Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

multiple conhost.exe processes high CPU usage powershell repeatedly stops


  • This topic is locked This topic is locked
1 reply to this topic

#1 JeremyAndrew

JeremyAndrew

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 13 October 2014 - 04:47 PM

Hi.  I downloaded some stuff from a bogus Minecraft site and have had multiple problems since.  Everything got encrypted, but I didn't pay cuz I had copies, then I had multiple comsurrogate processes, and now I hav e high CPU usage, a program called "conhost.exe" that doesn't have a valid file location or service associated with it, and various programs spike randomly to 20% -30% cpu usage, keeping me in the 70 - 80% range.  Additionally, since I got the encryption virus, powershell stops working every few minutes.  And some computer company who says they are a "legitimate company" has been calling me and they want me to connect to their server through the run command line. 

I am running Windows 8.1

I have followed a couple fix threads and at various times have run rogue killer, emisoft and a couple others. Found some viruses, but still have the above problems.

I ran DDS and got the following logs:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Jeremy and Heidi at 10:25:18 on 2014-10-13
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.11741.9074 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Emsisoft Anti-Malware *Enabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Emsisoft Anti-Malware *Enabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\dwm.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Toshiba\Password Utility\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
C:\windows\system32\taskhostex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Teco\TecoService.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
C:\Program Files\Toshiba\Teco\TecoResident.exe
C:\Program Files (x86)\Toshiba\System Setting\TSleepSrv.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\dashost.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\system32\WLANExt.exe
C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe
C:\windows\system32\taskmgr.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\rundll32.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\syswow64\windowspowershell\v1.0\powershell.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://toshiba13.msn.com
mStart Page = hxxp://speedial.com/?f=1&a=spd_wnzp_14_23_ie&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtBtCtCtCzytB0AyD0EyCyBtN0D0Tzu0SzzzzyCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEzy0EtC0FzytAyCtG0E0FyEtAtG0DtCyBtCtGtAyByEtDtGyC0CyDtAyE0BzyyEtB0AzztB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtC0B0E0E0Bzz0FtG0C0DyCtDtGtDzzzz0FtGzz0DtBzztGyDzztDtDyEyC0D0DtDyC0FyB2Q&cr=1057173731&ir=
mWindow Title = Internet Explorer provided by TOSHIBA
mDefault_Page_URL = hxxp://toshiba13.msn.com
uURLSearchHooks: <No Name>: {a8625cb7-85fe-4936-92a4-b2a7c925209e} -
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Toolbar BHO: {7c8f8fe5-9785-4f74-bcf8-895ef9752d97} -
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
TB: GamingWonderland: {A899079D-206F-43A6-BE6A-07E0FA648EA0} -
TB: GamingWonderland: {a899079d-206f-43a6-be6a-07e0fa648ea0} -
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [GamingWonderland EPM Support] "C:\PROGRA~2\GAMING~2\bar\1.bin\gtmedint.exe" T8EPMSUP.DLL,S
