Over 1 million tech questions and answers.

multiple conhost.exe processes high CPU usage powershell repeatedly stops

Q: multiple conhost.exe processes high CPU usage powershell repeatedly stops

Hi.  I downloaded some stuff from a bogus Minecraft site and have had multiple problems since.  Everything got encrypted, but I didn't pay cuz I had copies, then I had multiple comsurrogate processes, and now I hav e high CPU usage, a program called "conhost.exe" that doesn't have a valid file location or service associated with it, and various programs spike randomly to 20% -30% cpu usage, keeping me in the 70 - 80% range.  Additionally, since I got the encryption virus, powershell stops working every few minutes.  And some computer company who says they are a "legitimate company" has been calling me and they want me to connect to their server through the run command line. 
I am running Windows 8.1
I have followed a couple fix threads and at various times have run rogue killer, emisoft and a couple others. Found some viruses, but still have the above problems.
I ran DDS and got the following logs:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Jeremy and Heidi at 10:25:18 on 2014-10-13
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.11741.9074 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Emsisoft Anti-Malware *Enabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Emsisoft Anti-Malware *Enabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\dwm.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Toshiba\Password Utility\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
C:\windows\system32\taskhostex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Teco\TecoService.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
C:\Program Files\Toshiba\Teco\TecoResident.exe
C:\Program Files (x86)\Toshiba\System Setting\TSleepSrv.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\dashost.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\system32\WLANExt.exe
C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe
C:\windows\system32\taskmgr.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\rundll32.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\syswow64\windowspowershell\v1.0\powershell.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://toshiba13.msn.com
mStart Page = hxxp://speedial.com/?f=1&a=spd_wnzp_14_23_ie&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtBtCtCtCzytB0AyD0EyCyBtN0D0Tzu0SzzzzyCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEzy0EtC0FzytAyCtG0E0FyEtAtG0DtCyBtCtGtAyByEtDtGyC0CyDtAyE0BzyyEtB0AzztB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtC0B0E0E0Bzz0FtG0C0DyCtDtGtDzzzz0FtGzz0DtBzztGyDzztDtDyEyC0D0DtDyC0FyB2Q&cr=1057173731&ir=
mWindow Title = Internet Explorer provided by TOSHIBA
mDefault_Page_URL = hxxp://toshiba13.msn.com
uURLSearchHooks: <No Name>: {a8625cb7-85fe-4936-92a4-b2a7c925209e} -
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Toolbar BHO: {7c8f8fe5-9785-4f74-bcf8-895ef9752d97} -
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
TB: GamingWonderland: {A899079D-206F-43A6-BE6A-07E0FA648EA0} -
TB: GamingWonderland: {a899079d-206f-43a6-be6a-07e0fa648ea0} -
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [GamingWonderland EPM Support] "C:\PROGRA~2\GAMING~2\bar\1.bin\gtmedint.exe" T8EPMSUP.DLL,S
mRun: [GamingWonderland Search Scope Monitor] "C:\PROGRA~2\GAMING~2\bar\1.bin\gtsrchmn.exe" /m=2 /w /h
mRun: [GamingWonderland Browser Plugin Loader] C:\PROGRA~2\GAMING~2\bar\1.bin\gtbrmon.exe
mRun: [GamingWonderland Browser Plugin Loader 64] C:\PROGRA~2\GAMING~2\bar\1.bin\gtbrmon64.exe
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [Zwinky_5q Browser Plugin Loader 64] C:\PROGRA~2\ZWINKY~2\bar\1.bin\5qbrmon64.exe
mRun: [emsisoft anti-malware] "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60
StartupFolder: C:\Users\JEREMY~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0B80CC8A-C89E-4626-B352-4EE0D20966A2} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D8242372-24C5-44A4-A62B-9655F83D954D} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D8242372-24C5-44A4-A62B-9655F83D954D}\1627368646561636F6E6 : DHCPNameServer = 64.68.252.10 64.68.248.10 64.68.244.250
TCP: Interfaces\{D8242372-24C5-44A4-A62B-9655F83D954D}\D4F64756C60263 : DHCPNameServer = 10.128.128.128
TCP: Interfaces\{D8242372-24C5-44A4-A62B-9655F83D954D}\E45445745414254373 : DHCPNameServer = 10.0.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://speedial.com/?f=1&a=spd_wnzp_14_23_ie&cd=2XzuyEtN2Y1L1QzuyBtDyDyE0DtBtCtCtCzytB0AyD0EyCyBtN0D0Tzu0SzzzzyCtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEzy0EtC0FzytAyCtG0E0FyEtAtG0DtCyBtCtGtAyByEtDtGyC0CyDtAyE0BzyyEtB0AzztB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtC0B0E0E0Bzz0FtG0C0DyCtDtGtDzzzz0FtGzz0DtBzztGyDzztDtDyEyC0D0DtDyC0FyB2Q&cr=1057173731&ir=
x64-mWindow Title = Internet Explorer provided by TOSHIBA
x64-mDefault_Page_URL = hxxp://toshiba13.msn.com
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SRS Premium Sound HD] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe"  /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\Hotkey\TCrdMain_Win8.exe
x64-Run: [TecoResident] C:\Program Files\TOSHIBA\Teco\TecoResident.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
x64-Run: [TODDMain] C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\Drivers\avgidsha.sys [2014-6-17 190744]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\Drivers\avgloga.sys [2014-6-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\Drivers\avgmfx64.sys [2014-8-6 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\Drivers\avgrkx64.sys [2014-6-17 31512]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\Drivers\tos_sps64.sys [2012-10-25 499096]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2014-10-2 26176]
R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2014-10-2 45208]
R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2014-10-2 23088]
R1 Avgdiska;AVG Disk Driver;C:\windows\System32\Drivers\avgdiska.sys [2014-6-30 152344]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\Drivers\avgidsdrivera.sys [2014-7-21 244504]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\Drivers\avgldx64.sys [2014-6-17 235800]
R1 Avgwfpa;AVG Firewall Driver;C:\windows\System32\Drivers\avgwfpa.sys [2014-6-30 270104]
R2 a2AntiMalware;Emsisoft Protection Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2014-10-2 4791872]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-8-8 240640]
R2 APXACC;AppEx Networks Accelerator LWF;C:\windows\System32\Drivers\appexDrv.sys [2012-10-25 199008]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-8-25 3242000]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-8-25 289328]
R2 GFNEXSrv;GFNEX Service;C:\Program Files (x86)\Toshiba\Password Utility\GFNEXSrv.exe [2011-10-13 156672]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe [2014-9-15 89352]
R2 PEGAGFN;PEGAGFN;C:\Program Files (x86)\Toshiba\Password Utility\PEGAGFN.sys [2009-9-11 14344]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\Teco\TecoService.exe [2012-8-13 289192]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\Drivers\TVALZFL.sys [2012-7-21 16768]
R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2014-10-2 71472]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\Drivers\AtihdW86.sys [2012-7-17 98472]
R3 cleanhlp;cleanhlp;C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [2014-10-2 57024]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUStor.sys [2012-10-25 252048]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2012-10-25 690832]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\windows\System32\Drivers\rtwlane.sys [2012-6-29 1496720]
R3 TMachInfo;TMachInfo;C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2013-7-31 53864]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2012-7-28 458152]
R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\Drivers\usbfilter.sys [2012-10-25 57000]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\windows\System32\Drivers\avgboota.sys [2013-9-4 20496]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\Drivers\rtwlane.sys [2012-6-29 1496720]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\Drivers\usbaapl64.sys [2013-3-18 54784]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
.
=============== Created Last 30 ================
.
2014-10-10 15:22:39 -------- d-----w- C:\Program Files (x86)\GPLGS
2014-10-10 15:21:53 87600 ----a-w- C:\windows\System32\cpwmon64.dll
2014-10-10 15:21:41 -------- d-----w- C:\ProgramData\APN
2014-10-10 15:21:41 -------- d-----w- C:\Program Files (x86)\Acro Software
