Conhost.exe dwm.exe and csrss.exe

[Preacher]

Hello would someone please help me I am so confused with these files I would like to know whether they are viruses, I have run a scan with malwarebytes and avast and nothing was found. I have 4 different conhost.exe (2 of these were modified on the same date and time however the other 2 are random dates and times) There is also 2 conhost.exe.mui files which were made on the same date and time . I have 2 different csrss.exe (saved in different places and created on the same date and time) but 4 different csrss.exe.mui (saved in 4 different places and made and that the same date of time). I have 3 different dwm.exe saved in different places two are the same made on the same day and same size but one is a different size and made on a different day. I also have 2 dwm.exe.mui files which were made on the exact same day and time but are saved in different places. When I was testing whether they were viruses I run conhost.exe as adminstrator as that is what it asks when you click on it and it said it was made by microsoft corporation (I did not click ok to runnning it though) I then done it to another conhost.exe file and it said publisher unknown so I am sure it is a virus but I need confirmation from someone who has more knowledge than me as I will end up blowing my computer up Some of the conhost.exe csrss.exe and dwm.exe were made on the same date as eachother.

 

Thank you for any help

[Blackbird]

Hi there, Preacher!

 

I am Blackbird and I will be helping you with your computer problems.

 

Before I can help you with steps, I got some questions for you:

- When was Windows installed on this computer?

- Can you give me the exact locations of each type of file (e.g. "csrss.exe", "csrss.exe.mui" etc.)? And their creation dates?

- Can you tell me if you are experiencing problems with your PC, or only want to make sure if those files are legit?

 

Please, also read this topic: I'm Infected. What do I do now? and post the results in your next reply (copy/paste).

[Preacher]

Windows was installed January last year. I have been experiencing low fps in my games at times and these sometimes do use quite a bit of memory or cpu but I dont think it is because of this because my brother has the exact same PC and he has the exact same files as me maybe they were on there when I got the PC built by the company. 

The 2 csrss.exe were modified accessed and created on 22 ‎August ‎2013, ‏‎at 14:25:40. one is saved at C:\Windows\WinSxS\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.3.9600.16384_none_49a243e2b80cb4c0 and the other at C:\Windows\System32 the first one is the unknown publisher one. There is a file which is in the back up file called this amd64_microsoft-windows-csrss_31bf3856ad364e35_6.3.9600.16384_none_49a243e2b80cb4c0_csrss.exe_06529458 this is the same code as where one csrss.exe is saved. One of the csrss.mui.exe file is saved in C:\Windows\System32\en-US and another is saved in C:\Windows\SysWOW64\en-US and another is saved in C:\Windows\WinSxS\x86_microsoft-windows-csrss.resources_31bf3856ad364e35_6.3.9600.16384_en-us_6f30cf9dfd0a3443 and the final one is saved in C:\Windows\WinSxS\amd64_microsoft-windows-csrss.resources_31bf3856ad364e35_6.3.9600.16384_en-us_cb4f6b21b567a579 all made, created and modified on the same date 22 ‎August ‎2013, ‏‎21:56:37. 

 

There are two dwm.exe files the one which is saved in C:\Windows\System32  was created and accessed on ‎02 ‎May ‎2014, ‏‎21:39:18 but modified on 22 ‎February ‎2014, ‏‎09:09:49 The other one (the unknown publisher one) is saved in C:\Windows\WinSxS\amd64_microsoft-windows-d..ndowmanager-process_31bf3856ad364e35_6.3.9600.17031_none_24d8546e99472f57 was created and accessed at the same time as the other one 02 ‎May ‎2014, ‏‎21:39:18 and modified at the same time 22 ‎February ‎2014, ‏‎09:09:49 There are two dwm.exe.mui files one saved at C:\Windows\System32\en-GB which was created, modified and accessed on 22 ‎August ‎2013, ‏‎21:56:59 The other one saved at C:\Windows\WinSxS\amd64_microsoft-windows-d..r-process.resources_31bf3856ad364e35_6.3.9600.16384_en-gb_75c79abd9fa531ad was created, modified and accessed on the 22 ‎August ‎2013, ‏‎21:56:59 Another back up file named amd64_microsoft-windows-d..ndowmanager-process_31bf3856ad364e35_6.3.9600.17031_none_24d8546e99472f57_dwm.exe_04cf416e