mRun: [GamingWonderland Search Scope Monitor] "C:\PROGRA~2\GAMING~2\bar\1.bin\gtsrchmn.exe" /m=2 /w /h
mRun: [GamingWonderland Browser Plugin Loader] C:\PROGRA~2\GAMING~2\bar\1.bin\gtbrmon.exe
mRun: [GamingWonderland Browser Plugin Loader 64] C:\PROGRA~2\GAMING~2\bar\1.bin\gtbrmon64.exe
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [Zwinky_5q Browser Plugin Loader 64] C:\PROGRA~2\ZWINKY~2\bar\1.bin\5qbrmon64.exe
mRun: [emsisoft anti-malware] "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60
StartupFolder: C:\Users\JEREMY~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0B80CC8A-C89E-4626-B352-4EE0D20966A2} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D8242372-24C5-44A4-A62B-9655F83D954D} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D8242372-24C5-44A4-A62B-9655F83D954D}\1627368646561636F6E6 : DHCPNameServer = 64.68.252.10 64.68.248.10 64.68.244.250
TCP: Interfaces\{D8242372-24C5-44A4-A62B-9655F83D954D}\D4F64756C60263 : DHCPNameServer = 10.128.128.128
TCP: Interfaces\{D8242372-24C5-44A4-A62B-9655F83D954D}\E45445745414254373 : DHCPNameServer = 10.0.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://speedial.com/?f=1&a=spd_wnzp_14_23_ie&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtBtCtCtCzytB0AyD0EyCyBtN0D0Tzu0SzzzzyCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEzy0EtC0FzytAyCtG0E0FyEtAtG0DtCyBtCtGtAyByEtDtGyC0CyDtAyE0BzyyEtB0AzztB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtC0B0E0E0Bzz0FtG0C0DyCtDtGtDzzzz0FtGzz0DtBzztGyDzztDtDyEyC0D0DtDyC0FyB2Q&cr=1057173731&ir=
x64-mWindow Title = Internet Explorer provided by TOSHIBA
x64-mDefault_Page_URL = hxxp://toshiba13.msn.com
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SRS Premium Sound HD] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe"  /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\Hotkey\TCrdMain_Win8.exe
x64-Run: [TecoResident] C:\Program Files\TOSHIBA\Teco\TecoResident.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
x64-Run: [TODDMain] C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\Drivers\avgidsha.sys [2014-6-17 190744]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\Drivers\avgloga.sys [2014-6-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\Drivers\avgmfx64.sys [2014-8-6 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\Drivers\avgrkx64.sys [2014-6-17 31512]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\Drivers\tos_sps64.sys [2012-10-25 499096]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2014-10-2 26176]
R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2014-10-2 45208]
R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2014-10-2 23088]
R1 Avgdiska;AVG Disk Driver;C:\windows\System32\Drivers\avgdiska.sys [2014-6-30 152344]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\Drivers\avgidsdrivera.sys [2014-7-21 244504]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\Drivers\avgldx64.sys [2014-6-17 235800]
R1 Avgwfpa;AVG Firewall Driver;C:\windows\System32\Drivers\avgwfpa.sys [2014-6-30 270104]
R2 a2AntiMalware;Emsisoft Protection Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2014-10-2 4791872]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-8-8 240640]
R2 APXACC;AppEx Networks Accelerator LWF;C:\windows\System32\Drivers\appexDrv.sys [2012-10-25 199008]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-8-25 3242000]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-8-25 289328]
R2 GFNEXSrv;GFNEX Service;C:\Program Files (x86)\Toshiba\Password Utility\GFNEXSrv.exe [2011-10-13 156672]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe [2014-9-15 89352]
