload", "AVG Secure Search");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ConduitSearchList", "uTorrentControl2 Customized Web Search");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253", "\"8aa5c27c903935961cd97aef8c588cbc3\"");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", "\"1362324308\"");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "uG7mdamLoNmpmgC2c0JctQ==");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en&ctid=CT3072253", "GNmdGrr6syWWiO5HPrW6Kg==");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "jf4tQQjNr2TQ31uHimzTMg==");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en&ctid=CT3072253", "inm6N6Ad2DrQKGUsOGzkLg==");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "0BEXfBAJ1PdxmWK9VOejOg==");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en&ctid=CT3072253", "6nU8AIjBECdJeC23UVuipQ==");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "ZU6zjERHpZr7lBpInn+HyA==");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en&ctid=CT3072253", "Y3Dtc1pIAMMkuUpvgoTeaw==");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"0ea11bd291bce1:16c0\"");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.8", "\"0e0a4327275cd1:0\"");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:151d\"");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"23c5489aa686ce1:16c0\"");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253", "\"d5f44cb0f932aae7fea3743f5ddf3ed4\"");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"d8fe038057addd5b83e0fb0fff400620\"");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Archie\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\32fld2z7.default\\conduitCommon\\modules\\3.15.1.0");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3072253");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3072253");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.globalUserId", "a7933fc0-4931-426c-bcdc-8ce2e75cc88d");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Aug 26 2013 05:51:06 GMT+0800 (Taipei Standard Time)");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Aug 26 2013 05:50:58 GMT+0800 (Taipei Standard Time)");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.userId", "9be0418f-739a-4ef9-84bc-06f7bc48ea70");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.originalSearchEngine", "AVG Secure Search");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultthis.engineName", "uTorrentControl2 Customized Web Search");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
[32fld2z7.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://isearch.avg.com/?cid={D6C9C4B4-282B-4C67-AC9B-2BBE8B63EDBB}&mid=2a5e8642023847d1bb7a62ea04cfbf80-5bc9721f8d06e4296afd3656eaa8a9b3bec1b3a8&lang=en&ds=AVG&p[...]
[ldq0adzu.default\prefs.js] - Line Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\17.2.0.38");
[ldq0adzu.default\prefs.js] - Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.comgoogle\\.\\w+yahoo\\.\\w+gmail\\.\\w+hotmail\\.\\w+live\\.\\w+isearch\\.avg\\.commysearch\\.avg\\.com");

-\\ Google Chrome v40.0.2214.115

[C:\Users\Archie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={D6C9C4B4-282B-4C67-AC9B-2BBE8B63EDBB}&mid=2a5e8642023847d1bb7a62ea04cfbf80-5bc9721f8d06e4296afd3656eaa8a9b3bec1b3a8&lang=en&ds=AVG&pr=pr&d=2012-05-17 13:15:07&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
[C:\Users\Archie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3072253

-\\ Chromium v

[C:\Users\Archie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={D6C9C4B4-282B-4C67-AC9B-2BBE8B63EDBB}&mid=2a5e8642023847d1bb7a62ea04cfbf80-5bc9721f8d06e4296afd3656eaa8a9b3bec1b3a8&lang=en&ds=AVG&pr=pr&d=2012-05-17 13:15:07&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
[C:\Users\Archie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3072253

*************************

AdwCleaner[R0].txt - [12563 bytes] - [25/02/2015 01:12:24]
AdwCleaner[S0].txt - [13661 bytes] - [25/02/2015 01:29:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13721 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Scan Log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/25/2015
Scan Time: 1:41:38 AM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.24.05
Rootkit Database: v2015.02.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kevin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 508838
Time Elapsed: 1 hr, 27 min, 37 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 

Kraizy

Thread Starter
Joined
Feb 24, 2015
Messages
14
I've checked all 13 of my svchost processes and they actually have the same autostart location
HKLM\System\CurrentControlSet\Services\SDGame

I guess this is normal for my laptop. XD

As for the high memory usage it still spikes up to 90%+ however if I just leave it alone for around 10mins it normalizes itself now. =)
 

Phantom010

Retired Trusted Advisor
Joined
Mar 9, 2009
Messages
34,801
That is obviously not normal.


Press the Windows key + R to open a Run box. Copy/Paste the following command:

Code:
regedit /e C:\Look.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SDGame"
Press Enter.

You won't notice anything. However, it will have created a report on your C drive named Look. Attach that file to your next reply.


--------------------------------------------------------------------------------


Next,


Run a free ESET Online Scan HERE. Use Internet Explorer.




  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings.
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked.
  • Click Start. (This scan can take a while, so please be patient).
  • Once the scan is completed, select List of found threats.
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop.
  • Click the Back button.
  • Click the Finish button.
  • Use Notepad to open the saved log file (on your Desktop - ESETlog.txt).
  • Copy and paste that log as a reply to this topic.
 

Kraizy

Thread Starter
Joined
Feb 24, 2015
Messages
14
Here's the info on SDGame registry. Wasn't able to find a file attach button sorry.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SDGame]
"Type"=dword:00000001
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,\
00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,\
20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"DisplayName"="SDGAME"
"WOW64"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SDGame\Security]
"Security"=hex:01,00,14,80,64,00,00,00,70,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,34,00,02,00,00,00,00,03,18,00,ff,01,0f,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,00,03,14,00,ff,01,02,00,01,01,00,00,00,00,00,01,\
00,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,\
00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SDGame\Enum]
"0"="Root\\LEGACY_SDGAME\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ESETlog. Looks like the first two files didnt delete or quarantine.

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\uTorrentControl2\ldrtbuTor.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\uTorrentControl2\tbuTor.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\temp\Archie Du\Software\From Mario\switchsetup.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application deleted - quarantined
C:\temp\Archie Du\Software\_New\switchsetup.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application deleted - quarantined
C:\Users\Archie\AppData\Local\Temp\utt4E10.tmp.exe a variant of Win32/Toolbar.Conduit potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\uTorrentControl2\ldrtbuTor.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\uTorrentControl2\tbuTor.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top