Jump to content

Random processes use high CPU, and programs stop working.


Recommended Posts

So it first started with Malwarebytes finding a wikq.exe file in the C: drive. It only found that file and NOTHING else. Every time it would delete it, the file would reappear again in few seconds. Later, every single program started asking for permission to network. Even programs like exlporer.exe or taskhost.exe would ask for permission which was very weird. Then random processes started taking about 50% of CPU. Processes like skype.exe, chrome.exe, taskhost.exe, svchost.exe, explorer.exe. Only one of them would use too much CPU at a time, if I shut that process down then after few seconds another random process starts to use too much CPU. I tried to reinstall the Windows, the problem disappeared for about 10 minutes and then it came back. I tried to fully scan with Malwarebytes, it found nothing. After that I even tried SUPERAntiSpyware, it found few files but nothing was fixed. Now, both Anti-viruses won't even start, they would crash on the startup giving a Runtime error. Games that used to work before now won't start as well, and just give a random error code. I've no idea what to do, so I came here for help.

Link to post
Share on other sites

Update: file wikq.exe is replaced with yuqx.exe, which I can't delete as well. I redownloaded Malwarebytes and scanned the system but all it found is this one yuqx.exe file and apparently 3 registries: Security Center from Microsoft. A new process now appears sometimes called dllhandle.exe and takes 50% of CPU. Also I tried to run SFC scan in Safe Mode and it didn't help (Windows Resource Protection did not find any inegrity violations). Bump .___.

Link to post
Share on other sites

Hello astrokenDi and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post your log files in a new reply in this thread:

https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/

Link to post
Share on other sites

FRST.txt: 
 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-06-2015
Ran by W7U (administrator) on W7U-PC on 26-06-2015 17:54:00
Running from C:\Users\W7U\Desktop
Loaded Profiles: W7U (Available Profiles: W7U)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SUPERAntiSpyware.com) G:\Super Anti-Spyware\SASCore.exe
(Malwarebytes Corporation) G:\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) G:\Malwarebytes Anti-Malware\mbamservice.exe
(Skype Technologies) G:\Skype\Updater\Updater.exe
(Malwarebytes Corporation) G:\Malwarebytes Anti-Malware\mbam.exe
(Skype Technologies S.A.) G:\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKU\S-1-5-21-246419875-1643227403-1005632818-1000\...\Run: [sUPERAntiSpyware] => G:\Super Anti-Spyware\SUPERAntiSpyware.exe [6787864 2015-06-25] (SUPERAntiSpyware)
HKU\S-1-5-21-246419875-1643227403-1005632818-1000\...\Run: [skype] => G:\Skype\Phone\Skype.exe [53288576 2015-06-16] (Skype Technologies S.A.)
AlternateShell: 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 4.2.2.2 10.10.10.1
 
