Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Services.exe uses 30% CPU at all times

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Services.exe uses 30% CPU at all times

Unread postby sephiroth1987 » December 20th, 2011, 9:35 am

Antivirus Version Last Update Result
AhnLab-V3 2011.12.19.03 2011.12.19 -
AntiVir 7.11.19.166 2011.12.20 -
Antiy-AVL 2.0.3.7 2011.12.20 -
Avast 6.0.1289.0 2011.12.20 -
AVG 10.0.0.1190 2011.12.20 -
BitDefender 7.2 2011.12.20 -
ByteHero 1.0.0.1 2011.12.07 -
CAT-QuickHeal 12.00 2011.12.20 -
ClamAV 0.97.3.0 2011.12.20 -
Commtouch 5.3.2.6 2011.12.20 -
Comodo 11025 2011.12.20 UnclassifiedMalware
DrWeb 5.0.2.03300 2011.12.20 -
Emsisoft 5.1.0.11 2011.12.20 Packed.Win32.VMProtect.AAD!A2
eSafe 7.0.17.0 2011.12.18 -
eTrust-Vet 37.0.9634 2011.12.20 -
F-Prot 4.6.5.141 2011.12.19 -
Fortinet 4.3.388.0 2011.12.20 -
GData 22.312/22.592 2011.12.20 -
Ikarus T3.1.1.109.0 2011.12.20 -
Jiangmin 13.0.900 2011.12.19 -
K7AntiVirus 9.119.5720 2011.12.19 -
Kaspersky 9.0.0.837 2011.12.20 -
McAfee 5.400.0.1158 2011.12.20 -
McAfee-GW-Edition 2010.1E 2011.12.20 -
Microsoft 1.7903 2011.12.20 -
NOD32 6726 2011.12.20 a variant of Win32/Packed.VMProtect.AAD
Norman 6.07.13 2011.12.20 -
nProtect 2011-12-20.02 2011.12.20 -
Panda 10.0.3.5 2011.12.19 -
PCTools 8.0.0.5 2011.12.20 -
Prevx 3.0 2011.12.20 -
Rising 23.89.01.03 2011.12.20 -
Sophos 4.72.0 2011.12.20 -
SUPERAntiSpyware 4.40.0.1006 2011.12.20 -
Symantec 20111.2.0.82 2011.12.20 -
TheHacker 6.7.0.1.362 2011.12.19 -
TrendMicro 9.500.0.1008 2011.12.20 -
TrendMicro-HouseCall 9.500.0.1008 2011.12.20 -
VBA32 3.12.16.4 2011.12.20 -
VIPRE 11279 2011.12.20 -
ViRobot 2011.12.20.4835 2011.12.20 -
VirusBuster 14.1.125.0 2011.12.20 Trojan.Packed!3E00eXxuWgQ
Additional information
MD5 : 92ad87ad94119ec13b132b26e84aad90
SHA1 : 480fa2e02978e8173de15b98ec3c8fec9a4a424c
SHA256: c16861b2aff75edf89a76acf9b2d4cd672177bc66aa9ffa5c43c1f3b8a5e900a
ssdeep: 384:JQ7f695EUgbmqqPJ20KreHqjohM/a8+C8QG84MCFn8G:aKBOeHqjuM/ac8Qh4MCFn
File size : 38912 bytes
First seen: 2011-02-22 23:06:52
Last seen : 2011-12-20 13:24:40
TrID:
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1750
timedatestamp....: 0x21544C46 (Sun Sep 20 21:44:38 1987)
machinetype......: 0x14c (I386)

[[ 7 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x853, 0xA00, 5.03, d8d7308a9dc0d282b5113d781db0432f
.rdata, 0x2000, 0x54B2, 0x5600, 0.22, 9911f5ae200b01ef9f469b48045fc5ae
.data, 0x8000, 0x14, 0x200, 0.00, bf619eac0cdf3f68d496ea9344137e8b
.rsrc, 0x9000, 0xB0, 0x200, 4.10, 598f8743126c45665c28269df3692db9
.flt0, 0xA000, 0x8C, 0x200, 0.77, 10fa08910d54daad77aa62ce264629fa
.flt1, 0xB000, 0x2AE6, 0x2C00, 7.10, 9c7b11150ecabb59562dda9f42d2589c
.reloc, 0xE000, 0x34, 0x200, 0.67, 8911ce9990bb623d34803d429b95705b