R2 PEGAGFN;PEGAGFN;C:\Program Files (x86)\Toshiba\Password Utility\PEGAGFN.sys [2009-9-11 14344]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\Teco\TecoService.exe [2012-8-13 289192]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\Drivers\TVALZFL.sys [2012-7-21 16768]
R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2014-10-2 71472]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\Drivers\AtihdW86.sys [2012-7-17 98472]
R3 cleanhlp;cleanhlp;C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [2014-10-2 57024]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUStor.sys [2012-10-25 252048]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2012-10-25 690832]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\windows\System32\Drivers\rtwlane.sys [2012-6-29 1496720]
R3 TMachInfo;TMachInfo;C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2013-7-31 53864]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2012-7-28 458152]
R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\Drivers\usbfilter.sys [2012-10-25 57000]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\windows\System32\Drivers\avgboota.sys [2013-9-4 20496]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\Drivers\rtwlane.sys [2012-6-29 1496720]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\Drivers\usbaapl64.sys [2013-3-18 54784]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
.
=============== Created Last 30 ================
.
2014-10-10 15:22:39 -------- d-----w- C:\Program Files (x86)\GPLGS
2014-10-10 15:21:53 87600 ----a-w- C:\windows\System32\cpwmon64.dll
2014-10-10 15:21:41 -------- d-----w- C:\ProgramData\APN
2014-10-10 15:21:41 -------- d-----w- C:\Program Files (x86)\Acro Software
2014-10-09 16:55:22 -------- d-----w- C:\Users\Jeremy and Heidi\AppData\Local\Hewlett-Packard
2014-10-04 01:43:46 178800 ----a-w- C:\windows\SysWow64\CmdLineExt_x64.dll
2014-10-03 02:14:03 -------- d-----w- C:\ProgramData\Emsisoft
2014-10-02 19:16:08 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
2014-10-01 06:18:12 -------- d-----w- C:\Program Files (x86)\ASP
2014-10-01 06:18:10 16896 ----a-w- C:\windows\System32\sasnative64.exe
2014-10-01 06:17:57 -------- d-----w- C:\Users\Jeremy and Heidi\AppData\Local\Programs
2014-10-01 05:17:14 -------- d-----w- C:\windows\AppReadiness
2014-09-28 19:39:36 -------- d-----w- C:\Users\Jeremy and Heidi\AppData\Roaming\.minecraft
2014-09-23 03:50:48 144896 ----a-w- C:\windows\System32\tssdisai.dll
2014-09-23 03:50:47 148480 ----a-w- C:\windows\System32\poqexec.exe
2014-09-18 03:37:06 111016 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
2014-09-18 02:30:45 -------- d-----w- C:\Users\Jeremy and Heidi\AppData\Roaming\.technic
2014-09-16 00:17:30 -------- d-----w- C:\windows\ERUNT
2014-09-15 23:24:31 705480 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-09-15 23:24:31 104904 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-15 18:48:40 71168 ----a-w- C:\windows\System32\drivers\hdaudbus.sys
2014-09-15 16:30:01 35480 ----a-w- C:\windows\SysWow64\TsWpfWrp.exe
2014-09-15 16:30:01 35480 ----a-w- C:\windows\System32\TsWpfWrp.exe
2014-09-14 11:28:22 -------- d-----w- C:\Users\Jeremy and Heidi\AppData\Roaming\Ucygemx
2014-09-14 02:47:02 -------- d--h--w- C:\dbc014f
.
==================== Find3M  ====================
.
2014-10-10 14:56:57 60 ----a-w- C:\windows\wpd99.drv
2014-09-29 19:47:56 19800 ----a-w- C:\windows\System32\roboot64.exe