FireFox:
========
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-25] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-25] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\W7U\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\W7U\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-25]
CHR Extension: (Google Docs) - C:\Users\W7U\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-25]
CHR Extension: (Google Drive) - C:\Users\W7U\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-25]
CHR Extension: (YouTube) - C:\Users\W7U\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-25]
CHR Extension: (Google Search) - C:\Users\W7U\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-25]
CHR Extension: (Google Sheets) - C:\Users\W7U\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\W7U\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-25]
CHR Extension: (Google Wallet) - C:\Users\W7U\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-25]
CHR Extension: (Gmail) - C:\Users\W7U\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-25]
CHR Profile: C:\Users\W7U\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\W7U\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-25]
CHR Extension: (Google Docs) - C:\Users\W7U\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-25]
CHR Extension: (Google Drive) - C:\Users\W7U\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-25]
CHR Extension: (YouTube) - C:\Users\W7U\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-25]
CHR Extension: (uBlock Origin) - C:\Users\W7U\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-06-25]
CHR Extension: (Google Search) - C:\Users\W7U\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-25]
CHR Extension: (Google Sheets) - C:\Users\W7U\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-25]
CHR Extension: (Hangman) - C:\Users\W7U\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hjplgbjgpnldhcanakncjkdgpbidibgn [2015-06-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\W7U\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-25]
CHR Extension: (Google Wallet) - C:\Users\W7U\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-25]
CHR Extension: (Gmail) - C:\Users\W7U\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-25]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; G:\Super Anti-Spyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com)
R2 MBAMScheduler; G:\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; G:\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 SkypeUpdate; G:\Skype\Updater\Updater.exe [327296 2015-06-03] (Skype Technologies)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R0 oem-drv86; C:\Windows\System32\DRIVERS\oem-drv86.sys [28160 2015-06-26] (secr9tos) [File not signed]
R1 SASDIFSV; G:\Super Anti-Spyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; G:\Super Anti-Spyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-26 17:54 - 2015-06-26 17:54 - 00007212 _____ C:\Users\W7U\Desktop\FRST.txt
2015-06-26 17:43 - 2015-06-26 17:54 - 00000000 ____D C:\FRST
2015-06-26 17:43 - 2015-06-26 17:18 - 01636352 _____ (Farbar) C:\Users\W7U\Desktop\FRST.exe
2015-06-26 17:41 - 2015-06-26 17:41 - 00103140 _____ C:\yuqx.exe
2015-06-26 17:17 - 2015-06-26 17:18 - 01636352 _____ (Farbar) C:\Users\W7U\Downloads\FRST.exe
2015-06-26 13:52 - 2015-06-26 13:52 - 00000000 ____D C:\Users\W7U\Documents\My Cheat Tables
2015-06-26 13:26 - 2015-06-26 13:55 - 00000000 ____D C:\Users\W7U\AppData\Roaming\Little Inferno
2015-06-26 13:25 - 2015-06-26 13:25 - 00001821 _____ C:\Users\W7U\Desktop\Little Inferno.lnk
2015-06-26 13:25 - 2015-06-26 13:25 - 00000000 ____D C:\Users\W7U\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Little Inferno
2015-06-26 11:10 - 2015-06-26 17:54 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-26 11:09 - 2015-06-26 11:09 - 00000621 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-26 11:09 - 2015-06-26 11:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-26 11:09 - 2015-06-26 11:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-26 11:09 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-26 11:09 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-26 11:09 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-26 11:05 - 2015-06-26 11:08 - 21615712 _____ (Malwarebytes Corporation ) C:\Users\W7U\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-26 01:51 - 2015-06-26 01:51 - 00000000 ____D C:\Users\W7U\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-06-26 00:22 - 2015-06-26 00:35 - 00000000 ____D C:\Users\W7U\Documents\WPR Files
2015-06-26 00:17 - 2015-06-26 00:17 - 00000000 ____D C:\ProgramData\WindowsPerformanceRecorder
2015-06-25 23:48 - 2015-06-25 23:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2015-06-25 22:54 - 2015-06-26 00:20 - 00000000 ____D C:\Users\W7U\AppData\Roaming\vlc
2015-06-25 20:10 - 2015-06-25 23:48 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-25 20:05 - 2015-06-25 20:06 - 01435680 _____ (Microsoft Corporation) C:\Users\W7U\Downloads\adksetup.exe
2015-06-25 19:56 - 2015-06-25 19:56 - 00000000 ____D C:\Users\W7U\AppData\Local\2DBoy
2015-06-25 19:56 - 2015-06-25 19:56 - 00000000 ____D C:\ProgramData\2DBoy
2015-06-25 18:48 - 2015-05-11 13:56 - 02508432 _____ (Sysinternals - www.sysinternals.com) C:\Users\W7U\Desktop\procexp.exe
2015-06-25 18:47 - 2015-06-25 18:48 - 01186640 _____ C:\Users\W7U\Downloads\ProcessExplorer.zip
2015-06-25 17:27 - 2015-06-25 17:27 - 00000000 ____D C:\Users\W7U\AppData\Roaming\Process Hacker 2
2015-06-25 17:23 - 2011-10-24 20:12 - 00000423 _____ C:\Users\W7U\Desktop\chapter28.sav
2015-06-25 17:23 - 2011-10-24 20:12 - 00000385 _____ C:\Users\W7U\Desktop\chapter0.sav
2015-06-25 17:18 - 2015-06-25 17:18 - 00000000 ____D C:\Users\W7U\Documents\My Games