 

I have 4 conhost.exe two with like the black console one saved at C:\Windows\System32 and created and accessed at 14 ‎September ‎2014, ‏‎18:15:00 and modified at ‎24 ‎July ‎2014, ‏‎10:11:56 and the other (the unknown publisher one) is saved at C:\Windows\WinSxS\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.3.9600.17238_none_65541f71d5e4c248 created and accessed on 14 ‎September ‎2014, ‏‎18:15:00 but modified on the same time as the other at 24 ‎July ‎2014, ‏‎10:11:56 The other 2 conhost.exe have like the system image as their logo one is saved at C:\Windows\WinSxS\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.3.9600.17031_none_654d199fd5eb1699 and was created on the 02 ‎May ‎2014, ‏‎21:39:46 and was modified on 29 ‎November ‎2014, ‏‎17:14:10 and was accessed on ‎29 ‎November ‎2014, ‏‎17:14:09 The other one is saved at C:\Windows\WinSxS\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.3.9600.16384_none_651a275bd610cc27 and was created 22 ‎August ‎2013, ‏‎10:53:21 and was modified and accessed on 03 ‎May ‎2014, ‏‎15:42:15 I have 2 conhost.exe.mui files one saved at C:\Windows\System32\en-US and was created modified and accessed at 22 ‎August ‎2013, ‏‎21:56:59 The other is saved at C:\Windows\WinSxS\amd64_microsoft-windows-consolehost.resources_31bf3856ad364e35_6.3.9600.16384_en-us_06e6019825479ac2 and was created modified and accessed at the exact same time as the other one 22 ‎August ‎2013, ‏‎21:56:59

 

Sorry this is really jumbled but I do hope you can read it

[Blackbird]

Hi there,

 

Before giving any other advice, please also perform the last step I gave you in my previous post (checking the "I am infected, what do I do?" link and running Farbar Recovery Scan Tool.

 

Hope to hear from you soon!

[Preacher]

Hey again blackbird here is my log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014

Ran by Brody at 2014-12-29 19:14:46

Running from C:\Users\Brody\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Alliance of Valiant Arms (HKLM-x32\...\Steam App 102700) (Version:  - RED DUCK Inc.)

Arma 2 (HKLM-x32\...\Steam App 33910) (Version:  - Bohemia Interactive)

ARMA 2: British Armed Forces - Data cache removal (HKLM-x32\...\A2BAF Data cache removal) (Version:  - )

Arma 2: British Armed Forces (HKLM-x32\...\Steam App 65700) (Version:  - Bohemia Interactive)

Arma 2: DayZ Mod (HKLM-x32\...\Steam App 224580) (Version:  - Bohemia Interactive)

Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)

Arma 2: Operation Arrowhead Beta (Obsolete) (HKLM-x32\...\Steam App 219540) (Version:  - )

ARMA 2: Private Military Company - Data cache removal (HKLM-x32\...\A2PMC Data cache removal) (Version:  - )

Arma 2: Private Military Company (HKLM-x32\...\Steam App 65720) (Version:  - Bohemia Interactive)

Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)

Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)

BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )

BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version:  - )

CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)

Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version:  - Relic Entertainment)

Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)

DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)

DayZ Commander (HKLM-x32\...\{B3653588-3AC0-4A1D-950F-D96531E84374}) (Version: 0.92.91 - Dotjosh Studios)

Dropbox (HKU\S-1-5-21-3106697944-2027495991-3424793337-1001\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)

Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version:  - Reto-Moto)

