Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

100% CPU Usage


  • This topic is locked This topic is locked
5 replies to this topic

#1 TheKorean2908

TheKorean2908

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:42 AM

Posted 15 January 2013 - 05:25 PM

Hello all,

I have been experiencing some issues regarding CPU usage (using Windows XP Service Pack 3). Whenever I open a program (any program), it instantly uses 100% CPU. For instance, if I'm using Firefox (like I am now), Firefox uses 100% CPU. If I'm using VLC Media Player, VLC uses 100% CPU. However, each time I open the Task Manager, it "reduces" from 100% CPU usage until I close it again.

I had scoured Google for some kind of solution. The only thing that remotely sounded like my problem was the igfxupdate.exe trojan that seemed to cause symptoms similar to mine. However, no such executable exists on my computer. In addition, Malwarebytes, Emsisoft Anti-Malware, and SuperAntispyware have all scanned my computer and deemed it clean.

I also use Comodo as my firewall and Avast as an antivirus. I know that they sometimes are in conflict with each other, so I have made both exceptions in each program.

I should also mention that this the same symptoms have occurred on two separate machines after a COMPLETE format on both, so I'm assuming that it isn't an infection or hardware issue, but I could be wrong.

Any help would be greatly appreciated! Thank you so much for your time!

Edited by TheKorean2908, 15 January 2013 - 06:02 PM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:42 AM

Posted 18 January 2013 - 10:26 PM

Hello and sorry for the wait.

I'd like to run these.....

MiniToolBox
Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When the scan is complete, click OK, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 TheKorean2908

TheKorean2908
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:42 AM

Posted 19 January 2013 - 12:36 AM

Thanks for the reply! I tried looking up whether you guys would like to have logs posted in the actual message or through an attachment... Here are the results:

MiniToolBox

MiniToolBox by Farbar Version:10-01-2013
Ran by Administrator (administrator) on 18-01-2013 at 22:38:32
Running from "C:\Documents and Settings\Administrator\desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

192.168.1.77 goldenteenet.itsgames.com

127.0.0.1 localhost
127.0.0.1 mpa.one.microsoft.com

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=static addr=208.67.222.222 register=PRIMARY
add dns name="Local Area Connection" addr=208.67.220.220 index=2
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : desktop

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : gateway.2wire.net



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-13-20-03-23-B6

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.77

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 208.67.222.222

208.67.220.220

Lease Obtained. . . . . . . . . . : Friday, January 18, 2013 2:58:25 PM

Lease Expires . . . . . . . . . . : Saturday, January 19, 2013 2:58:25 PM

DNS request timed out.
timeout was 2 seconds.
Server: resolver2.opendns.com
Address: 208.67.220.220

Name: google.com.2wire.net
Address: 67.215.65.132



Pinging google.com [74.125.225.71] with 32 bytes of data:



Reply from 74.125.225.71: bytes=32 time=107ms TTL=52

Reply from 74.125.225.71: bytes=32 time=29ms TTL=52



Ping statistics for 74.125.225.71:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 29ms, Maximum = 107ms, Average = 68ms