2015-06-25 17:18 - 2015-06-25 17:18 - 00000000 ____D C:\Users\W7U\AppData\Roaming\Microsoft Games
2015-06-25 17:17 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-06-25 17:17 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-06-25 17:17 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-06-25 17:17 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-06-25 17:17 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-06-25 17:17 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-06-25 17:17 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-06-25 17:17 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-06-25 17:17 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-06-25 17:17 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-06-25 17:17 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-06-25 17:17 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-06-25 17:17 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-06-25 17:17 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-06-25 17:17 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-06-25 17:17 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-06-25 17:17 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-06-25 17:17 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-06-25 17:17 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-06-25 17:17 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-06-25 17:17 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-06-25 17:17 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-06-25 17:17 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-06-25 17:17 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-06-25 17:17 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-06-25 17:17 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-06-25 17:17 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-06-25 17:17 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-06-25 17:17 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-06-25 17:17 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-06-25 17:17 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-06-25 17:17 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-06-25 17:17 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-06-25 17:17 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-06-25 17:17 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-06-25 17:17 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-06-25 17:17 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-06-25 17:17 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-06-25 17:17 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-06-25 17:17 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-06-25 17:17 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-06-25 17:17 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-06-25 17:17 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-06-25 17:17 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-06-25 17:17 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-06-25 17:17 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-06-25 17:17 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-06-25 17:17 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-06-25 17:17 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-06-25 17:17 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-06-25 17:17 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-06-25 17:17 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-06-25 17:17 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-06-25 17:17 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-06-25 17:17 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-06-25 17:17 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-06-25 17:17 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-06-25 17:17 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-06-25 17:17 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-06-25 17:17 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-06-25 17:17 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-06-25 17:17 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-06-25 17:17 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-06-25 17:17 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-06-25 17:17 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-06-25 17:17 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-06-25 17:17 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-06-25 17:17 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-06-25 17:17 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-06-25 17:17 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-06-25 17:17 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-06-25 17:17 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-06-25 17:17 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-06-25 17:17 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-06-25 17:17 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-06-25 17:17 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-06-25 17:17 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-06-25 17:17 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-06-25 17:17 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-06-25 17:17 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-06-25 17:17 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-06-25 17:17 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-06-25 17:17 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-06-25 17:17 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-06-25 17:05 - 2015-06-25 17:17 - 00000000 ____D C:\Windows\system32\directx
2015-06-25 17:05 - 2015-06-25 17:05 - 00370520 _____ (Microsoft Corporation) C:\Users\W7U\Downloads\dxwebsetup.exe