2014-10-09 16:55:22 -------- d-----w- C:\Users\Jeremy and Heidi\AppData\Local\Hewlett-Packard
2014-10-04 01:43:46 178800 ----a-w- C:\windows\SysWow64\CmdLineExt_x64.dll
2014-10-03 02:14:03 -------- d-----w- C:\ProgramData\Emsisoft
2014-10-02 19:16:08 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
2014-10-01 06:18:12 -------- d-----w- C:\Program Files (x86)\ASP
2014-10-01 06:18:10 16896 ----a-w- C:\windows\System32\sasnative64.exe
2014-10-01 06:17:57 -------- d-----w- C:\Users\Jeremy and Heidi\AppData\Local\Programs
2014-10-01 05:17:14 -------- d-----w- C:\windows\AppReadiness
2014-09-28 19:39:36 -------- d-----w- C:\Users\Jeremy and Heidi\AppData\Roaming\.minecraft
2014-09-23 03:50:48 144896 ----a-w- C:\windows\System32\tssdisai.dll
2014-09-23 03:50:47 148480 ----a-w- C:\windows\System32\poqexec.exe
2014-09-18 03:37:06 111016 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
2014-09-18 02:30:45 -------- d-----w- C:\Users\Jeremy and Heidi\AppData\Roaming\.technic
2014-09-16 00:17:30 -------- d-----w- C:\windows\ERUNT
2014-09-15 23:24:31 705480 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-09-15 23:24:31 104904 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-15 18:48:40 71168 ----a-w- C:\windows\System32\drivers\hdaudbus.sys
2014-09-15 16:30:01 35480 ----a-w- C:\windows\SysWow64\TsWpfWrp.exe
2014-09-15 16:30:01 35480 ----a-w- C:\windows\System32\TsWpfWrp.exe
2014-09-14 11:28:22 -------- d-----w- C:\Users\Jeremy and Heidi\AppData\Roaming\Ucygemx
2014-09-14 02:47:02 -------- d--h--w- C:\dbc014f
.
==================== Find3M  ====================
.
2014-10-10 14:56:57 60 ----a-w- C:\windows\wpd99.drv
2014-09-29 19:47:56 19800 ----a-w- C:\windows\System32\roboot64.exe
2014-09-15 20:51:27 997632 ----a-w- C:\windows\System32\drivers\ndis.sys
2014-09-15 20:48:59 2219520 ----a-w- C:\windows\System32\dwmcore.dll
2014-09-15 20:34:52 159232 ----a-w- C:\windows\System32\inetpp.dll
2014-09-15 20:34:49 83968 ----a-w- C:\windows\SysWow64\wiaacmgr.exe
2014-09-15 20:34:47 436736 ----a-w- C:\windows\SysWow64\MP4SDECD.DLL
2014-09-15 20:34:45 1611776 ----a-w- C:\windows\SysWow64\mmc.exe
2014-09-15 20:34:43 666112 ----a-w- C:\windows\System32\MP4SDECD.DLL
2014-09-15 20:34:41 256000 ----a-w- C:\windows\System32\WSDMon.dll
2014-09-15 20:34:40 406016 ----a-w- C:\windows\System32\Windows.Media.dll
2014-09-15 20:34:38 91880 ----a-w- C:\windows\System32\drivers\partmgr.sys
2014-09-15 20:34:36 95232 ----a-w- C:\windows\System32\wiaacmgr.exe
2014-09-15 20:29:21 96600 ----a-w- C:\windows\System32\drivers\wfplwfs.sys
2014-09-15 20:29:21 723968 ----a-w- C:\windows\System32\BFE.DLL
2014-09-15 20:29:21 1160192 ----a-w- C:\windows\System32\IKEEXT.DLL
2014-09-15 20:25:08 3246592 ----a-w- C:\windows\System32\rdpcorets.dll
2014-09-15 20:25:08 235520 ----a-w- C:\windows\System32\rdpudd.dll
2014-09-15 20:23:47 619008 ----a-w- C:\windows\System32\drivers\srv2.sys
2014-09-15 20:23:45 309760 ----a-w- C:\windows\System32\wusa.exe
2014-09-15 20:23:43 305152 ----a-w- C:\windows\SysWow64\wusa.exe
2014-09-15 20:22:02 59392 ----a-w- C:\windows\SysWow64\imagehlp.dll
2014-09-15 20:22:00 62976 ----a-w- C:\windows\System32\imagehlp.dll
2014-09-15 20:20:38 652288 ----a-w- C:\windows\System32\comctl32.dll
2014-09-15 20:20:37 541696 ----a-w- C:\windows\SysWow64\comctl32.dll
2014-09-15 20:17:54 1557504 ----a-w- C:\windows\System32\osk.exe
2014-09-15 20:17:44 1440256 ----a-w- C:\windows\SysWow64\osk.exe
2014-09-15 20:12:23 452608 ----a-w- C:\windows\SysWow64\SHCore.dll
2014-09-15 20:12:20 1281536 ----a-w- C:\windows\System32\lsasrv.dll
2014-09-15 20:12:19 588288 ----a-w- C:\windows\System32\SHCore.dll
2014-09-15 20:12:16 439808 ----a-w- C:\windows\System32\lsm.dll
2014-09-15 20:06:25 626688 ----a-w- C:\windows\System32\resutils.dll
2014-09-15 20:06:25 374784 ----a-w- C:\windows\System32\clusapi.dll
2014-09-15 20:06:21 551424 ----a-w- C:\windows\SysWow64\oleaut32.dll
2014-09-15 20:06:15 488960 ----a-w- C:\windows\SysWow64\resutils.dll
2014-09-15 20:06:15 302080 ----a-w- C:\windows\SysWow64\clusapi.dll
2014-09-15 20:06:05 778752 ----a-w- C:\windows\System32\oleaut32.dll
2014-09-15 20:03:53 35856 ----a-w- C:\windows\System32\drivers\WdBoot.sys
2014-09-15 20:03:53 269592 ----a-w- C:\windows\System32\drivers\WdFilter.sys
2014-09-15 20:02:29 523776 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-09-15 20:02:28 600064 ----a-w- C:\windows\System32\vbscript.dll
2014-09-15 19:55:26 1173504 ----a-w- C:\windows\System32\UIAutomationCore.dll
2014-09-15 19:55:17 247296 ----a-w- C:\windows\SysWow64\ubpm.dll
2014-09-15 19:55:14 61784 ----a-w- C:\windows\System32\drivers\crashdmp.sys
2014-09-15 19:55:11 13661696 ----a-w- C:\windows\System32\Windows.UI.Xaml.dll
2014-09-15 19:55:07 914432 ----a-w- C:\windows\SysWow64\UIAutomationCore.dll
2014-09-15 19:55:05 328192 ----a-w- C:\windows\System32\ubpm.dll
2014-09-15 19:55:04 465240 ----a-w- C:\windows\System32\drivers\fvevol.sys
2014-09-15 19:54:51 10799104 ----a-w- C:\windows\SysWow64\Windows.UI.Xaml.dll
2014-09-15 19:51:30 785624 ----a-w- C:\windows\System32\drivers\Wdf01000.sys
2014-09-15 19:51:30 54488 ----a-w- C:\windows\System32\drivers\WdfLdr.sys
2014-09-15 19:46:14 312832 ----a-w- C:\windows\System32\LocationApi.dll
2014-09-15 19:46:12 183808 ----a-w- C:\windows\System32\winmmbase.dll
2014-09-15 19:46:12 115712 ----a-w- C:\windows\System32\winmm.dll
2014-09-15 19:46:08 439488 ----a-w- C:\windows\System32\WerFault.exe
2014-09-15 19:46:06 120144 ----a-w- C:\windows\System32\drivers\msgpioclx.sys
2014-09-15 19:46:01 245760 ----a-w- C:\windows\SysWow64\LocationApi.dll
2014-09-15 19:39:37 245248 ----a-w- C:\windows\System32\usbmon.dll
2014-09-15 19:39:33 645120 ----a-w- C:\windows\System32\Windows.Security.Authentication.OnlineId.dll
2014-09-15 19:39:15 156160 ----a-w- C:\windows\System32\powercfg.cpl
2014-09-15 19:39:13 180224 ----a-w- C:\windows\System32\SystemEventsBrokerServer.dll
2014-09-15 19:39:09 357888 ----a-w- C:\windows\SysWow64\netcfgx.dll
2014-09-15 19:39:07 550912 ----a-w- C:\windows\SysWow64\drvstore.dll
2014-09-15 19:39:05 504320 ----a-w- C:\windows\SysWow64\Windows.Security.Authentication.OnlineId.dll
2014-09-15 19:39:02 1338880 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2014-09-15 19:39:00 103936 ----a-w- C:\windows\System32\wpdbusenum.dll
2014-09-15 19:38:58 150016 ----a-w- C:\windows\System32\discan.dll
2014-09-15 19:38:51 951808 ----a-w- C:\windows\System32\Windows.Globalization.dll
2014-09-15 19:38:45 1149952 ----a-w- C:\windows\System32\winmde.dll
2014-09-15 19:38:42 1627648 ----a-w- C:\windows\System32\WindowsCodecs.dll
2014-09-15 19:38:27 117248 ----a-w- C:\windows\System32\NdisImPlatform.dll
2014-09-15 19:38:22 171008 ----a-w- C:\windows\System32\TimeBrokerServer.dll
2014-09-15 19:38:20 455168 ----a-w- C:\windows\System32\netcfgx.dll
2014-09-15 19:38:18 893952 ----a-w- C:\windows\SysWow64\winmde.dll
2014-09-15 19:38:15 145408 ----a-w- C:\windows\SysWow64\powercfg.cpl
2014-09-15 19:38:13 703488 ----a-w- C:\windows\System32\drvstore.dll
2014-09-15 19:38:01 1933312 ----a-w- C:\windows\System32\wbem\cimwin32.dll
2014-09-15 19:37:55 601088 ----a-w- C:\windows\SysWow64\Windows.Globalization.dll
2014-09-15 19:37:53 49152 ----a-w- C:\windows\System32\DevDispItemProvider.dll
2014-09-15 19:37:50 1101824 ----a-w- C:\windows\System32\wmpmde.dll
2014-09-15 19:37:47 71168 ----a-w- C:\windows\System32\WSDPrintProxy.DLL
2014-09-15 19:37:32 36352 ----a-w- C:\windows\SysWow64\DevDispItemProvider.dll
2014-09-15 19:32:17 1890816 ----a-w- C:\windows\System32\crypt32.dll
2014-09-15 19:32:15 1569280 ----a-w- C:\windows\SysWow64\crypt32.dll
2014-09-15 19:25:09 265216 ----a-w- C:\windows\System32\InkEd.dll
2014-09-15 19:20:03 1255936 ----a-w- C:\windows\System32\certutil.exe
2014-09-15 19:20:00 1013248 ----a-w- C:\windows\SysWow64\certutil.exe
2014-09-15 19:19:57 109056 ----a-w- C:\windows\SysWow64\cryptnet.dll
2014-09-15 19:19:55 141312 ----a-w- C:\windows\System32\cryptnet.dll
2014-09-15 18:44:53 35328 ----a-w- C:\windows\SysWow64\atmlib.dll
2014-09-15 18:44:53 300032 ----a-w- C:\windows\SysWow64\atmfd.dll
2014-09-15 18:44:49 46080 ----a-w- C:\windows\System32\atmlib.dll
2014-09-15 18:44:49 362496 ----a-w- C:\windows\System32\atmfd.dll
2014-09-15 18:39:16 475136 ----a-w- C:\windows\System32\WWanAPI.dll
2014-09-15 18:39:15 79360 ----a-w- C:\windows\SysWow64\taskkill.exe
2014-09-15 18:39:13 80896 ----a-w- C:\windows\SysWow64\tasklist.exe
2014-09-15 18:39:10 385024 ----a-w- C:\windows\System32\ncsi.dll
2014-09-15 18:39:09 567808 ----a-w- C:\windows\SysWow64\duser.dll
2014-09-15 18:39:01 375808 ----a-w- C:\windows\SysWow64\wbem\WmiPrvSE.exe
2014-09-15 18:39:01 131072 ----a-w- C:\windows\SysWow64\wbem\WmiDcPrv.dll
.
============= FINISH: 10:28:47.53 ===============
 