2014-09-15 20:51:27 997632 ----a-w- C:\windows\System32\drivers\ndis.sys
2014-09-15 20:48:59 2219520 ----a-w- C:\windows\System32\dwmcore.dll
2014-09-15 20:34:52 159232 ----a-w- C:\windows\System32\inetpp.dll
2014-09-15 20:34:49 83968 ----a-w- C:\windows\SysWow64\wiaacmgr.exe
2014-09-15 20:34:47 436736 ----a-w- C:\windows\SysWow64\MP4SDECD.DLL
2014-09-15 20:34:45 1611776 ----a-w- C:\windows\SysWow64\mmc.exe
2014-09-15 20:34:43 666112 ----a-w- C:\windows\System32\MP4SDECD.DLL
2014-09-15 20:34:41 256000 ----a-w- C:\windows\System32\WSDMon.dll
2014-09-15 20:34:40 406016 ----a-w- C:\windows\System32\Windows.Media.dll
2014-09-15 20:34:38 91880 ----a-w- C:\windows\System32\drivers\partmgr.sys
2014-09-15 20:34:36 95232 ----a-w- C:\windows\System32\wiaacmgr.exe
2014-09-15 20:29:21 96600 ----a-w- C:\windows\System32\drivers\wfplwfs.sys
2014-09-15 20:29:21 723968 ----a-w- C:\windows\System32\BFE.DLL
2014-09-15 20:29:21 1160192 ----a-w- C:\windows\System32\IKEEXT.DLL
2014-09-15 20:25:08 3246592 ----a-w- C:\windows\System32\rdpcorets.dll
2014-09-15 20:25:08 235520 ----a-w- C:\windows\System32\rdpudd.dll
2014-09-15 20:23:47 619008 ----a-w- C:\windows\System32\drivers\srv2.sys
2014-09-15 20:23:45 309760 ----a-w- C:\windows\System32\wusa.exe
2014-09-15 20:23:43 305152 ----a-w- C:\windows\SysWow64\wusa.exe
2014-09-15 20:22:02 59392 ----a-w- C:\windows\SysWow64\imagehlp.dll
2014-09-15 20:22:00 62976 ----a-w- C:\windows\System32\imagehlp.dll
2014-09-15 20:20:38 652288 ----a-w- C:\windows\System32\comctl32.dll
2014-09-15 20:20:37 541696 ----a-w- C:\windows\SysWow64\comctl32.dll
2014-09-15 20:17:54 1557504 ----a-w- C:\windows\System32\osk.exe
2014-09-15 20:17:44 1440256 ----a-w- C:\windows\SysWow64\osk.exe
2014-09-15 20:12:23 452608 ----a-w- C:\windows\SysWow64\SHCore.dll
2014-09-15 20:12:20 1281536 ----a-w- C:\windows\System32\lsasrv.dll
2014-09-15 20:12:19 588288 ----a-w- C:\windows\System32\SHCore.dll
2014-09-15 20:12:16 439808 ----a-w- C:\windows\System32\lsm.dll
2014-09-15 20:06:25 626688 ----a-w- C:\windows\System32\resutils.dll
2014-09-15 20:06:25 374784 ----a-w- C:\windows\System32\clusapi.dll
2014-09-15 20:06:21 551424 ----a-w- C:\windows\SysWow64\oleaut32.dll
2014-09-15 20:06:15 488960 ----a-w- C:\windows\SysWow64\resutils.dll
2014-09-15 20:06:15 302080 ----a-w- C:\windows\SysWow64\clusapi.dll
2014-09-15 20:06:05 778752 ----a-w- C:\windows\System32\oleaut32.dll
2014-09-15 20:03:53 35856 ----a-w- C:\windows\System32\drivers\WdBoot.sys
2014-09-15 20:03:53 269592 ----a-w- C:\windows\System32\drivers\WdFilter.sys
2014-09-15 20:02:29 523776 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-09-15 20:02:28 600064 ----a-w- C:\windows\System32\vbscript.dll
2014-09-15 19:55:26 1173504 ----a-w- C:\windows\System32\UIAutomationCore.dll
2014-09-15 19:55:17 247296 ----a-w- C:\windows\SysWow64\ubpm.dll
2014-09-15 19:55:14 61784 ----a-w- C:\windows\System32\drivers\crashdmp.sys
2014-09-15 19:55:11 13661696 ----a-w- C:\windows\System32\Windows.UI.Xaml.dll
2014-09-15 19:55:07 914432 ----a-w- C:\windows\SysWow64\UIAutomationCore.dll
2014-09-15 19:55:05 328192 ----a-w- C:\windows\System32\ubpm.dll
2014-09-15 19:55:04 465240 ----a-w- C:\windows\System32\drivers\fvevol.sys
2014-09-15 19:54:51 10799104 ----a-w- C:\windows\SysWow64\Windows.UI.Xaml.dll
2014-09-15 19:51:30 785624 ----a-w- C:\windows\System32\drivers\Wdf01000.sys
2014-09-15 19:51:30 54488 ----a-w- C:\windows\System32\drivers\WdfLdr.sys
2014-09-15 19:46:14 312832 ----a-w- C:\windows\System32\LocationApi.dll