2015-06-25 17:03 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-06-25 17:03 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-06-25 17:03 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-06-25 17:01 - 2015-06-25 17:01 - 00035741 _____ C:\Windows\DirectX.log
2015-06-25 17:01 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-06-25 17:01 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-06-25 17:01 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-06-25 17:01 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-06-25 16:27 - 2015-06-25 16:27 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-25 16:27 - 2015-06-25 16:27 - 00000000 ____D C:\Users\W7U\AppData\Local\Google
2015-06-25 16:27 - 2015-06-25 16:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-25 16:24 - 2015-06-25 16:24 - 00186718 _____ C:\Users\W7U\Downloads\skypelogview.zip
2015-06-25 16:17 - 2015-06-25 16:17 - 00000000 ____D C:\Users\W7U\Tracing
2015-06-25 16:16 - 2015-06-26 17:53 - 00000000 ____D C:\Users\W7U\AppData\Roaming\Skype
2015-06-25 16:16 - 2015-06-25 16:16 - 00000000 ____D C:\Users\W7U\AppData\Local\Skype
2015-06-25 16:15 - 2015-06-25 16:15 - 00002657 _____ C:\Users\Public\Desktop\Skype.lnk
2015-06-25 16:15 - 2015-06-25 16:15 - 00000000 ____D C:\ProgramData\Skype
2015-06-25 16:15 - 2015-06-25 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-06-25 16:15 - 2015-06-25 16:15 - 00000000 ____D C:\Program Files\Skype
2015-06-25 16:15 - 2015-06-25 16:15 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-06-25 16:10 - 2015-06-26 17:53 - 00000876 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-25 16:10 - 2015-06-26 17:15 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-25 16:09 - 2015-06-25 16:27 - 00000000 ____D C:\Program Files\Google
2015-06-25 16:01 - 2015-06-25 16:12 - 40508032 _____ (Skype Technologies S.A.) C:\Users\W7U\Downloads\SkypeSetupFull.exe
2015-06-25 16:01 - 2015-06-25 16:02 - 00931408 _____ (Google Inc.) C:\Users\W7U\Downloads\ChromeSetup.exe
2015-06-25 15:59 - 2015-06-25 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-06-25 15:59 - 2015-06-25 15:59 - 00000714 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-06-25 15:59 - 2015-06-25 15:59 - 00000000 ____D C:\Users\W7U\AppData\Roaming\SUPERAntiSpyware.com
2015-06-25 15:59 - 2015-06-25 15:59 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-06-25 15:41 - 2015-06-25 15:41 - 00000000 __SHD C:\Users\W7U\AppData\Local\EmieUserList
2015-06-25 15:41 - 2015-06-25 15:41 - 00000000 __SHD C:\Users\W7U\AppData\Local\EmieSiteList
2015-06-25 15:41 - 2015-06-25 15:41 - 00000000 __SHD C:\Users\W7U\AppData\Local\EmieBrowserModeList
2015-06-25 15:36 - 2015-06-25 15:36 - 01465984 _____ (Skype Technologies S.A.) C:\Users\W7U\Downloads\SkypeSetup.exe
2015-06-25 15:27 - 2015-06-26 01:41 - 00000000 ____D C:\Users\W7U\AppData\Roaming\Mozilla
2015-06-25 15:25 - 2015-06-25 15:25 - 00000000 ____D C:\Users\W7U\AppData\Roaming\WinRAR
2015-06-25 15:25 - 2015-06-25 15:25 - 00000000 ____D C:\Users\W7U\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-06-25 15:25 - 2015-06-25 15:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-06-25 00:38 - 2015-06-25 00:38 - 00001413 _____ C:\Users\W7U\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-25 00:38 - 2015-06-25 00:38 - 00000000 ____D C:\Users\W7U\AppData\Roaming\Adobe
2015-06-25 00:37 - 2015-06-26 17:53 - 00028160 _____ (secr9tos) C:\Windows\system32\Drivers\oem-drv86.sys
2015-06-25 00:37 - 2015-06-26 17:52 - 00037021 _____ C:\Windows\WindowsUpdate.log
2015-06-25 00:37 - 2015-06-25 16:17 - 00000000 ____D C:\Users\W7U
2015-06-25 00:37 - 2015-06-25 15:21 - 00000000 ____D C:\Users\W7U\AppData\Local\VirtualStore
2015-06-25 00:37 - 2015-06-25 00:38 - 00001973 _____ C:\Windows\system32\WinToolkit_RunOnce_Log.log
2015-06-25 00:37 - 2015-06-25 00:37 - 00058016 _____ C:\Users\W7U\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-25 00:37 - 2015-06-25 00:37 - 00000020 ___SH C:\Users\W7U\ntuser.ini
2015-06-25 00:37 - 2009-07-14 10:12 - 00000000 ___RD C:\Users\W7U\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-25 00:37 - 2009-07-14 10:07 - 00000000 ___RD C:\Users\W7U\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-06-25 00:36 - 2015-06-25 00:36 - 00000000 __SHD C:\Recovery
2015-06-15 18:15 - 2015-06-15 18:15 - 00000616 _____ C:\Users\W7U\Desktop\Cheat Engine.lnk
2015-06-15 10:25 - 2015-06-15 10:25 - 00000637 _____ C:\Users\W7U\Desktop\ResizeEnableRunner.exe - Shortcut.lnk
2015-06-09 15:19 - 2015-06-09 15:19 - 00000858 _____ C:\Users\W7U\Desktop\Kung Fury Street Rage.lnk
2015-06-08 18:06 - 2015-06-08 18:06 - 00000574 _____ C:\Users\W7U\Desktop\Recuva.lnk
2015-06-02 21:02 - 2015-06-02 21:02 - 00000754 _____ C:\Users\W7U\Desktop\Cisco Packet Tracer.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-26 17:53 - 2009-07-14 10:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-26 17:53 - 2009-07-14 10:09 - 00029573 _____ C:\Windows\setupact.log
2015-06-26 17:52 - 2009-07-14 10:04 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-26 17:52 - 2009-07-14 10:04 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-26 17:48 - 2010-11-21 03:18 - 00007970 _____ C:\Windows\PFRO.log
2015-06-26 17:43 - 2010-11-21 02:31 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-26 17:38 - 2011-04-12 07:54 - 00000000 ____D C:\Windows\RemotePackages
2015-06-26 14:42 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\Microsoft.NET
2015-06-25 17:18 - 2009-07-14 07:34 - 00000255 _____ C:\Windows\system.ini
2015-06-25 17:00 - 2009-07-14 10:22 - 00000000 ____D C:\Windows\system32\restore
2015-06-25 15:34 - 2015-05-13 22:45 - 00000668 _____ C:\Users\W7U\Desktop\Windows 7 Manager.lnk
2015-06-25 00:37 - 2014-12-12 12:06 - 00000000 ____D C:\Windows\Panther
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-25 14:59
 