Server: resolver1.opendns.com
Address: 208.67.222.222

Name: yahoo.com.2wire.net
Address: 67.215.65.132



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=69ms TTL=47

Reply from 98.138.253.109: bytes=32 time=93ms TTL=47



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 69ms, Maximum = 93ms, Average = 81ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 20 03 23 b6 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.77 20
117.213.150.177 255.255.255.255 192.168.1.254 192.168.1.77 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.77 192.168.1.77 20
192.168.1.77 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.77 192.168.1.77 20
213.198.227.208 255.255.255.255 192.168.1.254 192.168.1.77 20
224.0.0.0 240.0.0.0 192.168.1.77 192.168.1.77 20
255.255.255.255 255.255.255.255 192.168.1.77 192.168.1.77 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/13/2013 04:27:24 AM) (Source: MPSampleSubmission) (User: )
Description: mptelemetry0x80070003moaccachereset4.1.522.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (01/12/2013 09:51:08 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (01/12/2013 06:38:11 AM) (Source: System.ServiceModel.Install 3.0.0.0) (User: )
Description: System.Configuration.ConfigurationErrorsException: Configuration system failed to initialize ---> System.Configuration.ConfigurationErrorsException: Unrecognized configuration section system.serviceModel. (C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config line 136)
at System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean ignoreLocal)
at System.Configuration.BaseConfigurationRecord.ThrowIfParseErrors(ConfigurationSchemaErrors schemaErrors)
at System.Configuration.BaseConfigurationRecord.ThrowIfInitErrors()
at System.Configuration.ClientConfigurationSystem.EnsureInit(String configKey)
--- End of inner exception stack trace ---
at System.Configuration.ClientConfigurationSystem.EnsureInit(String configKey)
at System.Configuration.ClientConfigurationSystem.PrepareClientConfigSystem(String sectionName)
at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(String sectionName)
at System.Configuration.ConfigurationManager.GetSection(String sectionName)
at System.Configuration.PrivilegedConfigurationManager.GetSection(String sectionName)
at System.Diagnostics.DiagnosticsConfiguration.GetConfigSection()
at System.Diagnostics.DiagnosticsConfiguration.Initialize()
at System.Diagnostics.DiagnosticsConfiguration.get_SwitchSettings()
at System.Diagnostics.Switch.InitializeConfigSettings()
at System.Diagnostics.Switch.InitializeWithStatus()
at System.Diagnostics.Switch.get_SwitchSetting()
at System.Diagnostics.BooleanSwitch.get_Enabled()
at System.Xml.Serialization.TempAssembly.LoadGeneratedAssembly(Type type, String defaultNamespace, XmlSerializerImplementation& contract)
at System.Xml.Serialization.XmlSerializer..ctor(Type type, String defaultNamespace)
at System.Xml.Serialization.XmlSerializer..ctor(Type type)
at System.ServiceModel.Install.Configuration.ConfigurationHandlersInstallComponent..ctor(ConfigurationLoader configLoader)
at System.ServiceModel.Install.Configuration.ConfigurationHandlersInstallComponent.CreateNativeConfigurationHandlersInstallComponent()
at Microsoft.Tools.ServiceModel.ServiceModelReg.BuildActionQueue()
at Microsoft.Tools.ServiceModel.ServiceModelReg.Run(String[] args)
at Microsoft.Tools.ServiceModel.ServiceModelReg.TryRun(String[] args)

Error: (01/12/2013 06:36:54 AM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1716.5060kb27425971033643finstallx865.1.2600.2.3.0.2560

Error: (01/12/2013 06:36:36 AM) (Source: MsiInstaller) (User: DESKTOP)
Description: Product: Microsoft .NET Framework 1.1 - Update '{6C298884-91FD-408C-9D90-5A59D2C29FD1}' could not be installed. Error code 1603. Additional information is available in the log file C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log.

Error: (01/12/2013 05:54:24 AM) (Source: System.ServiceModel.Install 3.0.0.0) (User: )
Description: System.Configuration.ConfigurationErrorsException: Configuration system failed to initialize ---> System.Configuration.ConfigurationErrorsException: Unrecognized configuration section system.serviceModel. (C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config line 136)
at System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean ignoreLocal)
at System.Configuration.BaseConfigurationRecord.ThrowIfParseErrors(ConfigurationSchemaErrors schemaErrors)
at System.Configuration.BaseConfigurationRecord.ThrowIfInitErrors()
at System.Configuration.ClientConfigurationSystem.EnsureInit(String configKey)
--- End of inner exception stack trace ---
at System.Configuration.ClientConfigurationSystem.EnsureInit(String configKey)
at System.Configuration.ClientConfigurationSystem.PrepareClientConfigSystem(String sectionName)
at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(String sectionName)
at System.Configuration.ConfigurationManager.GetSection(String sectionName)
at System.Configuration.PrivilegedConfigurationManager.GetSection(String sectionName)
at System.Diagnostics.DiagnosticsConfiguration.GetConfigSection()
at System.Diagnostics.DiagnosticsConfiguration.Initialize()
at System.Diagnostics.DiagnosticsConfiguration.get_SwitchSettings()
at System.Diagnostics.Switch.InitializeConfigSettings()
at System.Diagnostics.Switch.InitializeWithStatus()
at System.Diagnostics.Switch.get_SwitchSetting()
at System.Diagnostics.BooleanSwitch.get_Enabled()
at System.Xml.Serialization.TempAssembly.LoadGeneratedAssembly(Type type, String defaultNamespace, XmlSerializerImplementation& contract)
at System.Xml.Serialization.XmlSerializer..ctor(Type type, String defaultNamespace)
at System.Xml.Serialization.XmlSerializer..ctor(Type type)
at System.ServiceModel.Install.Configuration.ConfigurationHandlersInstallComponent..ctor(ConfigurationLoader configLoader)
at System.ServiceModel.Install.Configuration.ConfigurationHandlersInstallComponent.CreateNativeConfigurationHandlersInstallComponent()
at Microsoft.Tools.ServiceModel.ServiceModelReg.BuildActionQueue()
at Microsoft.Tools.ServiceModel.ServiceModelReg.Run(String[] args)
at Microsoft.Tools.ServiceModel.ServiceModelReg.TryRun(String[] args)