Image Converter (HKLM-x32\...\Image Converter Image Converter) (Version: 1.0.0 - Image Converter)

Image Editor Packages (HKU\S-1-5-21-3106697944-2027495991-3424793337-1001\...\Image Editor Packages) (Version:  - ) <==== ATTENTION

Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)

Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)

Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)

Java 8 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)

Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)

Magic 2014  (HKLM-x32\...\Steam App 213850) (Version:  - Stainless Games)

Magic 2015 (HKLM-x32\...\Steam App 255420) (Version:  - Stainless Games)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)

Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

My Game Long Name (HKLM\...\UDK-48d90443-83fc-4cea-97c9-c155ab14a6f4) (Version:  - Epic Games, Inc.)

My Game Long Name (HKLM\...\UDK-4b9e2d08-5d7c-4a52-a706-87828d6ffc61) (Version:  - Epic Games, Inc.)

My Game Long Name (HKLM\...\UDK-fa08c1e4-8a33-425f-9985-230245c40f3c) (Version:  - Epic Games, Inc.)

No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version:  - No More Room in Hell Team)

Nosgoth (HKLM-x32\...\Steam App 200110) (Version: 140819.91216 - Square Enix Ltd)

NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)

NVIDIA Graphics Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)

NVIDIA Miracast Virtual Audio 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.09 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

Origin (HKLM-x32\...\Origin) (Version: 9.4.1.116 - Electronic Arts, Inc.)

ORION: Dino Horde (HKLM-x32\...\Steam App 104900) (Version:  - Spiral Game Studios)

Overwolf (HKLM-x32\...\{A7234617-513C-4292-A013-7DD915493BDA}) (Version: 0.49.305 - Overwolf)

PlanetSide 2 (HKU\S-1-5-21-3106697944-2027495991-3424793337-1001\...\SOE-PlanetSide 2) (Version: 1.0.3.183 - Sony Online Entertainment)

Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)

Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.10 - Razer Inc.)

Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)

Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)

Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)

SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden

Six Updater (HKLM-x32\...\{AD42165D-FF3C-4975-A130-7AA2801AB5DD}) (Version: 2.09.7042 - Six Projects)

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)

Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)

Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)

TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)

The Stomping Land (HKLM-x32\...\Steam App 263440) (Version:  - SuperCrit)

Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.0.3 - Electronic Arts)

Tom Clancy's Ghost Recon Phantoms - EU (HKLM-x32\...\Steam App 272350) (Version:  - Ubisoft Singapore)

Update for Image Editor (HKU\S-1-5-21-3106697944-2027495991-3424793337-1001\...\Digital Sites) (Version:  - Update for Image Editor) <==== ATTENTION

Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)

War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)

Watch_Dogs (HKLM-x32\...\Steam App 243470) (Version:  - Ubisoft)

WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)

Yahoo Community Smartbar (HKLM-x32\...\{8188AEF6-2A51-421C-BA75-5EB53AAF4271}) (Version: 10.202.66.14591 - Linkury Inc.) <==== ATTENTION

Yahoo Community Smartbar Engine (HKU\S-1-5-21-3106697944-2027495991-3424793337-1001\...\{915cc7e8-cd1e-4e3c-8069-2acb62a8526a}) (Version: 10.202.66.14591 - Linkury Inc.) <==== ATTENTION

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-3106697944-2027495991-3424793337-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brody\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3106697944-2027495991-3424793337-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brody\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3106697944-2027495991-3424793337-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brody\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3106697944-2027495991-3424793337-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brody\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

 

==================== Restore Points  =========================

 

13-12-2014 09:06:58 Installed DirectX

18-12-2014 08:57:46 Windows Update

19-12-2014 09:51:43 McAfee Vulnerability Scanner

26-12-2014 14:05:33 Scheduled Checkpoint

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {09990E39-16D0-47DC-8E9A-B41DBB98678F} - System32\Tasks\AVG-Secure-Search-Update_0414c_rel => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe

