Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Explorer Is Not Responding / Event Viewer: WMI Win32_Processor


  • This topic is locked This topic is locked
4 replies to this topic

#1 Selmy

Selmy

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 18 March 2014 - 07:31 PM

Hi all,

 

I posted another topic after I was infected with malware in: http://www.bleepingcomputer.com/forums/t/527431/rocketfuel-conduit-mobogenie/

 

I appear to have removed all malware from the machine but continue to experience problems. Included below is an error from Windows event viewer, a log file from Minitoolkit and a brief description of my symptoms. Please take a look and thanks in advance for your time and any assistance you can provide. Thanks!

 

=====

Symptoms:

1. Computer will freeze within less than 5 minutes of startup, all programs/explorers/browsers are non responsive

 

2. Intel CPU Usage monitor pegs Core1 over to 100% and stays stuck there for the period of the "Freeze"

 

3. Computer sometimes breaks out of this after several minutes and returns to normal operations, only to freeze again in another 5-15 minutes

=====

 

=====

Steps Taken:

1. Comprehensive malware scanning & virus removal procedure (see link to other topic above)

 

2. Updated Video drivers, chipset drivers, etc. to most recent stable versions

 

3. Ran Windows updates and installed all priority updates

 

4. Ran Windows Memory Diagnostic (good)

 

5. Modified windows virtual memory cache size from (~alot) to 2048mb

=====

 

=====

Important Event Viewer entry under Administrative Events

Timestamps seem to coincide with the onset of the issue

 

Source: WMI

 

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

=====

 

=====

Minitoolkit Logfile

Thanks for reading!

======

MiniToolBox by Farbar  Version: 23-01-2014
Ran by User (administrator) on 18-03-2014 at 20:15:03
Running from "D:\Downloads"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
54.225.95.126 ajakpekbmnkgnjbpajgkdhimcbeoocam
 
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
Hamachi Network Interface = Hamachi (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Hamachi" nexthop=25.0.0.1 publish=Yes
set interface interface="Hamachi" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : User-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Belkin
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : C8-60-00-C3-98-4E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5088:cd70:19b:5cbf%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, March 18, 2014 8:09:56 PM
   Lease Expires . . . . . . . . . . : Saturday, April 25, 2150 2:43:20 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 248012800
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-5A-AA-A1-C8-60-00-C3-98-4E
   DNS Servers . . . . . . . . . . . : 8.8.8.8
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Hamachi:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Hamachi Network Interface
   Physical Address. . . . . . . . . : 7A-79-19-14-03-10
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2620:9b::1914:310(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::6171:f01b:a5c1:787a%15(Preferred) 
   IPv4 Address. . . . . . . . . . . : 25.20.3.16(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.0.0.0
   Lease Obtained. . . . . . . . . . : Tuesday, March 18, 2014 8:09:55 PM
   Lease Expires . . . . . . . . . . : Tuesday, March 18, 2014 8:18:23 PM
   Default Gateway . . . . . . . . . : 2620:9b::1900:1
                                       25.0.0.1
   DHCP Server . . . . . . . . . . . : 25.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 343570713
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-5A-AA-A1-C8-60-00-C3-98-4E
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{FE194944-471B-45EF-BED0-4E52496B2888}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:3c80:3f4f:cd4b:3479(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::3c80:3f4f:cd4b:3479%13(Preferred) 
   Default Gateway . . . . . . . . . : 
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.Belkin:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  google-public-dns-a.google.com
Address:  8.8.8.8
 
Name:    google.com
Addresses:  2607:f8b0:4002:c06::66
 74.125.21.101
 74.125.21.100
 74.125.21.139
 74.125.21.138
 74.125.21.113
 74.125.21.102
 
 
Pinging google.com [74.125.21.101] with 32 bytes of data:
Reply from 74.125.21.101: bytes=32 time=13ms TTL=45
Reply from 74.125.21.101: bytes=32 time=14ms TTL=45
 
Ping statistics for 74.125.21.101:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 13ms, Maximum = 14ms, Average = 13ms
Server:  google-public-dns-a.google.com
Address:  8.8.8.8
 