 
 
Here is the ATTACH file:
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 12/18/2012 11:25:49 PM
System Uptime: 10/11/2014 10:17:15 PM (36 hours ago)
.
Motherboard: AMD |  | PLCSC8
Processor: AMD A6-4400M APU with Radeon™ HD Graphics    | Socket FT1 | 2700/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 586 GiB total, 308.003 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
7-zip v9.20
Adobe Reader X (10.1.3)
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Quick Stream
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2014
AVS Video Converter 8
Bandicam
Bandicut
Bandisoft MPEG-1 Decoder
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CutePDF Writer 3.0
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Emsisoft Anti-Malware
File Association Helper
Five Nights at Freddy's
FormsWorkFlow 2007
GamingWonderland Internet Explorer Toolbar
HP Officejet 6600 Basic Device Software
HP Officejet 6600 Help
HP Support Solutions Framework
I.R.I.S. OCR
iTunes
Java 7 Update 67 (64-bit)
Junk Mail filter update
Microsoft Application Error Reporting
Microsoft Office
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Movie Maker
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
Nikon Message Center 2
Nikon Movie Editor
Origin
Pdf995
Photo Common
Photo Gallery
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
Premium Sound HD
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
SPORE™
Steam
Synaptics Pointing Device Driver
The Sims™ 3
The Sims™ 3 Generations
The Sims™ 3 Late Night
The Sims™ 3 Pets
The Sims™ 3 Supernatural
The Sims™ 4
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Desktop Assist
TOSHIBA eco Utility
TOSHIBA Function Key
Toshiba Password Utility
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA System Driver
TOSHIBA System Settings
TOSHIBA User's Guide
TOSHIBA VIDEO PLAYER
TOSHIBARegistration
Unity Web Player
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
ViewNX 2
Visual Studio 2010 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 5.01 (64-bit)
WinZip 17.5
Wizard101
.
==== Event Viewer Messages From Past Week ========
.
10/9/2014 5:39:34 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
10/9/2014 5:39:34 PM, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/9/2014 3:54:29 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {4D111E08-CBF7-4F12-A926-2C7920AF52FC}. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{4D111E08-CBF7-4F12-A926-2C7920AF52FC}
10/9/2014 3:51:41 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {E96767E0-7EAA-45E1-8E7D-64414AFF281A}. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{E96767E0-7EAA-45E1-8E7D-64414AFF281A}
10/9/2014 3:46:20 PM, Error: Schannel [36888]  - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 80. The Windows SChannel error state is 301.
10/9/2014 2:27:37 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {BB46F03E-7CD2-489F-8F95-BB950F395FDB}. The error: "2" Happened while starting this command: C:\windows\SysWOW64\DllHost.exe /Processid:{16D99191-6280-4B33-A2F5-04805A0FC582}
10/9/2014 10:05:02 AM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. The error: "2" Happened while starting this command: C:\windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
10/9/2014 10:04:39 AM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {76D0CB12-7604-4048-B83C-1005C7DDC503}. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
10/8/2014 3:09:21 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
10/13/2014 9:50:01 AM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {30D49246-D217-465F-B00B-AC9DDD652EB7}. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
10/13/2014 10:25:09 AM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {ECF5BF46-E3B6-449A-B56B-43F58F867814}. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
10/13/2014 10:17:30 AM, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca as Unavailable/Unavailable. The error: "5" Happened while starting this command: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server
10/12/2014 11:17:43 AM, Error: Microsoft-Windows-HttpEvent [15006]  - Owner of the log file or directory \SystemRoot\System32\LogFiles\HTTPERR\httperr1.log is invalid. This could be because another user has already created the log file or the directory.
10/11/2014 9:55:44 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.
10/11/2014 9:55:44 PM, Error: Service Control Manager [7000]  - The HP Support Solutions Framework Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/11/2014 10:33:46 PM, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: {581333F6-28DB-41BE-BC7A-FF201F12F3F6} as NT Authority/LocalService. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{478B41E6-3257-4519-BDA8-E971F9843849}
10/11/2014 10:30:30 PM, Error: Service Control Manager [7034]  - The Diagnostic System Host service terminated unexpectedly.  It has done this 1 time(s).
10/11/2014 10:30:30 PM, Error: Service Control Manager [7034]  - The Device Association Service service terminated unexpectedly.  It has done this 1 time(s).
10/11/2014 10:30:30 PM, Error: Service Control Manager [7031]  - The WLAN AutoConfig service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/11/2014 10:30:30 PM, Error: Service Control Manager [7031]  - The Windows Audio Endpoint Builder service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/11/2014 10:30:30 PM, Error: Service Control Manager [7031]  - The Superfetch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/11/2014 10:30:30 PM, Error: Service Control Manager [7031]  - The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/11/2014 10:30:30 PM, Error: Service Control Manager [7031]  - The Human Interface Device Access service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/11/2014 10:30:30 PM, Error: Service Control Manager [7031]  - The HomeGroup Listener service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/11/2014 10:30:30 PM, Error: Service Control Manager [7031]  - The File History Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/11/2014 10:30:30 PM, Error: Service Control Manager [7031]  - The Distributed Link Tracking Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/11/2014 10:29:33 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
10/11/2014 10:27:24 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {3AD05575-8857-4850-9277-11B85BDB8E09}. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{3AD05575-8857-4850-9277-11B85BDB8E09}
10/11/2014 10:18:20 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0xc000021a (0xfffff8a00f31aa90, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 101114-49483-01.
10/11/2014 10:15:38 PM, Error: Service Control Manager [7034]  - The Plug and Play service terminated unexpectedly.  It has done this 1 time(s).
10/11/2014 10:15:38 PM, Error: Service Control Manager [7034]  - The Local Session Manager service terminated unexpectedly.  It has done this 1 time(s).
10/11/2014 10:15:38 PM, Error: Service Control Manager [7031]  - The Power service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
10/11/2014 10:15:38 PM, Error: Service Control Manager [7031]  - The DCOM Server Process Launcher service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
10/11/2014 10:15:38 PM, Error: Service Control Manager [7031]  - The Background Tasks Infrastructure Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Reboot the machine.
10/11/2014 10:11:31 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {1F2E5C40-9550-11CE-99D2-00AA006E086C}. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{1F2E5C40-9550-11CE-99D2-00AA006E086C}
10/10/2014 9:02:41 AM, Error: volmgr [46]  - Crash dump initialization failed!
10/10/2014 7:39:15 AM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}
10/10/2014 12:20:48 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {06622D85-6856-4460-8DE1-A81921B41C4B}. The error: "2" Happened while starting this command: C:\windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
10/10/2014 12:16:56 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {E95186C7-7D80-4311-843D-0702CBC8B1E4}. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{E95186C7-7D80-4311-843D-0702CBC8B1E4}
10/10/2014 12:13:50 PM, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: {BA7C0D29-81CA-4901-B450-634E20BB8C34} as Unavailable/Unavailable. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}
10/10/2014 11:34:21 AM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {3519154C-227E-47F3-9CC9-12C3F05817F1}. The error: "2" Happened while starting this command: C:\windows\SysWOW64\DllHost.exe /Processid:{AD3EDBCA-0901-415B-82E9-C16D3B65E38C}
10/10/2014 10:19:19 AM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error: "2" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
.
==== End Of File ===========================
 
 
I admit I turned off the DCOM server, but that was because I thought it was allowing the conhost file to run more than two instances (it would run 15 or so).
 
Also, this infected my Windows 7 computer, it seems to be missing the keyboard and mouse drivers, though the keyboard does work in DOS.  I haven't started on that one yet.
 
Thanks for any help you can give me.
 

RELEVANCY SCORE 200
Preferred Solution: multiple conhost.exe processes high CPU usage powershell repeatedly stops

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: multiple conhost.exe processes high CPU usage powershell repeatedly stops

You´re being helped here: http://www.bleepingcomputer.com/forums/t/551849/multiple-conhostexe-processes-high-cpu-usage-powershell-repeatedly-stops/#entry3505406

Read other 1 answers
RELEVANCY SCORE 211.2

Hi.  I downloaded some stuff from a bogus Minecraft site and have had multiple problems since.  Everything got encrypted, but I didn't pay cuz I had copies, then I had multiple comsurrogate processes, and now I hav e high CPU usage, a program called "conhost.exe" that doesn't have a valid file location or service associated with it, and various programs spike randomly to 20% -30% cpu usage, keeping me in the 70 - 80% range.  Additionally, since I got the encryption virus, powershell stops working every few minutes.  And some computer company who says they are a "legitimate company" has been calling me and they want me to connect to their server through the run command line. 
I am running Windows 8.1
I have followed a couple fix threads and at various times have run rogue killer, emisoft and a couple others. Found some viruses, but still have the above problems.
I ran DDS and got the following logs:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Jeremy and Heidi at 10:25:18 on 2014-10-13
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.11741.9074 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Emsisoft Anti-Malware *Enabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Emsisoft Anti-Malwa... Read more

A:multiple conhost.exe processes high CPU usage powershell repeatedly stops

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully.First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.    HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs i... Read more

Read other 17 answers
RELEVANCY SCORE 101.2

Running Windows 7 Pro.
Problem occured after several Windows Updates had failed and would not complete.
High CPU usage from 35% to 100% fluctuations.
RAM usage usually runs 1.38Gb on this system.
Now while idle it can show anywhere between 2.6gb and max 8gb
Multiple instances of conhost.exe, msiexec.exe, ctfmon.exe, and cmd.exe.
Usually one of each will have high memory usage exceeding 1.5gb each
End Process cannot terminate any of the processes.
In Safe Mode problem is not prevelant. Although in Safe Mode with Networking it is.
Cleared all Temp file locations in all profiles.
Ran sfc /scannow with no integrity violations.
Windows Update max's CPU usage and does not complete download.
Cleared wuauserv cache.
Malware scans with malwarebytes are clear.
FRST64 scan results attached.
Need help on this ASAP.