==================== End of log ============================
 
 
 
 
 
 
Addition.txt:
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-06-2015
Ran by W7U at 2015-06-26 17:55:12
Running from C:\Users\W7U\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-246419875-1643227403-1005632818-500 - Administrator - Disabled)
Guest (S-1-5-21-246419875-1643227403-1005632818-501 - Limited - Disabled)
W7U (S-1-5-21-246419875-1643227403-1005632818-1000 - Administrator - Enabled) => C:\Users\W7U
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Assessments on Client (Version: 8.100.26866 - Microsoft) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Kits Configuration Installer (Version: 8.100.25984 - Microsoft) Hidden
Little Inferno 1.2 (HKLM\...\{D3D39D29-432D-4151-BA0E-77FB6A115CD3}) (Version: 1.2.0 - Tomorrow Corporation)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{20DEB77C-21D6-4D22-BB47-233E47613D57}) (Version: 1.1.0322 - Microsoft Corporation)
Skype™ 7.6 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.103 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
Toolkit Documentation (Version: 8.100.26866 - Microsoft) Hidden
Windows Assessment and Deployment Kit for Windows 8.1 (HKLM\...\{e9e06304-a604-434b-b35f-d9beb94dc06d}) (Version: 8.100.26866 - Microsoft Corporation)
WPT Redistributables (Version: 8.100.26866 - Microsoft) Hidden
WPTx86 (Version: 8.100.26837 - Microsoft) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
25-06-2015 17:00:38 Installed Microsoft Games for Windows - LIVE Redistributable
25-06-2015 17:03:40 Installed DirectX
25-06-2015 17:16:45 Installed DirectX
26-06-2015 13:24:49 Installed Little Inferno 1.2
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 07:34 - 2009-06-11 03:09 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {5E6D8E5F-06FF-400A-9672-A7AE7034AE93} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-06-25] (Google Inc.)
Task: {BDBDB62E-8D67-4EDC-915F-AE5FF17718DA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-06-25] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-246419875-1643227403-1005632818-1000\...\skype.com -> hxxps://apps.skype.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-246419875-1643227403-1005632818-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\W7U\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 4.2.2.2 - 10.10.10.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{C725A54A-522F-4D5C-B9CC-ED502D78830C}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [uDP Query User{EEEA8C9E-935D-4F39-AB29-29C0A60DDADB}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [{77A9818F-AD03-405C-A2BC-AFCAC888ABD8}] => (Allow) G:\Skype\Phone\Skype.exe
FirewallRules: [{599D81AF-05BF-4FCD-850C-C2378F557FFF}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{131B5BFC-31BA-4EB8-85F4-8A87BE36C1D3}C:\windows\system32\taskmgr.exe] => (Block) C:\windows\system32\taskmgr.exe
FirewallRules: [uDP Query User{F73A208B-32DB-4C10-B43C-EF184FB6AF81}C:\windows\system32\taskmgr.exe] => (Block) C:\windows\system32\taskmgr.exe
FirewallRules: [TCP Query User{48D7A835-4BA8-43AE-AAFC-085CFF42A743}C:\windows\system32\taskhost.exe] => (Block) C:\windows\system32\taskhost.exe
FirewallRules: [uDP Query User{38D63DBA-A315-4E55-943D-333DCEC1253E}C:\windows\system32\taskhost.exe] => (Block) C:\windows\system32\taskhost.exe
FirewallRules: [TCP Query User{11A10377-22B1-44EF-968F-E2168C4ECD9E}C:\users\w7u\desktop\procexp.exe] => (Block) C:\users\w7u\desktop\procexp.exe
FirewallRules: [uDP Query User{64C67AFC-29D0-4DD1-B4BF-59D2E331ED18}C:\users\w7u\desktop\procexp.exe] => (Block) C:\users\w7u\desktop\procexp.exe
FirewallRules: [TCP Query User{CA8DF04C-53FB-444C-8513-57BBAD5AB9CF}C:\windows\system32\dllhost.exe] => (Block) C:\windows\system32\dllhost.exe
FirewallRules: [uDP Query User{BE69B681-3AA3-40BC-8340-18FD0DA1A730}C:\windows\system32\dllhost.exe] => (Block) C:\windows\system32\dllhost.exe
FirewallRules: [TCP Query User{54A10101-7B4F-4360-9A34-90B44010E327}G:\malwarebytes anti-malware\mbam.exe] => (Block) G:\malwarebytes anti-malware\mbam.exe
FirewallRules: [uDP Query User{6BE3A073-BB51-4F19-9D99-DE0793094705}G:\malwarebytes anti-malware\mbam.exe] => (Block) G:\malwarebytes anti-malware\mbam.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Coprocessor
Description: Coprocessor
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/26/2015 05:55:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/26/2015 05:50:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/26/2015 05:40:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/26/2015 05:23:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/26/2015 11:57:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/26/2015 11:39:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/26/2015 11:03:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/25/2015 06:29:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/25/2015 06:04:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/25/2015 05:16:45 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {803b0aa6-d9f3-4aed-a365-8b86651dd4cc}
 