Name:    yahoo.com
Addresses:  98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=55ms TTL=51
Reply from 98.139.183.24: bytes=32 time=58ms TTL=51
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 55ms, Maximum = 58ms, Average = 56ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...c8 60 00 c3 98 4e ......Realtek PCIe GBE Family Controller
 15...7a 79 19 14 03 10 ......Hamachi Network Interface
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         25.0.0.1       25.20.3.16   9256
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.100     10
         25.0.0.0        255.0.0.0         On-link        25.20.3.16   9256
       25.20.3.16  255.255.255.255         On-link        25.20.3.16   9256
   25.255.255.255  255.255.255.255         On-link        25.20.3.16   9256
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.100    266
    192.168.1.100  255.255.255.255         On-link     192.168.1.100    266
    192.168.1.255  255.255.255.255         On-link     192.168.1.100    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.100    266
        224.0.0.0        240.0.0.0         On-link        25.20.3.16   9256
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.100    266
  255.255.255.255  255.255.255.255         On-link        25.20.3.16   9256
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0         25.0.0.1  Default 
===========================================================================
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 15   9020 ::/0                     2620:9b::1900:1
  1    306 ::1/128                  On-link
 13     58 2001::/32                On-link
 13    306 2001:0:9d38:6ab8:3c80:3f4f:cd4b:3479/128
                                    On-link
 15    276 2620:9b::/64             On-link
 15    276 2620:9b::/96             On-link
 15    276 2620:9b::1914:310/128    On-link
 11    266 fe80::/64                On-link
 15    276 fe80::/64                On-link
 13    306 fe80::/64                On-link
 13    306 fe80::3c80:3f4f:cd4b:3479/128
                                    On-link
 11    266 fe80::5088:cd70:19b:5cbf/128
                                    On-link
 15    276 fe80::6171:f01b:a5c1:787a/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    306 ff00::/8                 On-link
 11    266 ff00::/8                 On-link
 15    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
 If Metric Network Destination      Gateway
  0 4294967295 2620:9b::/96             On-link
  0   9000 ::/0                     2620:9b::1900:1
===========================================================================
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (03/18/2014 08:11:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/18/2014 08:09:59 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (03/18/2014 08:07:46 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (03/18/2014 08:04:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/18/2014 08:02:14 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (03/18/2014 07:56:00 PM) (Source: Application Hang) (User: )
Description: The program taskmgr.exe version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 16f0
 
Start Time: 01cf430546231b55
 
Termination Time: 2
 
Application Path: C:\Windows\system32\taskmgr.exe
 
Report Id: d590a452-aef8-11e3-bf9b-c86000c3984e
 
Error: (03/18/2014 07:53:45 PM) (Source: Application Hang) (User: )
Description: The program explorer.exe version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1110
 
Start Time: 01cf43052eee5e28
 
Termination Time: 4970
 
Application Path: C:\Windows\explorer.exe
 
Report Id: 85300e58-aef8-11e3-bf9b-c86000c3984e
 
Error: (03/18/2014 07:52:55 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: b04
 
Start Time: 01cf43047f930fa8
 
Termination Time: 16538
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: 5febde37-aef8-11e3-bf9b-c86000c3984e
 
Error: (03/18/2014 07:49:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/18/2014 07:48:01 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
 
System errors:
=============
Error: (03/18/2014 08:08:04 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.100.
The computer with the IP address 192.168.1.101 did not allow the name to be claimed by
this computer.
 
Error: (03/18/2014 08:07:41 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 8:06:28 PM on ?3/?18/?2014 was unexpected.
 