A:High CPU and RAM usage; conhost, msiexec, ctfmon, and cmd multiple instances

Additional information:
Upon log off, restart, or shutdown:
The screen will flash mulitple times and pictures, text, and program windows can be seen momentarily during the flashes.
This is done with nothing running except the above process.
While Task Manager is open I can see that each flash coincides with a conhost, msiexec, cmd, and ctfmon closing.
 

Read other 5 answers
RELEVANCY SCORE 101.2

Hi,
 
I have been having issues with my computer with some processes that get launched and consumes most of the computer memory, up to a point that the computer suddenly shuts down. The interesting thing is that when Internet access gets disconnected, most of those processes disappear and the computer memory goes back to normal.
 
I have run the FRST64.exe from my external HD and here are the results. I hope you guys can help me out.
 
Thanks.
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015
Ran by SYSTEM on MININT-NTEMCOB (08-12-2015 08:21:27)
Running from F:\
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771240 2011-04-22] (Synaptics Incorporated)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1573504 2011-06-03] (Conexant System... Read more

A:High memory usage with multiple conhost.exe, msiexec.exe, svchost.exe, etc.

Greetings candresbeltran and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter ... Read more

Read other 30 answers
RELEVANCY SCORE 89.6

Seems to only happen at night. I NEVER use IE but I'll find 3-4 iexplorer.exe processes running and using high CPU percentages. I have been unable thus far to find and remove the problem.  I will typically keep task manager open and close each process at it comes up, but once I've closed one, more will open. I attempted to follow the directions to post the logs from DDS, but it only created the attach.txt file. (Which I've attached.)A DDS file was not created.  Neither AVG or windows scans have found any problems. Any help will be greatly appreciated.

A:Iexplorer.exe running multiple background processes w/ high CPU usage

Hi there,please run the following scans:Step 1Please download TDSSKiller and save it to your Desktop.Start tdsskiller.exe with administrator privileges.Accept the EULA and the KSN Statement.Click on Change parameters.Make sure that all available options (except "Loaded modules") are checked and click OK.Click on Start scan.If any threats are found don't delete them but choose the Skip option for all of them.Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).Copy and paste its contents in your next reply.Step 2Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply.

Read other 7 answers
RELEVANCY SCORE 89.6

THe computer is running slow and I am seeing multiple copies of dllhost.exe using large amounts of RAM.
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16584  BrowserJavaVersion: 10.67.2
Run by Jim at 2:32:34 on 2014-10-28
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4009.1082 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwisam.exe
C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES100... Read more

A:dllhost.exe *32 COM Surrogate multiple processes/high memory usage

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please run a FRST scan. This will help us diagnose your problem.Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, d... Read more

Read other 8 answers
RELEVANCY SCORE 88.8

Win 7 64 bit Dell Optiplex 780. 4G RAM.
 
A few days ago the system went sideways and now I have very high (but fluctuating) CPU usage and memory usage.  Processes in Task Manager  are running wild and some are showing multiple instances where I wouldn't have expect them to be so. Using Chrome to make this post but IE repeatedly crashes and allowing the crash to search for a resolution to the problem does not produce results. Details have shown issues with various dll files. 
 
I've temporarily removed avast. Installed and run malwarebytes, adware, jrt, ccleaner. Did a scan disc. All these come back clean.
 
Thinking this is a windows issue but not sure where to start. 
 
Any thoughts?
 
Thanks,
Dawn

A:Win 7 64 bit; cpu usage high; processes show multiple times in task manager

Hello chasingstillness
Please start with this program.
 
Download Malwarebytes Anti-Rootkit (A.K.A. MBAR) from HERE
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain.
If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
 
Thank You

Read other 2 answers
RELEVANCY SCORE 80.8

I was unable to get a DDS log. When I double click on dds.scr, I get a security warning stating that "The publisher could not be verified" and I click on "Run" to run it anyway. The dds.exe *32 appears in the task manager for about 12 seconds getting up to about 3,240KB, the command prompt window appears and instantly closes, and the dds.exe process disappears as well.

Since I'm running a x64 machine, I can't get a GMER log.

I've run Malware Bytes and it removed 1 malware and I ran it after rebooting and it's showing clean now. Trend-Micro doesn't show any issues. I've also run the Kaspersky Virus Removal Tool and it didn't show anything. I've also run TDSSKiller and it didn't find anything..

Even though MalwareBytes isn't showing any threats, I have seen a couple of notices from the taskbar where it has blocked outbound communication with a maliciious website.

Edit: DDS ran and here's the log:
Edit2: Just had another popup from MalwareBytes where it says it's trying to contact a malicious website. This one had a different port number, but the IP address is the same and it's still the csrss.exe that's showing up in the message.
I just saw another popup from MalwareBytes and this one was from coreserviceshell.exe. It popped up multiple times trying to following bing links in Chrome. I then get a message that says "Unable to load the webpage because the server sent no data."

I'... Read more

A:Zero Access malware? Extra csrss.exe, multiple conhost.exe processes, google redirects

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 12 answers
RELEVANCY SCORE 79.6

Hi there,
 
Recently, I noticed that my laptop was running extremely slowly to the point where it would crash. Since it's never happened before, it certainly got me worried. I used ProcessExplorer to look around for what was taking up all the memory, and I found 15 or more dllhosts.exe all running. Deleting them was no use, as they would keep popping back up. 
After figuring out what the problem could be, I experimented and suspended two certain dllhost.exe processes, which somehow prevented all the others from popping up. Then I saw that two processes, rundll.exe and powershell.exe would periodically show up, try to what I believe create another dllhost.exe, and then exit. 
 
I noticed that the dllhost.exe has a sort of influence on my internet connection, though I'm not quite sure how to explain it. Some internet programs only run if I let one dllhost.exe resume, then suspend it after the program starts working again.
 
My assumption is that the computer is infected with Poweliks? Any help would be greatly appreciated!
 
 
 
Here is the DDS log.
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.55.2
Run by Bao Nguyen at 18:16:37 on 2014-09-19
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6135.3635 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-8... Read more

A:Multiple dllhost.exe processes when rundll.exe and powershell.exe pop up

Hi there,My assumption is that the computer is infected with Poweliks?This would be my first guess, too. But we need a FRST log to confirm it:Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply.

Read other 10 answers
RELEVANCY SCORE 77.6

My 64-bit Vista laptop is infected with a virus despite having been using and running avast real-time protection. I've tried a variety of products to remove the virus to no avail. Among the symptoms are processor overload from multiple instances of:dllhost.exe *32 processpowershell.exe *32 process (while in Safe Mode w/Networking)powershell has stopped working message boxes (while in Safe Mode w/Networking)wermgr.exe *32 process It also changes my Internet Explorer browser setting to not allow downloads, and when internet access is turned on there are automated attempts to reach various urls that are blocked by avast. Some of these symptoms do not always appear now in Normal startup mode, but they still occur in Safe Mode w/Networking. Following is the DDS.txt: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16563Run by Steff at 17:07:12 on 2014-08-31Microsoft® Windows Vista Home Premium   6.0.6002.2.1252.1.1033.18.3998.1951 [GMT -4:00].AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrict... Read more

A:Multiple dllhost powershell wermgr processes and browser hijacks

Hi there,please run the following scans:Step 1Please download Combofix (by sUBs) and save it to your Desktop.Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.Start Combofix.exe and follow its instructions.Do not use the computer while the scan is running. This may cause the program to stall.When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).Please copy and paste the contents of this file into your next post.Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.(You can find more detailed instructions in this guide on using Combofix.)Step 2Please download Farbar Recovery Scan Tool and save it to your Desktop.Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply.

Read other 6 answers
RELEVANCY SCORE 75.6

I am just lost in what to do....I am not very computer system savy. Ive had one computer destroyed by Malware  took me too long to notice what was happening. I am concerned my new one is now infected.
I am running Windows 7
6.1.7601 service pack 1 build 7601
Toshiba Satellite P855 x64 based PC
 
My Windows update shuts off every time i turn my computer of, my virus protection would also but stopped.....I am running McAfee on a wireless Network with Internet Security Scan.....today I recieved notice of a Powershell stopped working from windows and it was closing the program and McAfee stopped a IP address trying to connect to my network. Please tell me what all this means......and am I protected or infected?
 

Read other answers
RELEVANCY SCORE 75.6

I have multiple dllhosts, high cpu utilization.  Occasionally I have seen a powershell error.
I also have high memory utilization by the svchost process.
Using Windows 7 - 64 Bit
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17420  BrowserJavaVersion: 11.25.2
Run by Scott at 19:26:17 on 2014-11-17
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3967.191 [GMT -6:00]
.
AV: Total Defense Anti-Virus Plus *Enabled/Updated* {57B5C44D-AAB5-DBC9-741B-542BE5A132EA}
SP: Total Defense Anti-Virus Plus *Enabled/Updated* {ECD425A9-8C8F-D447-4EAB-6F599E267857}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Total Defense Personal Firewall *Enabled* {6F8E4568-E0DA-DA91-5F44-FD1E1B727591}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Windows\System32\spoolsv.ex... Read more

A:multiple dllhosts high CPU, memory and Powershell error

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully.First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.    HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs i... Read more

Read other 8 answers
RELEVANCY SCORE 73.2

I have Win 10 and recently upgraded my RAM from 8GB->16GB as I was using around half of it easily and figured it might need more. However, currently, Task manager says I'm using 10GB of my 16GB DDR3 RAM though Processes only account for 3-4GB of it. Any idea what is using the rest or what's going on? I have a paid Virus Checker (Kaspersky) and that hasn't found anything ...