 
System errors:
=============
Error: (06/26/2015 05:28:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (06/26/2015 05:22:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (06/26/2015 05:22:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (06/26/2015 05:22:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (06/26/2015 05:22:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (06/26/2015 05:22:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (06/26/2015 05:22:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (06/26/2015 05:22:23 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (06/26/2015 05:22:23 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (06/26/2015 05:22:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office:
=========================
Error: (06/26/2015 05:55:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/26/2015 05:50:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/26/2015 05:40:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/26/2015 05:23:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/26/2015 11:57:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/26/2015 11:39:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/26/2015 11:03:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/25/2015 06:29:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/25/2015 06:04:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/25/2015 05:16:45 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {803b0aa6-d9f3-4aed-a365-8b86651dd4cc}
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon 64 X2 Dual Core Processor 5000+
Percentage of memory in use: 34%
Total physical RAM: 1983.37 MB
Available physical RAM: 1307.99 MB
Total Pagefile: 3966.73 MB
Available Pagefile: 3189.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.35 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:27.56 GB) (Free:10.13 GB) NTFS
Drive d: (TATTOO) (Fixed) (Total:58.23 GB) (Free:21.55 GB) NTFS
Drive e: (MANNY) (Fixed) (Total:30.67 GB) (Free:21.03 GB) NTFS
Drive f: (MUSIC) (Fixed) (Total:58.2 GB) (Free:25.2 GB) NTFS
Drive g: (Programs) (Fixed) (Total:29.81 GB) (Free:24.87 GB) NTFS
Drive h: (Secondary) (Fixed) (Total:28.32 GB) (Free:19.58 GB) NTFS
Drive j: (Expansion Drive) (Fixed) (Total:931.51 GB) (Free:10.2 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: E55DE55D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=29.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=28.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=174.7 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 4251AEA0)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of log ============================
Link to post
Share on other sites

Step 1

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Step 2

Please update Malwarebytes Anti-Malware, perform a threat scan and post your log file.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • FRST log
Link to post
Share on other sites

Malwarebytes log:

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 6/26/2015
Scan Time: 6:52:16 PM
Logfile: 
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.06.26.01
Rootkit Database: v2015.06.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: W7U
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 295534
Time Elapsed: 20 min, 14 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 3
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),,[b99008b7f694b2847fb42025ce384cb4]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),,[78d1823dd2b8de58c96b62e36d995aa6]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),,[9baebd028109fa3c4ce94df8679f2fd1]
 
Folders: 0
(No malicious items detected)
 
Files: 1
Trojan.Malpack.Gen, C:\yuqx.exe, , [5eebc6f93357d75fa56c82a98978a858], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.