Error: (01/12/2013 04:38:16 AM) (Source: HotFixInstaller) (User: )
Description: EventType visualstudio8setup, P1 microsoft .net framework 3.0-kb2656407, P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 visualstudio8setup0, P10 visualstudio8setup1.

Error: (01/12/2013 04:38:14 AM) (Source: MsiInstaller) (User: DESKTOP)
Description: Product: Microsoft .NET Framework 3.0 Service Pack 2 - Update 'KB2656407' could not be installed. Error code 1603. Additional information is available in the log file C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Microsoft .NET Framework 3.0-KB2656407_20130112_093723015-Msi0.txt.

Error: (01/12/2013 04:38:10 AM) (Source: System.ServiceModel.Install 3.0.0.0) (User: )
Description: System.Configuration.ConfigurationErrorsException: Configuration system failed to initialize ---> System.Configuration.ConfigurationErrorsException: Unrecognized configuration section system.serviceModel. (C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config line 146)
at System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean ignoreLocal)
at System.Configuration.BaseConfigurationRecord.ThrowIfParseErrors(ConfigurationSchemaErrors schemaErrors)
at System.Configuration.BaseConfigurationRecord.ThrowIfInitErrors()
at System.Configuration.ClientConfigurationSystem.EnsureInit(String configKey)
--- End of inner exception stack trace ---
at System.Configuration.ClientConfigurationSystem.EnsureInit(String configKey)
at System.Configuration.ClientConfigurationSystem.PrepareClientConfigSystem(String sectionName)
at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(String sectionName)
at System.Configuration.ConfigurationManager.GetSection(String sectionName)
at System.Configuration.PrivilegedConfigurationManager.GetSection(String sectionName)
at System.Diagnostics.DiagnosticsConfiguration.GetConfigSection()
at System.Diagnostics.DiagnosticsConfiguration.Initialize()
at System.Diagnostics.DiagnosticsConfiguration.get_SwitchSettings()
at System.Diagnostics.Switch.InitializeConfigSettings()
at System.Diagnostics.Switch.InitializeWithStatus()
at System.Diagnostics.Switch.get_SwitchSetting()
at System.Diagnostics.BooleanSwitch.get_Enabled()
at System.Xml.Serialization.TempAssembly.LoadGeneratedAssembly(Type type, String defaultNamespace, XmlSerializerImplementation& contract)
at System.Xml.Serialization.XmlSerializer..ctor(Type type, String defaultNamespace)
at System.Xml.Serialization.XmlSerializer..ctor(Type type)
at System.ServiceModel.Install.Configuration.ConfigurationHandlersInstallComponent..ctor(ConfigurationLoader configLoader)
at System.ServiceModel.Install.Configuration.ConfigurationHandlersInstallComponent.CreateNativeConfigurationHandlersInstallComponent()
at Microsoft.Tools.ServiceModel.ServiceModelReg.BuildActionQueue()
at Microsoft.Tools.ServiceModel.ServiceModelReg.Run(String[] args)
at Microsoft.Tools.ServiceModel.ServiceModelReg.TryRun(String[] args)

Error: (01/12/2013 04:38:04 AM) (Source: MsiInstaller) (User: DESKTOP)
Description: Product: Microsoft .NET Framework 3.0 Service Pack 2 -- Error 1935. An error occurred during the installation of assembly 'System.Printing,fileVersion="3.0.6920.4021",culture="neutral",version="3.0.0.0",publicKeyToken="31bf3856ad364e35",processorArchitecture="X86"'. Please refer to Help and Support for more information. HRESULT: 0x80070020. assembly interface: IAssemblyCacheItem, function: Commit, component: {837887C8-942F-42C5-A913-2C03E1D3A2E0}


System errors:
=============
Error: (01/14/2013 07:01:00 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (01/14/2013 05:22:15 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.141.3853.0).