[[ 1 import(s) ]]
KERNEL32.dll: GetProcessHeap, HeapFree, HeapAlloc
ExifTool:
file metadata
CodeSize: 52224
EntryPoint: 0x1750
FileSize: 38 kB
FileType: Win32 DLL
ImageVersion: 0.0
InitializedDataSize: 23552
LinkerVersion: 8.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
PEType: PE32
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 1987:09:20 23:44:38+02:00
UninitializedDataSize: 0
sephiroth1987
Regular Member
 
Posts: 17
Joined: December 14th, 2011, 7:47 pm
Advertisement
Register to Remove

Re: Services.exe uses 30% CPU at all times

Unread postby sephiroth1987 » December 20th, 2011, 9:38 am

File name:
limbo_lang.exe
Submission date:
2011-12-20 13:30:17 (UTC)
Current status:
finished
Result:
16/ 42 (38.1%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.12.19.03 2011.12.19 Trojan/Win32.HDC
AntiVir 7.11.19.166 2011.12.20 -
Antiy-AVL 2.0.3.7 2011.12.20 -
Avast 6.0.1289.0 2011.12.20 -
AVG 10.0.0.1190 2011.12.20 -
BitDefender 7.2 2011.12.20 -
ByteHero 1.0.0.1 2011.12.07 -
CAT-QuickHeal 12.00 2011.12.20 -
ClamAV 0.97.3.0 2011.12.20 -
Commtouch 5.3.2.6 2011.12.20 -
Comodo 11025 2011.12.20 -
DrWeb 5.0.2.03300 2011.12.20 -
Emsisoft 5.1.0.11 2011.12.20 Trojan-Dropper!IK
eSafe 7.0.17.0 2011.12.18 -
eTrust-Vet 37.0.9634 2011.12.20 -
F-Prot 4.6.5.141 2011.12.19 -
Fortinet 4.3.388.0 2011.12.20 -
GData 22 2011.12.20 -
Ikarus T3.1.1.109.0 2011.12.20 Trojan-Dropper
Jiangmin 13.0.900 2011.12.19 -
K7AntiVirus 9.119.5720 2011.12.19 Riskware
Kaspersky 9.0.0.837 2011.12.20 -
McAfee 5.400.0.1158 2011.12.20 Generic.grp!ee
McAfee-GW-Edition 2010.1E 2011.12.20 Generic.grp!ee
Microsoft 1.7903 2011.12.20 -
NOD32 6726 2011.12.20 a variant of Win32/Kryptik.EIF
Norman 6.07.13 2011.12.20 W32/Suspicious_Gen2.QRBSY
nProtect 2011-12-20.02 2011.12.20 -
Panda 10.0.3.5 2011.12.19 -
PCTools 8.0.0.5 2011.12.20 Trojan.Gen
Prevx 3.0 2011.12.20 -
Rising 23.89.01.03 2011.12.20 -
Sophos 4.72.0 2011.12.20 Troj/Agent-UJL
SUPERAntiSpyware 4.40.0.1006 2011.12.20 -
Symantec 20111.2.0.82 2011.12.20 Trojan.Gen.2
TheHacker 6.7.0.1.362 2011.12.19 Trojan/Kryptik.eif
TrendMicro 9.500.0.1008 2011.12.20 TROJ_GEN.R47C8KO
TrendMicro-HouseCall 9.500.0.1008 2011.12.20 TROJ_GEN.R47C8KO
VBA32 3.12.16.4 2011.12.20 -
VIPRE 11279 2011.12.20 Trojan.Win32.Generic!BT
ViRobot 2011.12.20.4835 2011.12.20 -
VirusBuster 14.1.125.0 2011.12.20 Trojan.Kryptik!OTn8rE+IaJg
Additional information
MD5 : f8e842b84204e37346c5a0df317f0b2e
SHA1 : 2873efe0a6ae373afc589d14f47881ad5c1b3b2d
SHA256: 700c17b8197f615703d31769827ba030cc7549a9b9ee5cb82d6f60cc4be0e48f
ssdeep: 384:wX6MjYx9Pr/Tm9uDcVLd/urq6D5YrKDAKD:NxVPmY67/
File size : 280576 bytes
First seen: 2011-08-02 19:18:10
Last seen : 2011-12-20 13:30:17
TrID:
Win32 Executable MS Visual C++ 4.x (85.8%)
Win32 Executable Generic (5.4%)
Win32 Dynamic Link Library (generic) (4.8%)
Win16/32 Executable Delphi generic (1.3%)
Generic Win/DOS Executable (1.2%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1000
timedatestamp....: 0x4E3841B0 (Tue Aug 02 18:28:00 2011)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x62, 0x200, 1.09, 707d1cd0df6c382ba0b9f74bd5cec99b
.rdata, 0x2000, 0xA0, 0x200, 1.48, d07fe7a9d0af584943344352bba7461f
.data, 0x3000, 0x80, 0x200, 0.57, 4f95fec5e834e00c3276d48ea76a89af
.rsrc, 0x4000, 0x43D70, 0x43E00, 0.92, 50e8c51d5c3d9be2d07c614b92e4735d