Thanks in advance for any help!
 

Read other answers
RELEVANCY SCORE 72

I'm a Streamer and have recently upgraded my pc i5 4690k, Asus z97-p, 16 ram. Ever since out of the blue cpu will spike from 60%-90% due to processes System & Compressed memory, Service Host:Local Service (No Network)(5), System Interrupts, Service Host: Local Service (7) and Client Server Runtime Process.
I have been unable to determine the cause even with exhaustive online research and frankly I'm at my wit's end. Numerous wipes and reinstalls of win 10 even by a local shop have not solved the problem. Even the hard drive has been replaced. I gave managed to create a CPU usage dump file for Windows Performance Recorder but I do not have the skill to diagnose. Please can anyone help!!

A:High cpu usage by background processes.

Update: Computer crashed and now no longer boots.

Read other 1 answers
RELEVANCY SCORE 72

Hello people!



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2
Run by admin at 21:07:25 on 2013-09-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2811.2083 [GMT 1:00]
.
AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Anti... Read more

A:Crazy High CPU Usage * All processes

Hello h_20. I don't see any sign of infection in your logs.


Quote:




Speedfan tested (three fans show 0RPM or maybe they were not detected),





Quote:




Perhaps fans aren't working (speed fan show 0RPM for three fans). But if fans aren't working, how come Safe Modes are giving me low CPU usages?




Safe Mode only uses a minimum of processes. I would manually check to see if your fans are working. Do you feel air coming out? If not, you need to have your fans replaced.

Read other 5 answers
RELEVANCY SCORE 72

Hello,
 
My PC running Windows 7 had begun to run very slowly and the fan ran continually. I have checked in the task manager and under the processes tab I find several processes running that really should not be. I have minimal programs running in the background (task bar) but even with those turned off these processes run at 100%  CPU usage. I can "end Process" for each of them from the processes tab of the task manager but they always come back and use more and more memory until the fan starts running and everything slows down to a crawl. The tasks include: systray.exe, dvdupgrd.exe, dllhost.exe, regsvr32.exe, rundll32.exe, fiximap , napstat.exe, windows media logagent, windows picture acquisition, Microsoft direct play helper, and a few others. In many cases I will look at it and several instances of these same  processes will be running. I have run several scans with AVG, Malwarebytes Anti-malware, and Spybot Search and Destroy without resolution. I have run the attached Hijack This log just now right after deleting the problem processes.
 
Any help you can give is much appreciated as this PC is nearly unusable for any long jobs in this condition. Thank you.

A:Very High CPU usage, processes continue to run

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/561558 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 14 answers
RELEVANCY SCORE 72

Hi all,

I was wondering if anyone could help me with an issue I have been having for the past few days.


My PC has recently been experiencing extremely loud fan noise (the type you get when it's running at 100%), upon checking my task manager I noticed that the CPU usage was between 70-90% on startup, even when nothing is running, and the fan seems to be on 100%.


It is becoming a problem as I use the laptop in lectures, seminars etc. at university and it is rather distracting having the noise.

I have done a virus scan with bitdefender and nothing was detected.


I had a BSOD a few days ago while using Traktor 2 (MIDI USB controller was attached to the computer). Although I'm not sure if the problems started straight after, I think it came about a day or two later.

Think there may have also been a few windows updates recently

Any help is much appreciated!

Here are my specs:

Dell XPS 14
Intel Core i7 1.9ghz (2.4ghz turbo boost)
8gb ram
500gb HDD

A:High CPU usage with no processes + loud fan

The battery life has also dropped from around 8 hours to 2 and a half hours due to the CPU usage being constantly high

Read other 4 answers
RELEVANCY SCORE 72

My memory usage seems very high recently. My fan runs ALL the time. It will stop for about 30 seconds and then kick back on for about another minute and repeats that cycle. Also, I have 80 processes running, is that too many? My memory usage is around 66% almost all the time. I'm just wondering if these numbers are too high or if there is something that I can do to fix them. Thanks.
 

A:Memory usage seems high. (80 Processes)

Read other 14 answers
RELEVANCY SCORE 71.6

i have been having unusually high cpu and ram usage thats not connected to any processes i can see in the task manager for about 2 days. today i got a blue screen from it, files are attached. i havent done a system restore yet but i may if its suggested. i've done mbam and avast full scans with no results already. also how do you read the crash dump files?

A:high cpu/ram usage not related to any visible processes

We have a few tutorials on how to get started: Crash and lockup debug 'How To' - Windows 7 Help Forums

A few recommendations for now would be:
Comodo and Avast! contribute to BSoDs', Remove them and use Microsoft Security Essentials & the Free version of Malwarebytes, update and make full scans separately:Uninstallers (removal tools) for common antivirus software - ESET Knowledgebase

Help protect your PC with Microsoft Security Essentials

Malwarebytes Free Do not start the trial version of MalwareBytes

You may also take a look at:Good & Free System Security CombinationReduce items at start up:Performing a Clean Startup in Windows 7

Add, or Remove Startup Programs in Windows 7
Your Antivirus software is basically whats just needed there.

Use the System File Checker tool and Run Disk Check: Repair Windows 7 System Files with System File Checker

Run Disk Check in Windows 7 for Bad Sectors & ErrorsMonitor hardware temperature with system monitoring software like Speccy or HWMonitor:
Piriform - Speccy

CPUID - HWMonitorObserve for further BSoD;s.


Code:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
****************************************************************... Read more

Read other 2 answers
RELEVANCY SCORE 71.6

Hello all,
The problems i'm having are as follows. I will start up my computer which will take a lot longer than it used to, the fan starts working overtime and gets louder and louder. When i look at task manager i can see 'aawservice' building up to 200k+ memory and if it's left for any more than 2 minutes my computer just turns itself off. If i get to task manager before it turns itself off i can end the process myself but it takes about 3-5 tries before it goes away, or appears to go away. Today i did the same strenuous routine just to get onto my computer however when I manually stopped 'aawservice.exe' through the task manager 'ccsvchst.exe' seemed to take its place and decided that it would send my memory usage through the roof.
I also have many duplicate processes. 'svchost' which i currently have 9 seperate processes running at this time which amount to around 75k of memory being used. 'ccsvchst.exe' which i have 4.

Also i have a problem with mozilla where you will enter a site into the address bar and instead of taking you there it will search for that site through askjeeves.
 

Read other answers
RELEVANCY SCORE 71.6

(XP Home Ed./SP3)

I've been experiencing some insane freezes lately. This is especially common when I try to run an application close to start-up, but it also happens a few hours after that. I honestly have no idea what is going on, I've already tried disk cleanup, scanning for viruses and what-not, and so on. However, I find that there are some specific moments where this happens as well:

a. During Firefox, especially when I am prompted about an unresponsive script.
b. During a MMORPG I play, whenever I go up/down a floor.

As well, I've found that a lot of the processes are eating up way too much memory. Here's a snapshot:
I can understand Firefox and what-not eating up high memory, but the rest of those are way too high and it's affecting the way I can use some of my programs. I'm hoping it's a simple solution, because it's driving me nuts.

No idea where my specs are found on this site, but here they are:
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) D CPU 2.80GHz, x86 Family 15 Model 4 Stepping 4
Processor Count: 2
RAM: 2046 Mb
Graphics Card: NVIDIA GeForce 7300 LE, 256 Mb
Hard Drives: H: Total - 953859 MB, Free - 911071 MB;
Motherboard: ASUSTek Computer INC., EMERY, 1.05, MB-1234567890
Antivirus: None

And a last question... I have Windows Security Essentials installed but Windows can never pick it up, how do I fix this problem?

Thanks in advance.
 

A:Solved: Freezes, processes/high mem usage, etc.

Read other 10 answers
RELEVANCY SCORE 71.6

I have the same problem as posted here:
http://www.bleepingcomputer.com/forums/t/559124/cpu-usage-too-high-please-help/
 
The same exact processes.... COM surrogate, dvdupgrde.exe, Windows Image Acquisition Wizard, Microsoft Direct Play Helper, Win 32 Cabinet Self Extractor, UpNP Device Host Container, etc.
 
I have done the first step in the steps outlined in that topic.  It seems to have worked, as the infeciton was found and killed.  I really need help to continue thecleaning process though. I'd really appreciate it if someone could help me go through the steps as in that topic.
 
Thank you!
 
 
Here is the log from the Poweliks after it found and removed the infection...
 
[2015.10.05 19:49:35.687] - Begin
[2015.10.05 19:49:35.688] -
[2015.10.05 19:49:35.709] -     ....................................
[2015.10.05 19:49:35.709] -   ..::::::::::::::::::....................
[2015.10.05 19:49:35.710] -   .::EEEEEE:::SSSSSS::..EEEEEE..TTTTTTTT..    Win32/Poweliks
[2015.10.05 19:49:35.712] -  .::EE::::EE:SS:::::::.EE....EE....TT......   Version: 1.0.0.5
[2015.10.05 19:49:35.714] -  .::EEEEEEEE::SSSSSS::.EEEEEEEE....TT......   Built: Jun 30 2015
[2015.10.05 19:49:35.715] -  .::EE:::::::::::::SS:.EE..........TT......
[2015.10.05 19:49:35.718] -   .::EEEEEE:::SSSSSS::..EEEEEE.....TT.....    Copyright © ESET, spol. s r.o.
[2... Read more

A:CPU usage extremely high! Various processes pop up after being killed.