Error: (01/14/2013 05:20:00 AM) (Source: Microsoft Antimalware) (User: )
Description: %%8604.1.0522.01.141.3820.07%%859NT AUTHORITYSYSTEMS-1-5-181%%8001%%8031.1.9002.00x80070643Fatal error during installation. 3%%854http://www.microsoft.com

Error: (01/14/2013 02:19:51 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.141.3847.0).

Error: (01/14/2013 02:16:04 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft Silverlight (KB2636927).

Error: (01/14/2013 00:30:23 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).

Error: (01/13/2013 05:09:37 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (01/13/2013 04:59:31 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (01/13/2013 04:59:07 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (01/13/2013 04:51:38 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0


Microsoft Office Sessions:
=========================
Error: (01/13/2013 04:27:24 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry0x80070003moaccachereset4.1.522.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (01/12/2013 09:51:08 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (01/12/2013 06:38:11 AM) (Source: System.ServiceModel.Install 3.0.0.0)(User: )
Description: System.Configuration.ConfigurationErrorsException: Configuration system failed to initialize ---> System.Configuration.ConfigurationErrorsException: Unrecognized configuration section system.serviceModel. (C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config line 136)
at System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean ignoreLocal)
at System.Configuration.BaseConfigurationRecord.ThrowIfParseErrors(ConfigurationSchemaErrors schemaErrors)
at System.Configuration.BaseConfigurationRecord.ThrowIfInitErrors()
at System.Configuration.ClientConfigurationSystem.EnsureInit(String configKey)
--- End of inner exception stack trace ---
at System.Configuration.ClientConfigurationSystem.EnsureInit(String configKey)
at System.Configuration.ClientConfigurationSystem.PrepareClientConfigSystem(String sectionName)
at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(String sectionName)
at System.Configuration.ConfigurationManager.GetSection(String sectionName)
at System.Configuration.PrivilegedConfigurationManager.GetSection(String sectionName)
at System.Diagnostics.DiagnosticsConfiguration.GetConfigSection()
at System.Diagnostics.DiagnosticsConfiguration.Initialize()
at System.Diagnostics.DiagnosticsConfiguration.get_SwitchSettings()
at System.Diagnostics.Switch.InitializeConfigSettings()
at System.Diagnostics.Switch.InitializeWithStatus()
at System.Diagnostics.Switch.get_SwitchSetting()
at System.Diagnostics.BooleanSwitch.get_Enabled()
at System.Xml.Serialization.TempAssembly.LoadGeneratedAssembly(Type type, String defaultNamespace, XmlSerializerImplementation& contract)
at System.Xml.Serialization.XmlSerializer..ctor(Type type, String defaultNamespace)
at System.Xml.Serialization.XmlSerializer..ctor(Type type)
at System.ServiceModel.Install.Configuration.ConfigurationHandlersInstallComponent..ctor(ConfigurationLoader configLoader)
at System.ServiceModel.Install.Configuration.ConfigurationHandlersInstallComponent.CreateNativeConfigurationHandlersInstallComponent()
at Microsoft.Tools.ServiceModel.ServiceModelReg.BuildActionQueue()
at Microsoft.Tools.ServiceModel.ServiceModelReg.Run(String[] args)
at Microsoft.Tools.ServiceModel.ServiceModelReg.TryRun(String[] args)

Error: (01/12/2013 06:36:54 AM) (Source: NativeWrapper)(User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1716.5060kb27425971033643finstallx865.1.2600.2.3.0.2560

Error: (01/12/2013 06:36:36 AM) (Source: MsiInstaller)(User: DESKTOP)
Description: Microsoft .NET Framework 1.1{6C298884-91FD-408C-9D90-5A59D2C29FD1}1603C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log