Task: {17BADC35-309C-4D37-9F03-FCE8E176EC67} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()

Task: {2182726C-6B37-41B4-9121-04C07FBE4952} - System32\Tasks\avastBCLRestartS-1-5-21-3106697944-2027495991-3424793337-1001 => Chrome.exe 

Task: {28E58EBD-4E4A-4676-9DE4-40C2872038FD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-26] (AVAST Software)

Task: {3083B575-F9C3-4F44-BCFA-D7612DD751CC} - System32\Tasks\{810DACCD-AE2B-44C6-941F-7EC044827706} => pcalua.exe -a "C:\Users\Brody\Documents\Steam\SteamApps\common\arma 2 operation arrowhead\ARMA2_OA_Build_103718.exe" -d "C:\Users\Brody\Documents\Steam\SteamApps\common\arma 2 operation arrowhead"

Task: {3B370BF7-8977-4B5A-A1C1-089E24800D44} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)

Task: {3DC93684-A004-498F-B7D4-12670EC80CF2} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)

Task: {5C7F1DDC-F334-4DD4-B913-2137D0CBB781} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-11-22] (Microsoft Corporation)

Task: {616C4FC0-6C3C-4E13-8F00-61CA87850C25} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {623D1104-F371-4C6F-9F90-9162BE67B73F} - System32\Tasks\GoogleUpdateTaskMachineUA1cf2a5ee2c21788 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-15] (Google Inc.)

Task: {81B8F8CB-1DFF-43F0-B6F5-D96C8808CF26} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)

Task: {8251D960-8A50-4A4E-8916-3BC08349F351} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-13] (Microsoft Corporation)

Task: {8B931695-FD25-4576-8986-C2419ED015D9} - System32\Tasks\Norton Security Scan for Brody => C:\PROGRA~2\NORTON~2\Engine\403~1.27\Nss.exe

Task: {A2F38409-E70D-431C-A013-6A1B3F73BED9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)

Task: {AB8F64FB-FFD0-4042-BE5E-FD732AEECC9D} - System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe

Task: {AE49A0FD-FE57-421E-A8C8-7B0678D41682} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()

Task: {B4439F9A-4C8B-4D5F-A247-11177ED1C963} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)

Task: {C0465686-D269-4D26-81C5-BD86CE276F0D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-15] (Google Inc.)

Task: {C1574A61-DD47-49DC-95E6-431691AE087D} - System32\Tasks\{6EE8707D-620C-4BC8-8425-AC4C666768E9} => pcalua.exe -a "C:\Users\Brody\Documents\Steam\steamapps\common\Arma 2 Operation Arrowhead\ARMA2_OA_Build_112555.exe" -d "C:\Users\Brody\Documents\Steam\steamapps\common\Arma 2 Operation Arrowhead"

Task: {CC264C88-8C44-459F-8F2C-72F9CFDF8B50} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation)

Task: {CE9F8238-FAEE-4E11-8652-370DACA614E0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)

Task: {D6FF140E-02CF-4DCF-986E-A44B6DBA9CCF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-11-22] (Microsoft Corporation)

Task: {D9EE50E6-1478-4F07-88A2-F2D2314487AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-14] (Adobe Systems Incorporated)

Task: {E21DF510-9A02-4A1C-BB9C-2BF52EF3E3B4} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe

Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf2a5ee2c21788.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\Norton Security Scan for Brody.job => C:\PROGRA~2\NORTON~2\Engine\403~1.27\Nss.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-09-17 16:17 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2014-12-09 22:22 - 2014-12-09 22:22 - 00186048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe

2014-12-26 22:20 - 2014-12-26 22:20 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll

2014-12-26 22:20 - 2014-12-26 22:20 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll

2014-01-09 10:10 - 2014-12-13 08:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2014-11-22 12:48 - 2014-11-22 12:48 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2013-08-22 07:19 - 2013-08-22 06:54 - 00174592 _____ () C:\Windows\system32\WinMetadata\Windows.UI.winmd