[[ 1 import(s) ]]
kernel32.dll: ExitProcess, GetProcAddress, LoadLibraryA, CreateProcessA
ExifTool:
file metadata
CodeSize: 512
EntryPoint: 0x1000
FileSize: 274 kB
FileType: Win32 EXE
ImageVersion: 4.0
InitializedDataSize: 279040
LinkerVersion: 5.12
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
PEType: PE32
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2011:08:02 20:28:00+02:00
UninitializedDataSize: 0
sephiroth1987
Regular Member
 
Posts: 17
Joined: December 14th, 2011, 7:47 pm

Re: Services.exe uses 30% CPU at all times

Unread postby sephiroth1987 » December 20th, 2011, 9:47 am

user(s) with a total of 1 reputation credit(s) say(s) this sample is malware.
File name:
CS4MCLG.EXE
Submission date:
2011-12-20 13:36:22 (UTC)
Current status:
finished
Result:
27/ 42 (64.3%)

VT Community

malware
Safety score: 0.0%
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.12.19.03 2011.12.19 Win-Trojan/Keygen.469268
AntiVir 7.11.19.166 2011.12.20 TR/Agent.469268.A
Antiy-AVL 2.0.3.7 2011.12.20 Trojan/Win32.Agent.gen
Avast 6.0.1289.0 2011.12.20 -
AVG 10.0.0.1190 2011.12.20 Suspicion: unknown virus
BitDefender 7.2 2011.12.20 -
ByteHero 1.0.0.1 2011.12.07 -
CAT-QuickHeal 12.00 2011.12.20 (Suspicious) - DNAScan
ClamAV 0.97.3.0 2011.12.20 PUA.Packed.UPack-2
Commtouch 5.3.2.6 2011.12.20 W32/Heuristic-210!Eldorado
Comodo 11025 2011.12.20 -
DrWeb 5.0.2.03300 2011.12.20 -
Emsisoft 5.1.0.11 2011.12.20 Riskware.Keygen.Adobe!IK
eSafe 7.0.17.0 2011.12.18 Win32.PackedUpack.A
eTrust-Vet 37.0.9634 2011.12.20 -
F-Prot 4.6.5.141 2011.12.19 W32/Heuristic-210!Eldorado
Fortinet 4.3.388.0 2011.12.20 HackerTool/AdobeKeygen
GData 22 2011.12.20 -
Ikarus T3.1.1.109.0 2011.12.20 not-a-virus.Keygen.Adobe
Jiangmin 13.0.900 2011.12.19 -
K7AntiVirus 9.119.5720 2011.12.19 -
Kaspersky 9.0.0.837 2011.12.20 -
McAfee 5.400.0.1158 2011.12.20 Generic.dx
McAfee-GW-Edition 2010.1E 2011.12.20 Heuristic.LooksLike.Win32.Suspicious.J
Microsoft 1.7903 2011.12.20 -
NOD32 6726 2011.12.20 probably a variant of Win32/Spy.Agent.FFETUNH
Norman 6.07.13 2011.12.20 W32/Packed_Upack.A
nProtect 2011-12-20.02 2011.12.20 Trojan/W32.Agent.469268
Panda 10.0.3.5 2011.12.19 Trj/Pupack.A
PCTools 8.0.0.5 2011.12.20 Trojan-Spy.Gampass!sd6
Prevx 3.0 2011.12.20 -
Rising 23.89.01.03 2011.12.20 Trojan.Win32.Generic.12321029
Sophos 4.72.0 2011.12.20 Mal/Generic-L
SUPERAntiSpyware 4.40.0.1006 2011.12.20 -
Symantec 20111.2.0.82 2011.12.20 Infostealer.Gampass
TheHacker 6.7.0.1.362 2011.12.19 Adware/KeyGen
TrendMicro 9.500.0.1008 2011.12.20 CRCK_ADCS
TrendMicro-HouseCall 9.500.0.1008 2011.12.20 CRCK_ADCS
VBA32 3.12.16.4 2011.12.20 -
VIPRE 11279 2011.12.20 Trojan.Win32.Packer.Upack0.3.9 (ep)
ViRobot 2011.12.20.4835 2011.12.20 -
VirusBuster 14.1.125.0 2011.12.20 Trojan.Unpacked!JFhzMm0boCw
Additional information
MD5 : 366480d909b7c917f73b27336ce86432
SHA1 : 62745d920806b90645588f3069ad2577d481d6a7
SHA256: 854d292a6495f3bfec172fdf0fbeb80e861e0da6d5a9145ced48dac8ddee650f
ssdeep: 3072:8dl3foxQmDLx2m4wGBARlZgvo7S2H+1enHqbAI5jfx4ex6XKEnNAIi3UHGRBNHy:+3Qu82
M4o7NHrnKXj506ECCmRBNS
File size : 469268 bytes
First seen: 2008-10-19 03:13:35
Last seen : 2011-12-20 13:36:22
TrID:
DOS Executable Generic (100.0%)
sigcheck:
publisher....: Adobe Systems, Inc.
copyright....: (C) MASTER OF DEVILS_, 2008
product......: ADOBE CS4 LG
description..: Adobe CS4 MCLG
original name: CS4MCLG.EXE
internal name: Licence Generator
file version.: 1, 1, 2008, 1019
comments.....: Not for commercial use. Test purpose application.
signers......: -
signing date.: -
verified.....: Unsigned
packers (F-Prot): UPack
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1018
timedatestamp....: 0x4011B0BE (Fri Jan 23 23:39:42 2004)
machinetype......: 0x14c (I386)