Error: (01/12/2013 05:54:24 AM) (Source: System.ServiceModel.Install 3.0.0.0)(User: )
Description: System.Configuration.ConfigurationErrorsException: Configuration system failed to initialize ---> System.Configuration.ConfigurationErrorsException: Unrecognized configuration section system.serviceModel. (C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config line 136)
at System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean ignoreLocal)
at System.Configuration.BaseConfigurationRecord.ThrowIfParseErrors(ConfigurationSchemaErrors schemaErrors)
at System.Configuration.BaseConfigurationRecord.ThrowIfInitErrors()
at System.Configuration.ClientConfigurationSystem.EnsureInit(String configKey)
--- End of inner exception stack trace ---
at System.Configuration.ClientConfigurationSystem.EnsureInit(String configKey)
at System.Configuration.ClientConfigurationSystem.PrepareClientConfigSystem(String sectionName)
at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(String sectionName)
at System.Configuration.ConfigurationManager.GetSection(String sectionName)
at System.Configuration.PrivilegedConfigurationManager.GetSection(String sectionName)
at System.Diagnostics.DiagnosticsConfiguration.GetConfigSection()
at System.Diagnostics.DiagnosticsConfiguration.Initialize()
at System.Diagnostics.DiagnosticsConfiguration.get_SwitchSettings()
at System.Diagnostics.Switch.InitializeConfigSettings()
at System.Diagnostics.Switch.InitializeWithStatus()
at System.Diagnostics.Switch.get_SwitchSetting()
at System.Diagnostics.BooleanSwitch.get_Enabled()
at System.Xml.Serialization.TempAssembly.LoadGeneratedAssembly(Type type, String defaultNamespace, XmlSerializerImplementation& contract)
at System.Xml.Serialization.XmlSerializer..ctor(Type type, String defaultNamespace)
at System.Xml.Serialization.XmlSerializer..ctor(Type type)
at System.ServiceModel.Install.Configuration.ConfigurationHandlersInstallComponent..ctor(ConfigurationLoader configLoader)
at System.ServiceModel.Install.Configuration.ConfigurationHandlersInstallComponent.CreateNativeConfigurationHandlersInstallComponent()
at Microsoft.Tools.ServiceModel.ServiceModelReg.BuildActionQueue()
at Microsoft.Tools.ServiceModel.ServiceModelReg.Run(String[] args)
at Microsoft.Tools.ServiceModel.ServiceModelReg.TryRun(String[] args)

Error: (01/12/2013 04:38:16 AM) (Source: HotFixInstaller)(User: )
Description: visualstudio8setupmicrosoft .net framework 3.0-kb265640710331603msif9.0.40215.0installx86xp1935

Error: (01/12/2013 04:38:14 AM) (Source: MsiInstaller)(User: DESKTOP)
Description: Microsoft .NET Framework 3.0 Service Pack 2KB26564071603C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Microsoft .NET Framework 3.0-KB2656407_20130112_093723015-Msi0.txt

Error: (01/12/2013 04:38:10 AM) (Source: System.ServiceModel.Install 3.0.0.0)(User: )
Description: System.Configuration.ConfigurationErrorsException: Configuration system failed to initialize ---> System.Configuration.ConfigurationErrorsException: Unrecognized configuration section system.serviceModel. (C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config line 146)
at System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean ignoreLocal)
at System.Configuration.BaseConfigurationRecord.ThrowIfParseErrors(ConfigurationSchemaErrors schemaErrors)
at System.Configuration.BaseConfigurationRecord.ThrowIfInitErrors()
at System.Configuration.ClientConfigurationSystem.EnsureInit(String configKey)
--- End of inner exception stack trace ---
at System.Configuration.ClientConfigurationSystem.EnsureInit(String configKey)
at System.Configuration.ClientConfigurationSystem.PrepareClientConfigSystem(String sectionName)
at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(String sectionName)
at System.Configuration.ConfigurationManager.GetSection(String sectionName)
at System.Configuration.PrivilegedConfigurationManager.GetSection(String sectionName)
at System.Diagnostics.DiagnosticsConfiguration.GetConfigSection()
at System.Diagnostics.DiagnosticsConfiguration.Initialize()
at System.Diagnostics.DiagnosticsConfiguration.get_SwitchSettings()
at System.Diagnostics.Switch.InitializeConfigSettings()
at System.Diagnostics.Switch.InitializeWithStatus()
at System.Diagnostics.Switch.get_SwitchSetting()
at System.Diagnostics.BooleanSwitch.get_Enabled()
at System.Xml.Serialization.TempAssembly.LoadGeneratedAssembly(Type type, String defaultNamespace, XmlSerializerImplementation& contract)
at System.Xml.Serialization.XmlSerializer..ctor(Type type, String defaultNamespace)
at System.Xml.Serialization.XmlSerializer..ctor(Type type)
at System.ServiceModel.Install.Configuration.ConfigurationHandlersInstallComponent..ctor(ConfigurationLoader configLoader)
at System.ServiceModel.Install.Configuration.ConfigurationHandlersInstallComponent.CreateNativeConfigurationHandlersInstallComponent()
at Microsoft.Tools.ServiceModel.ServiceModelReg.BuildActionQueue()
at Microsoft.Tools.ServiceModel.ServiceModelReg.Run(String[] args)
at Microsoft.Tools.ServiceModel.ServiceModelReg.TryRun(String[] args)