2014-12-28 21:36 - 2014-12-28 21:36 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122801\algo.dll

2014-12-26 22:20 - 2014-12-26 22:20 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll

2014-12-29 08:35 - 2014-12-29 08:35 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122900\algo.dll

2014-01-09 10:09 - 2013-03-12 13:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

2014-12-26 09:04 - 2014-12-29 16:42 - 00619312 _____ () C:\Users\Brody\AppData\Local\Temp\1871KrakenDevProps.dll

2014-12-26 22:21 - 2014-12-26 22:21 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2014-08-29 15:52 - 2014-11-11 18:48 - 01171456 _____ () C:\Users\Brody\Documents\Steam\libavcodec-56.dll

2014-08-29 15:52 - 2014-11-11 18:48 - 00332800 _____ () C:\Users\Brody\Documents\Steam\libavresample-2.dll

2014-08-29 15:52 - 2014-11-11 18:48 - 00442368 _____ () C:\Users\Brody\Documents\Steam\libavutil-54.dll

2014-01-11 14:48 - 2014-11-11 18:47 - 00774656 _____ () C:\Users\Brody\Documents\Steam\SDL2.dll

2014-05-22 16:11 - 2014-11-18 20:23 - 02227904 _____ () C:\Users\Brody\Documents\Steam\video.dll

2014-08-29 15:52 - 2014-11-11 18:48 - 00403968 _____ () C:\Users\Brody\Documents\Steam\libavformat-56.dll

2014-08-29 15:52 - 2014-11-11 18:48 - 00485888 _____ () C:\Users\Brody\Documents\Steam\libswscale-3.dll

2014-01-11 14:48 - 2014-11-18 20:23 - 00690880 _____ () C:\Users\Brody\Documents\Steam\bin\chromehtml.DLL

2014-01-11 14:48 - 2014-11-18 20:23 - 00138432 _____ () C:\Users\Brody\Documents\Steam\bin\audio.dll

2014-01-11 14:48 - 2014-11-11 18:48 - 00071680 _____ () C:\Users\Brody\Documents\Steam\bin\mssmp3.asi

2014-01-11 14:48 - 2014-11-11 18:48 - 00153088 _____ () C:\Users\Brody\Documents\Steam\bin\mssvoice.asi

2014-01-11 14:48 - 2014-11-11 18:48 - 34589888 _____ () C:\Users\Brody\Documents\Steam\bin\libcef.dll

2014-03-13 15:43 - 2014-03-13 15:43 - 00148480 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\quazip.dll

2014-03-13 15:43 - 2014-03-13 15:43 - 00864768 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\platforms\qwindows.dll

2014-03-13 15:43 - 2014-03-13 15:43 - 00677376 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\sqldrivers\qsqlite.dll

2013-10-23 12:15 - 2014-08-07 13:01 - 00092104 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\directsound_win32.dll

2013-10-23 12:15 - 2014-08-07 13:01 - 00105416 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win32.dll

2014-03-13 15:43 - 2014-03-13 15:43 - 00025600 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\imageformats\qgif.dll

2014-03-13 15:43 - 2014-03-13 15:43 - 00242688 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\imageformats\qjpeg.dll

2013-10-23 12:15 - 2014-08-07 13:01 - 00477128 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\plugins\clientquery_plugin.dll

2013-10-23 12:15 - 2014-08-07 13:01 - 00484808 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll

2014-08-14 18:01 - 2014-11-11 18:48 - 00837824 _____ () C:\Users\Brody\Documents\Steam\bin\ffmpegsumo.dll

2014-12-13 09:25 - 2014-12-06 01:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll

2014-12-13 09:25 - 2014-12-06 01:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll

2014-12-13 09:25 - 2014-12-06 01:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll

2014-12-13 09:25 - 2014-12-06 01:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