Welcome to BC !
 
Poweliks may have dropped some adware or malware or both. Best to look for both. Use the programs below to find and remove.
 
Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.
CCleaner - PC Optimization and Cleaning - Free Download
 
Download Malwarebytes' Anti-Malware from Here
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
Click the Remove Selected button.
MBAM will now delete all o... Read more

Read other 1 answers
RELEVANCY SCORE 71.6

Hi. I am new here. Recently (about 12 hours ago) my pc started to have very high CPU usage. Also, there are14 svchost.exe and a bunch of random services which I have never seen before. I am suspecting a virus but I don't know where it is and I don't know how to remove. So, please help. Below are the necessary information

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows 7 Home Premium , Service Pack 1, 32 bit
Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz, x64 Family 6 Model 15 Stepping 11
Processor Count: 2
RAM: 3062 Mb
Graphics Card: Mobile Intel(R) 965 Express Chipset Family, 384 Mb
Hard Drives: C: Total - 93371 MB, Free - 9726 MB; D: Total - 50960 MB, Free - 5023 MB;
Motherboard: Acer , Biwa , Rev , LXTK50X049807154E22000
Antivirus: ESET Smart Security 4.2, Updated and EnabledClick to expand...

HijackThis log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:49:01 PM, on 6/24/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Jav... Read more

A:High CPU usage. Unidentified processes. Virus?

*bump*
 

Read other 2 answers
RELEVANCY SCORE 71.6

Hi there!  I'd like to ask for your help with this dllhost.exe problem that just suddenly appeared out of nowhere!  I am writing this to you from my husband's laptop. I have shut down my pc for the time being.  I have NEVER needed help with a virus before and am quite humbled to have to ask for outside help, BUT this dllhost problem is causing my computer to run at 100% and the poor thing is just too revved up!!  Other issues include not being able to download programs (I have to fix it each time in IE properties), not being able to access windows update (someone said the problem might be related to a certain update) and some other weird stuff.  I tried to run a variety of scans and fixes already but nothing helped.  I've seen your responses to others with this problem, so I'll tell you what I've done already and send the results of my scan in the next message.Last night.  First AVG caught the virus, but by the time I got to the computer (it happened while my husband sat down to play spider solitaire - does that mean anything?) I couldn't quarantine it because it told me that it had already been dealt with in a different way.  At that time the computer was already humming at high CPU usage.  I then ran malwarebytes, tsskiller(whatever it's called) and another kill program - forget the name - might have had a 64 in the name - they found nothing.  I ran combofix and farbar but didn't know what the results meant so I did nothing ... Read more

A:dllhost - too many running processes & high cpu usage

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please download Powelikscleaner (by ESET) and save it to your Desktop.Double-click the to start the tool.Read the terms of the End-user license agreement and click Agree if you agree to them.The tool will r... Read more

Read other 38 answers
RELEVANCY SCORE 70.8

I have a Dell Precision M6400 with 16 GB of RAM, running Windows 7 Ultimate 64-bit. The programs I use most are Firefox and Sony Vegas, which can both use up to about 400,000 KB of memory per window, give or take. I would assume that it's not much for a computer with 16 GB of RAM, but I may be wrong-- my laptop spikes up to 80-100% more often than not, and I feel like it's a miracle when I can get it below 10% at all, not just without any active programs running.

Right now, my highest Process (per the Processes tab within Task Manager) in terms of amount of memory being utilized is Firefox, which is using roughly 400,000 right now. The next highest is Windows Explorer, using 96,000.

Here is a screencap of every single process my computer is currently using:

And here's what my CPU Usage looks like:

Am I wrong to expect my computer to easily to run 4 or 5 programs that use 400,000 KB of memory each? That's why I purchased such a large amount of RAM and an expensive laptop in the first place.

Are there too many Processes running? If so, how can I make sure I'm safely disabling any that aren't necessary?

What should I expect my CPU Usage to be, in the best case scenario, in relation to the amount of memory the processes are using? What can I do to increase the speed and/or efficiency of my laptop?

Thank you.
 

A:How high should my CPU Usage be in relation to the Processes my computer is running?

Read other 16 answers
RELEVANCY SCORE 70

Hey all. So I upgraded to 8.1 from 7 and I faced this issue where I have the same exact programs opened that I had back on windows 7, but now they are generating alot more CPU usage. I can't find any solution to this, other than installing 7. That fixes
it. On win 7 with the same exact enviroment (same programs opened, same page on google chrome opened, same exact everything) I get 1-4% cpu usage which is great. On win 8.1 however, with again everything the same, I get 18-30% cpu usage.
And it's all caused by windows' processes and stuff. Can't really shut them down because things won't work then.
I kinda like win 8.1 so I don't wanna go back to 7, but since my performance is crippled, I might have to. Any suggestions are much appreciated! I've tried some things that I found on the internet, but nothing seems to fix it.

A friend of mine has the same mobo and cpu as me, but when I did a test and created the same exact enviroment as on my pc, the usage doesn't go above 5% when idle.
I dunno what to do at this point.
Here's some screenshots of my task manager:
http://i.imgur.com/K3le1cX.jpg
http://i.imgur.com/x0qxCaw.jpg
http://i.imgur.com/FfV6ZBH.jpg
On this last one you can notice that there's a misterious difference between the user cpu usage and the overall, idk what causes that.
I tried doing clean install and have absolutely nothing installed and it still stays at around 15%

Read other answers
RELEVANCY SCORE 70

Howdy,
 
I found several processes in the Task Manager that continued to appear when I tried to end them including: PresentationHost.exe, msdtc.exe, dllhost.exe, cmd.exe, msiexec.exe, conhost.exe. It's causing my computer to perform very slowly and I'm positive that a malware(s) is behind this. I would highly appreciate some help!
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-05-2016
Ran by S430219 (administrator) on 010C631-603864 (07-05-2016 15:42:25)
Running from C:\Users\s430219\Downloads
Loaded Profiles: S430219 (Available Profiles: S430219 & OfflineUser & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Novell, Inc) C:\Program Files (x86)\Novell\CASA\bin\micasad.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Novell, Inc.) C:\Program Files (x86)\Novell\ZENworks\bin\ZenworksWindowsService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device ... Read more

A:Fake Window Processes - PresentationHost.exe / msiexec.exe etc. w high CPU Usage

Hello DavidClaus and Welcome to the BleepingComputer.
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.
Before we move on, please read the following points carefully.
Please complete all steps in the specified order.
Even if tools don't find malware, I want you to post the logfiles anyway.
Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can.
Don't install or uninstall software during the cleanup unless you are told to do so.
Ensure your external and/or USB drives are inserted during always the scan.
If you can't answer for the next few days, please let me know. If you haven't answered within 5 days, I am assuming that you don't need help anymore and your topic will be closed.
If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
I can not guarantee that we will find and be able to remove all malware. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean
Please reply to this thread. Do not start a new topic
As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
Please open as administrator the computer. How is open as administrator the computer?
Dis... Read more

Read other 3 answers
RELEVANCY SCORE 69.6

Please help! My computer is quite new, and I need to find out if I have faulty hardware (and what it is) so I can get a replacement under warranty.

64bit Windows Home Premium OEM
3 month old install.
3 month old hardware.
No overclocking.
Home built.

i7 2600
850w corsair power supply.
G-Skill 10666 dual channel 8gb (1333)
120gb OCZ Vertex 3 ssd
2tb Samsung something something
2 x Gainward GTX570 GLH in SLI
Z68X-UD3R-B3 motherboard
Onboard sound (optical out and stereo out)

I'm not sure what's causing the crash. It happens randomly. Generally after a few hours of use. Many things can trigger it - watching a movie, playing games, and the last one - trying to shut down.

I have attached the logs.

Rgds

N

A:BSOD - Multiple processes fail, then system stops BSODs.

Hi.

Remove Gigabyte EasyTune6 driver (known issues w/Win7)
Welcome to GIGABYTE TECHNOLOGY

Finish and post back.

Read other 9 answers
RELEVANCY SCORE 69.6

I seem to have a virus that is hogging my CPU. Even without being connected to the Internet, I have multiple instances of iexplore.exe running. One is taking up 250,000K of CPU by itself, with another in the 125,000 range. There are no internet tabs open. When I connected to the internet 6 other iexplore.exe processes started running and my CPU went to 100%. I ran Malwarebytes and it doesn't find any bugs. My desktop is an HP Pentium running Windows 7 and IE 11 and all updates for Windows have been installed. Any assistance would be greatly appreciated. Thanks in advance.