2014-09-15 19:46:12 183808 ----a-w- C:\windows\System32\winmmbase.dll
2014-09-15 19:46:12 115712 ----a-w- C:\windows\System32\winmm.dll
2014-09-15 19:46:08 439488 ----a-w- C:\windows\System32\WerFault.exe
2014-09-15 19:46:06 120144 ----a-w- C:\windows\System32\drivers\msgpioclx.sys
2014-09-15 19:46:01 245760 ----a-w- C:\windows\SysWow64\LocationApi.dll
2014-09-15 19:39:37 245248 ----a-w- C:\windows\System32\usbmon.dll
2014-09-15 19:39:33 645120 ----a-w- C:\windows\System32\Windows.Security.Authentication.OnlineId.dll
2014-09-15 19:39:15 156160 ----a-w- C:\windows\System32\powercfg.cpl
2014-09-15 19:39:13 180224 ----a-w- C:\windows\System32\SystemEventsBrokerServer.dll
2014-09-15 19:39:09 357888 ----a-w- C:\windows\SysWow64\netcfgx.dll
2014-09-15 19:39:07 550912 ----a-w- C:\windows\SysWow64\drvstore.dll
2014-09-15 19:39:05 504320 ----a-w- C:\windows\SysWow64\Windows.Security.Authentication.OnlineId.dll
2014-09-15 19:39:02 1338880 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2014-09-15 19:39:00 103936 ----a-w- C:\windows\System32\wpdbusenum.dll
2014-09-15 19:38:58 150016 ----a-w- C:\windows\System32\discan.dll
2014-09-15 19:38:51 951808 ----a-w- C:\windows\System32\Windows.Globalization.dll
2014-09-15 19:38:45 1149952 ----a-w- C:\windows\System32\winmde.dll
2014-09-15 19:38:42 1627648 ----a-w- C:\windows\System32\WindowsCodecs.dll
2014-09-15 19:38:27 117248 ----a-w- C:\windows\System32\NdisImPlatform.dll
2014-09-15 19:38:22 171008 ----a-w- C:\windows\System32\TimeBrokerServer.dll
2014-09-15 19:38:20 455168 ----a-w- C:\windows\System32\netcfgx.dll
2014-09-15 19:38:18 893952 ----a-w- C:\windows\SysWow64\winmde.dll
2014-09-15 19:38:15 145408 ----a-w- C:\windows\SysWow64\powercfg.cpl
2014-09-15 19:38:13 703488 ----a-w- C:\windows\System32\drvstore.dll
2014-09-15 19:38:01 1933312 ----a-w- C:\windows\System32\wbem\cimwin32.dll
2014-09-15 19:37:55 601088 ----a-w- C:\windows\SysWow64\Windows.Globalization.dll
2014-09-15 19:37:53 49152 ----a-w- C:\windows\System32\DevDispItemProvider.dll
2014-09-15 19:37:50 1101824 ----a-w- C:\windows\System32\wmpmde.dll
2014-09-15 19:37:47 71168 ----a-w- C:\windows\System32\WSDPrintProxy.DLL
2014-09-15 19:37:32 36352 ----a-w- C:\windows\SysWow64\DevDispItemProvider.dll
2014-09-15 19:32:17 1890816 ----a-w- C:\windows\System32\crypt32.dll
2014-09-15 19:32:15 1569280 ----a-w- C:\windows\SysWow64\crypt32.dll
2014-09-15 19:25:09 265216 ----a-w- C:\windows\System32\InkEd.dll
2014-09-15 19:20:03 1255936 ----a-w- C:\windows\System32\certutil.exe
2014-09-15 19:20:00 1013248 ----a-w- C:\windows\SysWow64\certutil.exe
2014-09-15 19:19:57 109056 ----a-w- C:\windows\SysWow64\cryptnet.dll
2014-09-15 19:19:55 141312 ----a-w- C:\windows\System32\cryptnet.dll
2014-09-15 18:44:53 35328 ----a-w- C:\windows\SysWow64\atmlib.dll
2014-09-15 18:44:53 300032 ----a-w- C:\windows\SysWow64\atmfd.dll
2014-09-15 18:44:49 46080 ----a-w- C:\windows\System32\atmlib.dll
2014-09-15 18:44:49 362496 ----a-w- C:\windows\System32\atmfd.dll
2014-09-15 18:39:16 475136 ----a-w- C:\windows\System32\WWanAPI.dll
2014-09-15 18:39:15 79360 ----a-w- C:\windows\SysWow64\taskkill.exe
2014-09-15 18:39:13 80896 ----a-w- C:\windows\SysWow64\tasklist.exe
2014-09-15 18:39:10 385024 ----a-w- C:\windows\System32\ncsi.dll
2014-09-15 18:39:09 567808 ----a-w- C:\windows\SysWow64\duser.dll
2014-09-15 18:39:01 375808 ----a-w- C:\windows\SysWow64\wbem\WmiPrvSE.exe
2014-09-15 18:39:01 131072 ----a-w- C:\windows\SysWow64\wbem\WmiDcPrv.dll
.
============= FINISH: 10:28:47.53 ===============
 