Error: (03/18/2014 07:43:38 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (03/18/2014 07:43:38 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (03/18/2014 07:43:38 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (03/18/2014 07:43:38 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (03/18/2014 07:43:38 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (03/18/2014 07:43:38 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (03/18/2014 07:43:38 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (03/18/2014 07:43:38 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (03/18/2014 08:11:50 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/18/2014 08:09:59 PM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000
 
Error: (03/18/2014 08:07:46 PM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000
 
Error: (03/18/2014 08:04:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/18/2014 08:02:14 PM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000
 
Error: (03/18/2014 07:56:00 PM) (Source: Application Hang)(User: )
Description: taskmgr.exe6.1.7601.1751416f001cf430546231b552C:\Windows\system32\taskmgr.exed590a452-aef8-11e3-bf9b-c86000c3984e
 
Error: (03/18/2014 07:53:45 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.1.7601.17514111001cf43052eee5e284970C:\Windows\explorer.exe85300e58-aef8-11e3-bf9b-c86000c3984e
 
Error: (03/18/2014 07:52:55 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.17514b0401cf43047f930fa816538C:\Windows\Explorer.EXE5febde37-aef8-11e3-bf9b-c86000c3984e
 
Error: (03/18/2014 07:49:52 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/18/2014 07:48:01 PM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-06-24 22:35:19.848
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-24 22:35:19.848
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-24 22:35:15.050
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-24 22:35:15.050
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\AtihdW76.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-24 22:27:55.136
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-06-24 22:27:55.120
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
=========================== Installed Programs ============================
 
µTorrent (Version: 3.3.2.30303)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
7-Zip 9.25 (x64 edition) (Version: 9.25.00.0)
A Game of Thrones version 0.6 (Version: 0.6)
Adobe Photoshop CC (Version: 14.0)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Akamai NetSession Interface
AMD Accelerated Video Transcoding (Version: 13.20.100.31206)
AMD Catalyst Control Center (Version: 2013.1206.1603.28764)
AMD Catalyst Install Manager (Version: 8.0.915.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.81206.1620)
AMD Wireless Display v3.0 (Version: 1.0.0.12)
AMD Wireless Display v3.0 (Version: 1.0.0.14)
Baldur's Gate: Enhanced Edition
BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2013.1206.1603.28764)
Catalyst Control Center InstallProxy (Version: 2013.0328.2218.38225)
Catalyst Control Center InstallProxy (Version: 2013.1206.1603.28764)
Catalyst Control Center Localization All (Version: 2013.1206.1603.28764)
CCC Help Chinese Standard (Version: 2013.1206.1602.28764)
CCC Help Chinese Traditional (Version: 2013.1206.1602.28764)
CCC Help Czech (Version: 2013.1206.1602.28764)
CCC Help Danish (Version: 2013.1206.1602.28764)
CCC Help Dutch (Version: 2013.1206.1602.28764)
CCC Help English (Version: 2013.1206.1602.28764)
CCC Help Finnish (Version: 2013.1206.1602.28764)
CCC Help French (Version: 2013.1206.1602.28764)
CCC Help German (Version: 2013.1206.1602.28764)
CCC Help Greek (Version: 2013.1206.1602.28764)
CCC Help Hungarian (Version: 2013.1206.1602.28764)
CCC Help Italian (Version: 2013.1206.1602.28764)
CCC Help Japanese (Version: 2013.1206.1602.28764)
CCC Help Korean (Version: 2013.1206.1602.28764)
CCC Help Norwegian (Version: 2013.1206.1602.28764)
CCC Help Polish (Version: 2013.1206.1602.28764)
CCC Help Portuguese (Version: 2013.1206.1602.28764)
CCC Help Russian (Version: 2013.1206.1602.28764)
CCC Help Spanish (Version: 2013.1206.1602.28764)
CCC Help Swedish (Version: 2013.1206.1602.28764)
CCC Help Thai (Version: 2013.1206.1602.28764)
CCC Help Turkish (Version: 2013.1206.1602.28764)
ccc-utility64 (Version: 2013.1206.1603.28764)
Core Temp version 0.99.7 (Version: 0.99.7)
Corsair SSD Toolbox 1.2.0.9 (Version: 1.2.0.9)
CPUID CPU-Z 1.67
Crusader Kings II
Dawn Of Fantasy (Version: 1.0.0.0)
Divinity Original Sin
Dragon Age Awakening Redesigned
Dragon Age Awakening Velanna Redesigned©
Dragon Age Redesigned © Morrigan
Dragon Age Redesigned- Leliana's Song
Dragon Age Redesigned Oghren©
Dragon Age Redesigned©
Dragon Age Redesigned© Leliana
Dragon Age Redesigned© Sten
Dragon Age Redesigned© Wynne
Dropbox (Version: 2.4.11)
FINAL FANTASY XIV: A Realm Reborn
Google Chrome (Version: 33.0.1750.154)
Google Update Helper (Version: 1.3.22.5)
HP Deskjet 3050 J610 series Basic Device Software (Version: 28.0.1315.0)
Intel® Management Engine Components (Version: 8.1.0.1252)
Intel® USB 3.0 eXtensible Host Controller Driver (Version: 1.0.4.220)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
League of Legends (Version: 3.0.0)
Left 4 Dead 2
LogMeIn Hamachi (Version: 2.2.0.173)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (Version: 11.0.50727.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (Version: 11.0.50727.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)
Notepad++ (Version: 6.5.3)
NVIDIA PhysX (Version: 9.11.1107)
OpenOffice 4.0.1 (Version: 4.01.9714)
PDF Settings CC (Version: 12.0)
PeerBlock 1.2 (r693) (Version: 1.2.0.693)
PlanetSide 2
PowerISO (Version: 5.7)
Realtek Ethernet Controller Driver (Version: 7.61.612.2012)
Realtek High Definition Audio Driver (Version: 6.0.1.6657)
Scrivener (Version: 1610)
seaafeeweB (Version: 4.3.0.1667)
Shadowrun Returns
Skype™ 6.11 (Version: 6.11.102)
Space Pirates and Zombies
Starbound
StarCraft II
Steam (Version: 1.0.0.0)
Surgeon Simulator 2013
SW.Booster (Version: 2.2.0.1110)
SW.Sustainer 1.80
TeamSpeak 3 Client (Version: 3.0.14)
The Showdown Effect
The Stanley Parable
The Witcher 2: Assassins of Kings Enhanced Edition
Ultima Online Classic Client (Version: )
Ultima Online Forever (Version: 1.0.0)
VASSAL (3.2.8) (Version: 3.2.8)
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
Vizzed Retro Game Room (Version: 2.0.0)
VLC media player 2.0.6 (Version: 2.0.6)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
YoutubeAdblocker (Version: 2.2.0.1281)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 10%
Total physical RAM: 32719.64 MB
Available physical RAM: 29250.43 MB
Total Pagefile: 34765.82 MB
Available Pagefile: 30830.06 MB
Total Virtual: 4095.88 MB
Available Virtual: 3978.09 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:167.58 GB) (Free:72.33 GB) NTFS
2 Drive d: (Bulk HD) (Fixed) (Total:465.76 GB) (Free:254.42 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\User-PC
 