Tech Support Guy System Info Utility version 1.0.0.4
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Pentium(R) CPU G620 @ 2.60GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 2
RAM: 6050 Mb
Graphics Card: Intel(R) HD Graphics Family, -1262 Mb
Hard Drives: C: 919 GB (819 GB Free); D: 11 GB (1 GB Free);
Motherboard: PEGATRON CORPORATION, 2AC2
Antivirus: Norton Security, Enabled and Updated
 

Read other answers
RELEVANCY SCORE 69.2

Hi there,
as the titles says, i am having an unusually high usage of cpu from those 2 processes (25-80%) on my quad core 4.3 Ghz processor,which i highly doubt is normal. another weird thing i noticed is that it's periodic, meaning it would be very high during the day, but during the night it's fine! i am afraid my device has been infected with a bitcoin miner or something!
I am using Bitdefender free antivirus, and i also scanned with malewarebytes antimaleware to no avail, so i went ahead and did a FRST scan, here are the results
any input is highly appreciated, thanks a lot.
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Scalpel (administrator) on SCALPEL-PC (03-09-2016 17:34:48)
Running from C:\Users\Scalpel\Desktop
Loaded Profiles: Scalpel (Available Profiles: Scalpel & FL2-MAN)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vis... Read more

Read other answers
RELEVANCY SCORE 68.8

Hello.  I'm on my Mother-in-Laws laptop and she mentioned it was running so slow she couldn't do anything with it.  After examination, It appears as though there is either malware or a virus that is creating multiple instances of the same processes (i.e. dllhost.ext is open 9 times right now) that is completely eating up the CPU Usage to 100% and basically handcuffing anything else that she wants to do on her computer.  I ran MalwareBytes and TDSSKiller to no avail, so I am coming to this to see if anyone can help me.  I couldn't complete the DDS run in regular mode, but I was able to complete in SafeMode (which still has all of those processes popping up). Here are my DDS results:
 
DDS.txt
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.17496
Run by Owner at 21:03:09 on 2014-12-23
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6092.4783 [GMT -5:00]
.
AV: Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
... Read more

A:Multiple Processes of Same Instances eating up 100% CPU Usage

Hello and Welcome on board ,my Name is Machiavelli and I will assist you with your problem.If you booted into safe mode on your computer then print my instructions!I'm in the 'Malware Staff Team' and will provide you with advice:To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.Below are a few tips:Removing Malware is usually very difficult.We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!Please follow these instructionsIf you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!Please stay in contact with me until your problem is resolvedAs Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.Please don't run any other tools without consulting with me as this can complicate finding and removing all MalwareDon't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!Read my post completelyIf you don't do so, you may make mistakes that could result in your System crashing by your own ... Read more

Read other 11 answers
RELEVANCY SCORE 65.6

Ever since I have installed windows 8.1 on one of my computers I have been having problems with multiple instances of windows explorer.exe running, some instances using around 35% of my cpu.

Computer gets so slow sometimes that I have to go into task manager and close down all the instances of explorer.exe especially the ones using up to 35% of my cpu.

I run clean computers, anti-virus, malware detection etc, never finds anything.

I have one theory, I have installed a registry edit so one can copy and move files by right clicking in explorer. could this edit be causing my problems?

any help would be appreciated.

Terry

A:multiple instances of explorer.exe, high cpu usage

well, just from a troubleshooting standpoint and logic by subtracting one factor at a time, it is definitely something you installed as I just pointed out in another posting here, - Windows freshly installed out of the box does not have these kinds of symptoms and problems.. so i'm guessing it is something installed..

time for clean boot and disable startup/services related to that program and others for troubleshooting to see what it is..

Read other 2 answers
RELEVANCY SCORE 65.6

For some reason in task manager I see 4 conhost.exe processes, I felt that's a little weird so I did some research, long story short I heard a good way to verify if they're legit would be to open their file location, if it's in system32 that's a step in the right direction, next thing to check would be digital signature, only one of the four processes actually opened to the file location, and it didn't have a digital signature, and one of the processes was actually lacking a description in task manager, here's some screen shots showing what I'm talking about:
 
Processes in task manager
 
Properties of conhost.exe as found via "Open file location" in task manager (If my little research is correct, if it has a digital signature there should be a digital signature tab there, which there isn't)
 
I tried ending the conhost that didn't have a description, yet for some reason I don't have access. Side note: I'm on the administrator account.
 
From what I've read, conhost is entirely harmless and intended to fix a problem that was on Vista related to dragging/dropping to console, yet the fact one of them has no description and is above Administrator privileges, and the only seemingly legit one is lacking a digital signature, just feels a bit odd.
 
EDIT: Okay did some searching in system32 to see if any of the .exe files had the digital signature tab, and none of the ones I checked have it, which is leading me to believe what I read was probably outdated an... Read more

A:I have 4 conhost.exe processes for some reason

Hi applesauce10189 Conhost.exe is a legitimate Windows system executable and process. It's also normal for you to have more than one instance of it in your Task Manager and not being able to "kill" these processes. Before I go on, when you open the Task Manager, do you have the Show processes from all users option checked/enabled or not? If you don't, you won't be able to kill some processes. I also suggest you to not try to kill processes that are vital to the Windows system, or you'll end up with a Blue Screen of Death (BSOD). Oh, and some processes also requires you to have this option enabled in order to use the Open file location option on them.

Read other 3 answers
RELEVANCY SCORE 64.8

Hello,

I've been having this issue for quite a while.

When I use my PC with multitasking and playing games. Then, I close everything, the RAM usage stays at 65% and I can't get it to the original state which is; like, 18%.

That's of course cause more RAM usage when I want to open apps the next time.

System restart solves everything.

My system is windows 8.1 pro.

I have a new laptop with windows 10 and I don't have this issue.

Read other answers
RELEVANCY SCORE 64.8

Hi, I'm new here and I'm not good about any of these so please be detail.
My problem started when I installed a software that required me to use daemon tools. I did, eventhough I don't really know how it works (I just click and click). It is something about mounting and stuff. So I did, and the installation went okay.

After the next restart, windows started to find missing hardwares and asks me to install it, all 3 or 4 of them. I didn't at first, and realized my cpu usage gone to 50-60% without running anything. So I browsed forums, and it's not because of DMA reverted to PIO or stuff. I downloaded Process Explorer and noticed the hardware interrupts are the cause of this high cpu usage. I checked device manager, and found out that under the IDE ATA/ATAPI Controllers, I have multiple channels. Before this, I only have 1 primary channel, 1 secondary channel and 1 standard dual channel PCI IDE controller but now I have 2 for each channel I stated. I suspect this is the problem, but I don't know how to deal with it, and I googled it, nothing similar ever came up.

I tried uninstalling, reinstalling and updating the drivers. Sometimes the hardware interrupts disappear and I don't know why, but the next restart will trigger the problem all over again.

I really don't know what to do and I hope someone could help me.

Thanks in advance.
 

A:Multiple IDE channels, Hardware interrupts, High CPU usage.

Daemon tools includes software to mount ISO files made from
CD's or DVD's so there original disk doesn't have to be in
the drive to use software like games.
It probably installed drivers to interface with the virtual drive.
You should be able to uninstall it from add/remove programs (XP)
or programs and features (vista and windows 7) in start/control panel.
What where you trying to do or install when this happened?
 

Read other 2 answers
RELEVANCY SCORE 64

Hi.

Can anybody give me any suggestions. I have a new Intel P4 HT 3.0 Ghz with WinXP home system. I notice that whenever there are more than 1 user logged on, the CPU usage jumps to 50 to 60%. System Idle time is at 99%. I have checked for any virii or adware installed and found none. (Used Spybot S&D and Ad-aware 6.0)

Curious that it only happens when multiple users are logged on. If it's just 1 user, CPU cycle is at 1%. Could this be normal since WinXP is resource intensive?

Thanks.

I see this happening even though there are no apps running on both users.

Thanks again
 

A:WinXp Home high CPU usage when there are multiple users logged on.

ignore this

I was able to solve the problem so just ignore this thread.

Thanks.
 

Read other 3 answers
RELEVANCY SCORE 64

PC exhibiting some strange behavior, including Gmail text-replacement while writing email to others. Definitely spotted and removed malware crud, but noticed residual and reminiscent behavior in two unkillable conhost.exe processes and somewhere between 8-10 chrome.exe processes (which are killable and do not immediately come back) that start up in the background after a reboot, and make me think there's still something buried deep and mucking about.

Your instructions have changed a bit from previous, so I hope I'm giving you what you need. Avast Pro is already on the system and can run scans, but is not currently updating properly. (Mainly it's just been getting in the way of my own cleanup.)

FRST and Addition logs pasted below. Let me know if you want any further details of steps I've already taken and logs already collected.

--------------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by janice (administrator) on CFO-HP on 09-04-2015 15:16:16
Running from C:\downloads
Loaded Profiles: janice (Available profiles: janice & patty & cfo & Xerox)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted... Read more

A:Conhost.exe and fake Chrome.exe background processes

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-09 15:16 - 2015-04-09 15:16 - 00000000 ____D () C:\FRST
2015-04-09 14:46 - 2015-04-09 14:46 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-09 14:46 - 2015-04-09 14:46 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-09 14:44 - 2015-04-09 14:44 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-09 14:24 - 2015-04-09 14:25 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-09 14:24 - 2015-04-09 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-09 14:24 - 2015-04-09 14:24 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-04-09 14:24 - 2014-09-04 14:04 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2015-04-09 14:24 - 2014-09-04 14:04 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2015-04-09 14:11 - 2015-04-09 14:11 - 01528128 _____ (LogMeIn, Inc.) C:\Users\janice\Downloads\Support-LogMeInRescue (6).exe
2015-04-09 14:11 - 2015-04-09 14:11 - 00000000 ____D () C:\Users\janice\AppData\Local\LogMeIn Rescue Applet
2015-04-08 12:19 - 2015-04-08 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FMAudit Onsite
2015-04-08 12:17 - 2015-04-08 12:17 - 01528128 _____ (LogMeIn, Inc.... Read more

Read other 29 answers
RELEVANCY SCORE 63.6

Hi everyone,
 
(Note: I also posted this over at Microsoft Forum, so I'll be getting some help from them, too, hopefully.)
 
Been browsing the forum, but the answer to each problems seems highly specific to each instance of the problem, so I don't see an alternative to posting this question and hoping for some individualized feedback here.  Thank you in advance for your help.
 
Before I get to the problem, I'll provide some system specs:
 
Dell Latitude E6430 Laptop
Intel i5-3210M CPU @ 2.5 GHz
3.88 GB RAM
Windows 7 Pro (SP1) (64-bit)
 
 
Recently, I've noticed that some unknown thing is hogging resources far beyond the usual amount even when the computer is idle.  Right now for example, I only have Task Manager and Chrome (2 tabs) running yet my CPU usage is hovering just under 40% (of 2.5 GHz processor) and my physical memory is at 43% (of 3.88 GB installed memory).  This is much higher than it should be.  Here is a pic of Task Manager:
 

 
I can see two obvious problems when I look at this.  First, the NT Kernel and System is using up way too much of the CPU.  Since that's a Windows process, obviously I can't just disable it, but I don't even know where to begin in looking for causes to that.
 