2014-12-13 09:25 - 2014-12-06 01:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\Users\Brody\SkyDrive:ms-properties

AlternateDataStreams: C:\Users\Brody\SkyDrive.old:ms-properties

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-3106697944-2027495991-3424793337-1001\...\StartupApproved\Run: => "AVG-Secure-Search-Update_0414c"

HKU\S-1-5-21-3106697944-2027495991-3424793337-1001\...\StartupApproved\Run: => "EADM"

HKU\S-1-5-21-3106697944-2027495991-3424793337-1001\...\StartupApproved\Run: => "Skype"

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-3106697944-2027495991-3424793337-500 - Administrator - Disabled)

Brody (S-1-5-21-3106697944-2027495991-3424793337-1001 - Administrator - Enabled) => C:\Users\Brody

Guest (S-1-5-21-3106697944-2027495991-3424793337-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3106697944-2027495991-3424793337-1003 - Limited - Enabled)

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (12/29/2014 08:40:42 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program wwahost.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 1250

 

Start Time: 01d023426897967b

 

Termination Time: 4294967295

 

Application Path: C:\Windows\syswow64\wwahost.exe

 

Report Id: 5bd3f771-8f36-11e4-82a1-bc5ff4cae17b

 

Faulting package full name: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c

 

Faulting package-relative application ID: App

 

Error: (12/28/2014 08:43:43 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program Skype.exe version 7.0.0.102 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 51ff4

 

Start Time: 01d022b0006c4caf

 

Termination Time: 591

 

Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

 

Report Id: 3030d21e-8ed2-11e4-829e-bc5ff4cae17b

 

Faulting package full name: 

 

Faulting package-relative application ID:

 

Error: (12/28/2014 08:29:41 AM) (Source: SideBySide) (EventID: 35) (User: )

Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.

Component identity found in manifest does not match the identity of the component requested.

Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".

Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".

Please use sxstrace.exe for detailed diagnosis.

 

Error: (12/27/2014 10:24:36 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program wwahost.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 1e64

 

Start Time: 01d021be97423b8e

 

Termination Time: 4294967295

 

Application Path: C:\Windows\syswow64\wwahost.exe

 

Report Id: 8cac022c-8db2-11e4-829e-bc5ff4cae17b

 

Faulting package full name: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c

 

Faulting package-relative application ID: App

 

Error: (12/27/2014 09:24:34 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program wwahost.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 170

 

Start Time: 01d021b635913f88

 

Termination Time: 4294967295

 

Application Path: C:\Windows\syswow64\wwahost.exe

 

Report Id: 29766293-8daa-11e4-829e-bc5ff4cae17b

 

Faulting package full name: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c

 

Faulting package-relative application ID: App

 

Error: (12/27/2014 09:08:14 AM) (Source: VSS) (EventID: 8194) (User: )

Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.

.

This is often caused by incorrect security settings in either the writer or requestor process.

 

 

Operation:

   Gathering Writer Data

 

Context:

   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

   Writer Name: System Writer

   Writer Instance ID: {8748741f-9a88-481a-9240-0d936c3fd5f3}

 

Error: (12/26/2014 11:42:45 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program wwahost.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: f7c

 

Start Time: 01d02164ecd0876c

 

Termination Time: 4294967295

 

Application Path: C:\Windows\syswow64\wwahost.exe

 

Report Id: e0b1f1da-8d58-11e4-829d-bc5ff4cae17b

 

Faulting package full name: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c

 

Faulting package-relative application ID: App

 

Error: (12/26/2014 11:27:45 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program wwahost.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: cf4

 

Start Time: 01d02162d4509463

 

Termination Time: 4294967295

 

Application Path: C:\Windows\syswow64\wwahost.exe

 

Report Id: c88fa0eb-8d56-11e4-829d-bc5ff4cae17b

 

Faulting package full name: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c

 

Faulting package-relative application ID: App

 

Error: (12/26/2014 11:12:47 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program wwahost.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 438

 