Administrator            User                     Guest                    
 
========================= Minidump Files ==================================
 
No minidump file found
 
 
**** End of log ****

Edited by Selmy, 18 March 2014 - 07:48 PM.


BC AdBot (Login to Remove)

 


m

#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:44 AM

Posted 18 March 2014 - 08:18 PM

You abandoned your original topic.

PM your helper to reopen it.

I'll ask mods to close this one.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Selmy

Selmy
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 18 March 2014 - 08:30 PM

I have PM'd Jeffce from my original thread.

I thought I had 5 days to reply to a topic before threadlock.

I also have no reason at this point to believe the issue is malware related, other than the coincidence of some Malware within the timeframe of the larger issue.

 

I don't care where the topic is posted, I just wanted to make an effort to not burden the malware experts with a potentially unrelated problem. Thanks for your reply and your time!



#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:44 AM

Posted 18 March 2014 - 08:36 PM

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

 

That's all I can say.

You can't leave your original topic because YOU think your computer is clean.

It's up to your helper to let you know when your computer is actually clean.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 hamluis

hamluis

    Moderator


  • Moderator
  • 54,821 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:44 AM

Posted 19 March 2014 - 05:47 AM

Well...I have reopened the topic at http://www.bleepingcomputer.com/forums/t/527431/rocketfuel-conduit-mobogenie/ and you should respond as requested within that topic.

 

This topic is now closed to avoid confusion.

 

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users