 

 

Here is the ATTACH file:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 12/18/2012 11:25:49 PM
System Uptime: 10/11/2014 10:17:15 PM (36 hours ago)
.
Motherboard: AMD |  | PLCSC8
Processor: AMD A6-4400M APU with Radeon™ HD Graphics    | Socket FT1 | 2700/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 586 GiB total, 308.003 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
7-zip v9.20
Adobe Reader X (10.1.3)
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Quick Stream
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2014
AVS Video Converter 8
Bandicam
Bandicut
Bandisoft MPEG-1 Decoder
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CutePDF Writer 3.0
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Emsisoft Anti-Malware
File Association Helper
Five Nights at Freddy's
FormsWorkFlow 2007
GamingWonderland Internet Explorer Toolbar
HP Officejet 6600 Basic Device Software
HP Officejet 6600 Help
HP Support Solutions Framework
I.R.I.S. OCR
iTunes
Java 7 Update 67 (64-bit)
Junk Mail filter update
Microsoft Application Error Reporting
Microsoft Office
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Movie Maker
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
Nikon Message Center 2
Nikon Movie Editor
Origin
Pdf995
Photo Common
Photo Gallery
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
Premium Sound HD
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
SPORE™
Steam
Synaptics Pointing Device Driver
The Sims™ 3
The Sims™ 3 Generations
The Sims™ 3 Late Night
The Sims™ 3 Pets
The Sims™ 3 Supernatural
The Sims™ 4
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Desktop Assist
TOSHIBA eco Utility
TOSHIBA Function Key
Toshiba Password Utility
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA System Driver
TOSHIBA System Settings
TOSHIBA User's Guide
TOSHIBA VIDEO PLAYER
TOSHIBARegistration
Unity Web Player
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
ViewNX 2
Visual Studio 2010 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 5.01 (64-bit)
WinZip 17.5
Wizard101
.
==== Event Viewer Messages From Past Week ========
.
10/9/2014 5:39:34 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
10/9/2014 5:39:34 PM, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/9/2014 3:54:29 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {4D111E08-CBF7-4F12-A926-2C7920AF52FC}. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{4D111E08-CBF7-4F12-A926-2C7920AF52FC}
10/9/2014 3:51:41 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {E96767E0-7EAA-45E1-8E7D-64414AFF281A}. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{E96767E0-7EAA-45E1-8E7D-64414AFF281A}
10/9/2014 3:46:20 PM, Error: Schannel [36888]  - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 80. The Windows SChannel error state is 301.
10/9/2014 2:27:37 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {BB46F03E-7CD2-489F-8F95-BB950F395FDB}. The error: "2" Happened while starting this command: C:\windows\SysWOW64\DllHost.exe /Processid:{16D99191-6280-4B33-A2F5-04805A0FC582}
10/9/2014 10:05:02 AM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. The error: "2" Happened while starting this command: C:\windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
10/9/2014 10:04:39 AM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {76D0CB12-7604-4048-B83C-1005C7DDC503}. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
10/8/2014 3:09:21 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
10/13/2014 9:50:01 AM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {30D49246-D217-465F-B00B-AC9DDD652EB7}. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
10/13/2014 10:25:09 AM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {ECF5BF46-E3B6-449A-B56B-43F58F867814}. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
10/13/2014 10:17:30 AM, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca as Unavailable/Unavailable. The error: "5" Happened while starting this command: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server
10/12/2014 11:17:43 AM, Error: Microsoft-Windows-HttpEvent [15006]  - Owner of the log file or directory \SystemRoot\System32\LogFiles\HTTPERR\httperr1.log is invalid. This could be because another user has already created the log file or the directory.
10/11/2014 9:55:44 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.
10/11/2014 9:55:44 PM, Error: Service Control Manager [7000]  - The HP Support Solutions Framework Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/11/2014 10:33:46 PM, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: {581333F6-28DB-41BE-BC7A-FF201F12F3F6} as NT Authority/LocalService. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{478B41E6-3257-4519-BDA8-E971F9843849}