Error: (01/12/2013 04:38:04 AM) (Source: MsiInstaller)(User: DESKTOP)
Description: Product: Microsoft .NET Framework 3.0 Service Pack 2 -- Error 1935. An error occurred during the installation of assembly 'System.Printing,fileVersion="3.0.6920.4021",culture="neutral",version="3.0.0.0",publicKeyToken="31bf3856ad364e35",processorArchitecture="X86"'. Please refer to Help and Support for more information. HRESULT: 0x80070020. assembly interface: IAssemblyCacheItem, function: Commit, component: {837887C8-942F-42C5-A913-2C03E1D3A2E0}(NULL)(NULL)(NULL)


=========================== Installed Programs ============================

µTorrent (Version: 3.2.3.28705)
7-Zip 9.20
Adobe Flash Player 11 Plugin (Version: 11.5.502.146)
Arena 3.0
avast! Free Antivirus (Version: 7.0.1474.0)
Baseball Mogul 2012 (Version: 14.23)
CCleaner (Version: 3.26)
COMODO Internet Security (Version: 6.0.64131.2674)
DAEMON Tools Lite (Version: 4.46.1.0328)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
ImgBurn (Version: 2.5.7.0)
Intel® Extreme Graphics 2 Driver (Version: 6.14.10.4396)
Intel® Network Connections Drivers
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.4734.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 18.0 (x86 en-US) (Version: 18.0)
Mozilla Maintenance Service (Version: 18.0)
PDF-Viewer (Version: 2.5.207.0)
Real Lives 2010 (Version: 10.0.0.13)
Revo Uninstaller 1.94 (Version: 1.94)
Sid Meier's SimGolf
SimCity 4 Deluxe
Skype™ 6.1 (Version: 6.1.129)
Ultra Defragmenter (Version: 5.1.2)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553092)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
VLC media player 2.0.5 (Version: 2.0.5)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0 (Version: 04.00.6001.503)
Wise Registry Cleaner 7.62

========================= Memory info: ===================================

Percentage of memory in use: 32%
Total physical RAM: 1533.98 MB
Available physical RAM: 1042.77 MB
Total Pagefile: 5481.97 MB
Available Pagefile: 5085.31 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.66 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:74.5 GB) (Free:56.15 GB) NTFS
5 Drive f: (Local Disk) (Fixed) (Total:931.51 GB) (Free:827.69 GB) NTFS
6 Drive g: () (Removable) (Total:1.89 GB) (Free:1.47 GB) FAT32

========================= Users: ========================================

User accounts for \\DESKTOP

Administrator ASPNET Guest
HelpAssistant SUPPORT_388945a0


**** End of log ****

Malwarebytes

As I stated in my post, I've run full system scans with Malwarebytes, Emsisoft Anti-Malware, and SUPERAntiSpyware (all run in Safe Mode after updating), all of which returned zero threats. If you like, I can run an additional scan in Malwarebytes, but I figured in the interest of time, it could be skipped.

ESET Online Scanner

ESET only returned one entry, which I believe is my MSOffice keygen.

C:\WINDOWS\AutoKMS.exe Win32/HackKMS application cleaned by deleting - quarantined

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:42 AM

Posted 19 January 2013 - 09:14 AM

OK, This,,Drive g: () (Removable) (Total:1.89 GB) (Free:1.47 GB) FAT32
.. is possibly a rootkit and we'll need a deeper look. Please follow this Preparation Guide and post in a new topic.

Let me know if all went well.


Include this link back to here...

http://www.bleepingcomputer.com/forums/topic481894.html/page__pid__2951874#entry2951874
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 TheKorean2908

TheKorean2908
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:42 AM

Posted 19 January 2013 - 09:51 AM

Thanks! I appreciate the time taken for assisting me! I'll repost as soon as possible.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:42 AM

Posted 19 January 2013 - 10:29 AM

MRL topic
http://www.bleepingcomputer.com/forums/topic482276.html/page__p__2952080#entry2952080

You're welcome!!
Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 2 days and ALL logs are answered.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users