Start Time: 01d02160bbdf1aed

 

Termination Time: 4294967295

 

Application Path: C:\Windows\syswow64\wwahost.exe

 

Report Id: b0108e5f-8d54-11e4-829d-bc5ff4cae17b

 

Faulting package full name: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c

 

Faulting package-relative application ID: App

 

Error: (12/26/2014 10:28:21 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program wwahost.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 11ec

 

Start Time: 01d0215a8c016f08

 

Termination Time: 4294967295

 

Application Path: C:\Windows\syswow64\wwahost.exe

 

Report Id: 7ce44db2-8d4e-11e4-829d-bc5ff4cae17b

 

Faulting package full name: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c

 

Faulting package-relative application ID: App

 

 

System errors:

=============

Error: (12/29/2014 08:35:31 AM) (Source: DCOM) (EventID: 10016) (User: BRODY-PC)

Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Brody-PCBrodyS-1-5-21-3106697944-2027495991-3424793337-1001LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (12/29/2014 08:34:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Skype Click to Call PNR Service service failed to start due to the following error: 

%%2

 

Error: (12/29/2014 00:23:40 AM) (Source: DCOM) (EventID: 10005) (User: BRODY-PC)

Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

 

Error: (12/29/2014 00:23:40 AM) (Source: DCOM) (EventID: 10005) (User: BRODY-PC)

Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

 

Error: (12/29/2014 00:23:28 AM) (Source: DCOM) (EventID: 10005) (User: BRODY-PC)

Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

 

Error: (12/29/2014 00:23:21 AM) (Source: DCOM) (EventID: 10005) (User: BRODY-PC)

Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

 

Error: (12/29/2014 00:23:17 AM) (Source: DCOM) (EventID: 10005) (User: BRODY-PC)

Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

 

Error: (12/29/2014 00:23:17 AM) (Source: DCOM) (EventID: 10005) (User: BRODY-PC)

Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

 

Error: (12/29/2014 00:23:17 AM) (Source: DCOM) (EventID: 10005) (User: BRODY-PC)

Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

 

Error: (12/29/2014 00:23:17 AM) (Source: DCOM) (EventID: 10005) (User: BRODY-PC)

Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

 

 

Microsoft Office Sessions:

=========================

Error: (12/29/2014 08:40:42 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: wwahost.exe6.3.9600.17031125001d023426897967b4294967295C:\Windows\syswow64\wwahost.exe5bd3f771-8f36-11e4-82a1-bc5ff4cae17bMicrosoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp

 

Error: (12/28/2014 08:43:43 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Skype.exe7.0.0.10251ff401d022b0006c4caf591C:\Program Files (x86)\Skype\Phone\Skype.exe3030d21e-8ed2-11e4-829e-bc5ff4cae17b

 

Error: (12/28/2014 08:29:41 AM) (Source: SideBySide) (EventID: 35) (User: )

Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

 

Error: (12/27/2014 10:24:36 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: wwahost.exe6.3.9600.170311e6401d021be97423b8e4294967295C:\Windows\syswow64\wwahost.exe8cac022c-8db2-11e4-829e-bc5ff4cae17bMicrosoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp

 

Error: (12/27/2014 09:24:34 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: wwahost.exe6.3.9600.1703117001d021b635913f884294967295C:\Windows\syswow64\wwahost.exe29766293-8daa-11e4-829e-bc5ff4cae17bMicrosoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp

 

Error: (12/27/2014 09:08:14 AM) (Source: VSS) (EventID: 8194) (User: )

Description: 0x80070005, Access is denied.