The second problem that I see is that there are well over 100 processes running (often upwards of 120).  I remember back in the day with older Windows OS, I liked to keep this well under 50.  But a... Read more

A:High Resource Usage-Multiple problems incl. NT Kernel & System

Posting a topic at two different websites...is self-defeating, IMO.
 
There is no one way to troubleshoot...and all members at a sight don't necessarily see things in the same way...so all you do when you post at multiple sites is increase the chance of having conflicting suggestions/approaches.
 
I suggest that you go with the topic at a Microsoft forum.  If that fails to yield satsifaction, that would be the time to seek out other sources...one at a time .
 
Louis

Read other 2 answers
RELEVANCY SCORE 63.6

Hi,
 
I've got windows 7 pro machine with explorer.exe running as a child of Explorer.EXE.  The child process is taking up huge amounts of memory, up to 2.8GB and is making tons of TCP/IP connections. I have also noticed that ctfmon.exe will sometimes run as a child of the second explorer.exe process, but this is not always the case.  If I kill the process, it comes back momentarily. It also runs and makes all of the connections in safe mode with nothing else opened. 
 
I have scanned with mbam, rkill, tdsskiller, and all come up clean. I've been watching the tcpip connections with process explorer and have multiple screen shots of the connections made if that'll help. I don't know if I can export them in txt format.
 
I have been unable to find a solution to this online, a few people seem to have similar problems, but haven't seen a solution yet.
 
Thank you for your help.
 
-Lucas

A:Secondary explorer.exe process high memory usage, multiple TCP/IP connections

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware to your desktop.NOTE. If you already have MBAM 2.0 installed scroll dow... Read more

Read other 28 answers
RELEVANCY SCORE 63.2

Hello!
 
I'm asking help for this issue (please be patient, it's my first time doing this!): I have noticed that there are some processes in my Task Manager that don't show their user name, their location and their command line. I'm using Windows 7 64 bit. The processes are:
 
atkosd.exe
conhost.exe
csrss.exe
hcontrol.exe
nvstreamsvc.exe
nvxdsync.exe
wdc.exe
winlogon.exe
 
If i check the option "Show processes from all users", the information about the previously mentioned processes magically appear. All are run by SYSTEM, all seems to have a proper folder location, and all seems legit. What makes me suspicious is:
 
1 - I noticed this issue after my MBAM Pro ended, however I can't surely say it didn't happened before the ending of the licence;
 
2 - when MBAM Pro was active, it sometime blocked an IP that tried to connect to my computer; I tried a solution to solved this issue and it seemed to work, but some time later i got again similar warnings until they disappeared without taking any furhter action. Unfortunately, I don't remember the IP address nor the solution I applied to solve the warnings;
 
3 - before noticing the processes without information, I checked sometime the Task Manager and I remember for sure that I could see only 1 csrss.exe process with his name, location and key; nowadays, looking at all the processes in Task Manager I see 2 csrss.exe and 4 conhost.exe (I see only 1 csrss.exe if I don't check "Show processes from all use... Read more

A:Processes in Task Manager without User Name: conhost, csrss & others...

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Your logs are clean of malware.This is just a cleanup.Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.Or Press the windows key + r on your keyboard at the same time. This will also open your Notepad.

start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Toolbar: HKU\S-1-5-21-345862167-945495104-181563441-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-04-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-19]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.The location is listed in the 3rd line of the Farbar log you have submitted.Run FRST and click Fix only once and wait.Restart the computer normally to reset the registry.The tool will create... Read more

Read other 5 answers
RELEVANCY SCORE 63.2

Hello,
A few weeks ago i noticed high cpu usage by System and System Interrupt, so I started digging into it. Followed several posts, did all drivers updates after a clean install, power management, disabled devices from BIOS and device manager and ended up getting
nothing. Yesterday I decided to open my lappy and remove the new components i had installed 3 months ago and when I removed my SSD and installed windows on old HDD, everything is back to normal.
Model: Dell Inspiron 15z 5523
CPU: 3rd Gen Intel Core i7 3537U 2.0 Ghz (3.1 Turbo)
Ram: HyperX Impact DDR3L 1866 Mhz (8x2) 16 GB Total
Storage: 1TB WD Blue 3D NAND SSD, WD Blue 500 GB Laptop HDD.
Graphics: Intel HD 4000 & Nvidia GT 630M
Please Help, I really need my SSD and my CPU to work normally to learn and do my projects.

Read other answers
RELEVANCY SCORE 62.8

Yesterday computer started working slow, and when checked the task manager, saw that numerous processes were taking up very high amounts of memory.  Tried to 'end task' them, but they would reappear again and again,
some of the processes:
ctfmon.exe, msiexec.exe, notepad.exe, dllhost.exe, svchost.exe, conhost.exe, msdtc.exe, taskhost.exe, audiodg.exe, PresentationHost.exe . . .
There was no AV on the computer, so I tried downloading some and running it, but they wouldn't run - as if something was blocking them.
I tried manually removing the files created at the time when this started, hijackthis and combofix prior to posting here.
I also got the blue screen quite a few times since yesterday.
 

Below is the FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-10-2015
Ran by V (administrator) on V-PC (31-10-2015 14:10:54)
Running from C:\Users\V\Desktop
Loaded Profiles: V (Available Profiles: V)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: "C:\Program Files (x86)\Comodo\Dragon\dragon.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Privacyware/PWI, Inc.) C:\Program Files (x86)\Privacyware\Privatefirew... Read more

A:Processes multiplying and hogging up memory: conhost.exe, dllhost.exe, ctfmon...

Greetings kosmikk and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problem... Read more

Read other answers
RELEVANCY SCORE 62

Howdy all,

I've been seeing multiple instances of processes in Task Manager such as conhost, ctfmon, msiexec.exe, presentationhost.exe, and even notepad.exe even while it's not opened, and they all take up a lot of memory slowing down my computer. Also, whenever I attempt to end these processes, they'd always reappear back and multiply.
 

A:Suspicious Processes - PresentationHost.exe, msiexec, conhost, notepad slowing down computer

Hello,
Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​
Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.


Please download Zemana AntiMalware and save it to your Desktop.

Install the program and once the installation is complete it will start automatically.
Without changing any options, press Scan to begin.
After the short scan is finished, if threats are detected press Next to remove them.
Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.​
Open Zemana AntiMalware again.
Click on icon and double click the latest report.
Now click File > Save As and choose your Desktop before pressing Save.
The only left thing is to attach saved report in your next message.

 

Read other 1 answers
RELEVANCY SCORE 61.6

computer slow after being redirected to site-- "homesoftsaver9.com" did some research and im sure thats where my problems came from.

heres my hijackthis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:08:34 PM, on 8/30/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\AVG\AVG9\avgchsvx.exe
D:\Program Files\AVG\AVG9\avgrsx.exe
D:\Program Files\AVG\AVG9\avgcsrvx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
D:\Program Files\AVG\AVG9\avgwdsvc.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxduserv.exe
D:\WINDOWS\system32\lxducoms.exe
D:\Program Files\AVG\AVG9\avgnsx.exe
D:\Program Files\McAfee\SiteAdvisor\McSACore.exe
D:\Program Files\Common Files\Motive\McciCMService.exe
D:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
d:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
d:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
D:\Program Files\Common Files\AOL\ACS\AOLDial.exe
D:\Program Files\QuickTime\QTTask.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\McAfee\MPF\MPFSrv.exe
D:\Program F... Read more

A:high CPU usage and high page file usage, computer slow

bump. very slow start up. page file usage up to 768MB when its usually under 100MB and various processes running that i don't recognize. any one?
 

Read other 2 answers
RELEVANCY SCORE 61.6

Hello everyone, I've been having a very weird problem recently, in which I BELIEVE is involving high physical memory usage. Sometimes I will be doing things such as playing a game, or watching a stream, and my computer will run fine for a little while. But at random times, my computer will majorly slow down and sometimes even crash. If it doesn't crash, sometimes it will get so slow to the point where I have to hold down the power button and manually shut it down. Every time my computer slows down I notice it is using a TON of physical memory. It's actually happening right now. My computer is going very slow and it's using 6.22 GB memory out of 8. There are no big programs running right now, so I don't understand why it's being slow. I hope someone is able to help. Thank you for taking the time to read this!

Update: I just tried to open chrome, and the computer froze completely. It would not unfreeze. After leaving it frozen for a minute or two, the screen went black. This is becoming very frustrating.

A:Very high physical memory usage, no high usage programs running

Post a screenshot of Task Manager - Performance tab when the problem occurs.

Read other 9 answers
RELEVANCY SCORE 60.8

Hello, I was referred to post here from the "Am I infected? What do I do?" sub forum.
This is the link to that particular thread with all the results of various scans and such here: http://www.bleepingcomputer.com/forums/t/502296/infected-with-conhost-virus/
 
Basically, when I boot up, after about 5 minutes the conhost.exe process starts and my GPU usage spikes to 99% along with the GPU fans (the noise is how I first figured out something was going on!). I went through each process one by one, until I closed conhost and the GPU returned to normal. I have repeated just stopping conhost a lot of times and can quite confidently say it is that which is causing the GPU spike.
 
I have read topics online about hackers using conhost to disguise a bitcoin miner which would mean my machine has an outgoing connection to an unsafe machine. I don't know how to get rid of this. Please help me.
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 
Run by Elliott at 16:11:46 on 2013-07-27
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.8143.4523 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k ... Read more

A:Conhost.exe process causing GPU 99% usage

Hello Ell223 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", ... Read more

Read other 11 answers