[[ 3 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
PS, 0x1000, 0x9D000, 0x1F0, 5.38, fa8edacaa6bc3ed6e2e3a968188fa417
@Q, 0x9E000, 0x8C000, 0x72714, 4.93, f5292129a91c7f9b384e4abac270af4a
I@, 0x12A000, 0x1000, 0x1F0, 5.38, fa8edacaa6bc3ed6e2e3a968188fa417
ExifTool:
file metadata
CodeSize: 1766614113
EntryPoint: 0x1018
FileSize: 458 kB
FileType: Win32 EXE
ImageVersion: 0.57
InitializedDataSize: 1918988898
LinkerVersion: 76.111
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
PEType: PE32
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2004:01:24 00:39:42+01:00
UninitializedDataSize: 16761
sephiroth1987
Regular Member
 
Posts: 17
Joined: December 14th, 2011, 7:47 pm

Re: Services.exe uses 30% CPU at all times

Unread postby deltalima » December 20th, 2011, 12:00 pm

Hi sephiroth1987,

Where did you get Adobe Illustrator CS4 from?

Please tell me what you know about the program LIMBO.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Services.exe uses 30% CPU at all times

Unread postby sephiroth1987 » December 20th, 2011, 12:28 pm

Good Morning,

Both files you mentioned were copied from someone else. Limbo is a game and the file I scanned was the executable. Deleting both of these problems will not be a problem.

Is the java file that came up as a trojan ok? I was just curious becouse we didn't scan it. Thanks!
sephiroth1987
Regular Member
 
Posts: 17
Joined: December 14th, 2011, 7:47 pm

Re: Services.exe uses 30% CPU at all times

Unread postby deltalima » December 20th, 2011, 1:07 pm

Hi sephiroth1987,

Is the java file that came up as a trojan ok? I was just curious becouse we didn't scan it.


No, we will remove that file once we have researched the other files identified by the scan.

Both files you mentioned were copied from someone else


Please see our policy here, if you wish to continue to be helped you must remove ALL software that you do not have a valid license for.