 

 

Operation:

   Gathering Writer Data

 

Context:

   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

   Writer Name: System Writer

   Writer Instance ID: {8748741f-9a88-481a-9240-0d936c3fd5f3}

 

Error: (12/26/2014 11:42:45 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: wwahost.exe6.3.9600.17031f7c01d02164ecd0876c4294967295C:\Windows\syswow64\wwahost.exee0b1f1da-8d58-11e4-829d-bc5ff4cae17bMicrosoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp

 

Error: (12/26/2014 11:27:45 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: wwahost.exe6.3.9600.17031cf401d02162d45094634294967295C:\Windows\syswow64\wwahost.exec88fa0eb-8d56-11e4-829d-bc5ff4cae17bMicrosoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp

 

Error: (12/26/2014 11:12:47 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: wwahost.exe6.3.9600.1703143801d02160bbdf1aed4294967295C:\Windows\syswow64\wwahost.exeb0108e5f-8d54-11e4-829d-bc5ff4cae17bMicrosoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp

 

Error: (12/26/2014 10:28:21 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: wwahost.exe6.3.9600.1703111ec01d0215a8c016f084294967295C:\Windows\syswow64\wwahost.exe7ce44db2-8d4e-11e4-829d-bc5ff4cae17bMicrosoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i5-4670 CPU @ 3.40GHz

Percentage of memory in use: 83%

Total physical RAM: 8111.8 MB

Available physical RAM: 1349.88 MB

Total Pagefile: 12616.45 MB

Available Pagefile: 5742.11 MB

Total Virtual: 131072 MB

Available Virtual: 131071.8 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:465.42 GB) (Free:148.03 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FDA9BFFE)

Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

[Preacher]

I have noticed processes are eating up 80% of my 8GB of ram my process explorer show svchost.exe is the biggest culprit could you also help me with this please thanks

[Blackbird]

Hi Preacher,

 

Actually I can't find any malware in your logfiles. Svchost.exe is a process from Microsoft Windows that allows programs to run their processes through svchost.exe. That's completely legit. Beside that, all those copies of conhost.exe, dwm.exe and csrss.exe are also legit copies. If you don't have problems like advertisements, pop-ups, ransomware etc, it's not always malware that's the cause of it.

 

I would recommend you to remove the following programs, because they might collect personal information about you. You can do this by going to Start > Control Panel > Add/Remove Programs.

• Google Toolbar for Internet Explorer
  
• Yahoo Community Smartbar
  
• Yahoo Community Smartbar Engine

Also I would like to recommend you to delete the following programs, as they are outdated:

• Java 7 Update 67
• Java 8 Update 20

 

Beside that I want to point you at your running processes and Windows Tasks. There is a lot running on your system that can also cause the slowing down of your PC.

 

Any other questions for me?

[Preacher]

OK thank you so much blackbird that gives a piece of mind I have disabled the window update program in svchost.exe and my memory is a bit better but it is still at 50% i see RzMaelstromVADStreamingService.exe which is legit as it downloaded with razor surround for my razor kraken headset but why is it eating a lot of memory however I have 8GB of RAM and adding  everything together doesn't add up to this do you have any idea of what to do? 

[Blackbird]

Hi Preacher,

 

I looked it up for you and I came across several issues with this file as the main source. Razer itself answers here that this file shouldn't take so much CPU and they advise to contact their support center by visiting this page. Maybe this information is useful to you too?

 

Beside that, have you got any other malware related problems on your computer left?

[Preacher]

OK will check that out now and yes I have Avast free version but upgrading soon as I really love it but do you have any idea why 5.4GB of my 8GB memory is being used just with this webpage open teamspeak and control panel? 

[Preacher]

Just found another file called nvxdsync.exe after looking up is by NVIDIA eating my memory it is supposedly a driver. 

[Blackbird]

Hi there,

 

These are not malware related problems. It's a problem caused by the driver files itself and I can't help you with that. It's not my field of expertise, if you understand what I mean with that.

 

Therefor I want you to post those questions in our General PC Help subforum. I'm sure they can assist you there with every question you might have about Windows and those drivers. Please include a link in that topic to this topic, so they know you've been assisted in the malware removal forums.

 

Please remove Farbar Recovery Scan Tool from your Desktop and also delete the folder C:\FRST.

 

Have you got any questions left for me about these instructions?

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!