10/11/2014 10:30:30 PM, Error: Service Control Manager [7034]  - The Diagnostic System Host service terminated unexpectedly.  It has done this 1 time(s).
10/11/2014 10:30:30 PM, Error: Service Control Manager [7034]  - The Device Association Service service terminated unexpectedly.  It has done this 1 time(s).
10/11/2014 10:30:30 PM, Error: Service Control Manager [7031]  - The WLAN AutoConfig service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/11/2014 10:30:30 PM, Error: Service Control Manager [7031]  - The Windows Audio Endpoint Builder service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/11/2014 10:30:30 PM, Error: Service Control Manager [7031]  - The Superfetch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/11/2014 10:30:30 PM, Error: Service Control Manager [7031]  - The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/11/2014 10:30:30 PM, Error: Service Control Manager [7031]  - The Human Interface Device Access service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/11/2014 10:30:30 PM, Error: Service Control Manager [7031]  - The HomeGroup Listener service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/11/2014 10:30:30 PM, Error: Service Control Manager [7031]  - The File History Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/11/2014 10:30:30 PM, Error: Service Control Manager [7031]  - The Distributed Link Tracking Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/11/2014 10:29:33 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
10/11/2014 10:27:24 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {3AD05575-8857-4850-9277-11B85BDB8E09}. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{3AD05575-8857-4850-9277-11B85BDB8E09}
10/11/2014 10:18:20 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0xc000021a (0xfffff8a00f31aa90, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 101114-49483-01.
10/11/2014 10:15:38 PM, Error: Service Control Manager [7034]  - The Plug and Play service terminated unexpectedly.  It has done this 1 time(s).
10/11/2014 10:15:38 PM, Error: Service Control Manager [7034]  - The Local Session Manager service terminated unexpectedly.  It has done this 1 time(s).
10/11/2014 10:15:38 PM, Error: Service Control Manager [7031]  - The Power service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
10/11/2014 10:15:38 PM, Error: Service Control Manager [7031]  - The DCOM Server Process Launcher service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
10/11/2014 10:15:38 PM, Error: Service Control Manager [7031]  - The Background Tasks Infrastructure Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Reboot the machine.
10/11/2014 10:11:31 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {1F2E5C40-9550-11CE-99D2-00AA006E086C}. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{1F2E5C40-9550-11CE-99D2-00AA006E086C}
10/10/2014 9:02:41 AM, Error: volmgr [46]  - Crash dump initialization failed!
10/10/2014 7:39:15 AM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}
10/10/2014 12:20:48 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {06622D85-6856-4460-8DE1-A81921B41C4B}. The error: "2" Happened while starting this command: C:\windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
10/10/2014 12:16:56 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {E95186C7-7D80-4311-843D-0702CBC8B1E4}. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{E95186C7-7D80-4311-843D-0702CBC8B1E4}
10/10/2014 12:13:50 PM, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: {BA7C0D29-81CA-4901-B450-634E20BB8C34} as Unavailable/Unavailable. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}
10/10/2014 11:34:21 AM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {3519154C-227E-47F3-9CC9-12C3F05817F1}. The error: "2" Happened while starting this command: C:\windows\SysWOW64\DllHost.exe /Processid:{AD3EDBCA-0901-415B-82E9-C16D3B65E38C}
10/10/2014 10:19:19 AM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
.
==== End Of File ===========================

 

 

I admit I turned off the DCOM server, but that was because I thought it was allowing the conhost file to run more than two instances (it would run 15 or so).

 

Also, this infected my Windows 7 computer, it seems to be missing the keyboard and mouse drivers, though the keyboard does work in DOS.  I haven't started on that one yet.

 

Thanks for any help you can give me.
 



BC AdBot (Login to Remove)

 


m

#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:05 AM

Posted 14 October 2014 - 04:55 AM

You´re being helped here: http://www.bleepingcomputer.com/forums/t/551849/multiple-conhostexe-processes-high-cpu-usage-powershell-repeatedly-stops/#entry3505406


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users