Please let me know if you wish to continue.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Services.exe uses 30% CPU at all times

Unread postby sephiroth1987 » December 20th, 2011, 2:42 pm

The software has been removed.
sephiroth1987
Regular Member
 
Posts: 17
Joined: December 14th, 2011, 7:47 pm

Re: Services.exe uses 30% CPU at all times

Unread postby deltalima » December 20th, 2011, 3:02 pm

Hi sephiroth1987,

Update Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 30.
  • Download the latest version of Java Runtime Environment (JRE) 6 Here
  • Scroll down to where it says "JDK 6 Update 30 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • Select the Windows platform from the dropdown menu
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh
  • Click on the link to download Windows Offline Installation & save the file to your desktop
  • Close any programs you may have running - especially your web browser
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions
  • Reboot your computer once all Java components are removed
  • Then from your desktop double-click on jre-6u30-windows-i586-p.exe to install the newest version


Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    :otl
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
    :files
    C:\Program Files (x86)\LIMBO\limbo_lang.exe
    C:\Users\Mike\Desktop\Adobe.Illustrator.CS4.-.EcaSmB
    :commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [EMPTYJAVA]
    [RESETHOSTS]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Please let me know how the computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Services.exe uses 30% CPU at all times

Unread postby sephiroth1987 » December 20th, 2011, 10:20 pm

Unfortunately services exe is still using 30% cpu. Here's the report.

All processes killed
========== PROCESSES ==========
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry key HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_USERS\S-1-5-21-2921622865-4259557802-1319513234-1000\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\S-1-5-21-2921622865-4259557802-1319513234-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\S-1-5-21-2921622865-4259557802-1319513234-1000\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== FILES ==========
File\Folder C:\Program Files (x86)\LIMBO\limbo_lang.exe not found.
File\Folder C:\Users\Mike\Desktop\Adobe.Illustrator.CS4.-.EcaSmB not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mike
->Temp folder emptied: 358469 bytes
->Temporary Internet Files folder emptied: 51385568 bytes
->Java cache emptied: 4549577 bytes
->FireFox cache emptied: 41852176 bytes
->Google Chrome cache emptied: 115591961 bytes
->Flash cache emptied: 155175 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 376 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 10023157 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 666 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 214.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Mike
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Mike
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 12202011_210128

Files\Folders moved on Reboot...
File\Folder C:\Users\Mike\AppData\Local\Temp\hsperfdata_Mike\1192 not found!
File move failed. C:\Users\Mike\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TY6ZTWZV\vh[1].htm moved successfully.
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N7U5DVT4\sh70[1].html moved successfully.
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXSCZ2J6\beacon[2].htm not found!
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXSCZ2J6\ddc[1].htm not found!
C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K5QMKXR5\login_status[1].htm moved successfully.
File\Folder C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\16THPJNY\if[3].htm not found!

Registry entries deleted on Reboot...
sephiroth1987
Regular Member
 
Posts: 17
Joined: December 14th, 2011, 7:47 pm

Re: Services.exe uses 30% CPU at all times

Unread postby deltalima » December 21st, 2011, 4:48 am

Hi sephiroth1987,

Download SystemLook and save it to your Desktop.

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :process 
    services.exe
    :filefind
    services.exe
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Services.exe uses 30% CPU at all times

Unread postby sephiroth1987 » December 21st, 2011, 8:45 am

SystemLook 30.07.11 by jpshortstuff
Log created at 07:27 on 21/12/2011 by Mike
Administrator - Elevation successful

========== process ==========

services.exe - 1 handle(s) returned.
File path: C:\Windows\system32\services.exe
MD5: 24ACB7E5BE595468E3B9AA488B9B4FCB
Modules:
C:\Windows\system32\services.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\system32\kernel32.dll
C:\Windows\system32\KERNELBASE.dll
C:\Windows\system32\msvcrt.dll
C:\Windows\system32\RPCRT4.dll
C:\Windows\system32\SspiCli.dll
C:\Windows\system32\profapi.dll
C:\Windows\SYSTEM32\sechost.dll
C:\Windows\system32\CRYPTBASE.dll
C:\Windows\system32\scext.dll
C:\Windows\system32\USER32.dll
C:\Windows\system32\GDI32.dll
C:\Windows\system32\LPK.dll
C:\Windows\system32\USP10.dll
C:\Windows\system32\Secur32.dll
C:\Windows\system32\SCESRV.dll
C:\Windows\system32\srvcli.dll
C:\Windows\system32\IMM32.DLL
C:\Windows\system32\MSCTF.dll
C:\Windows\system32\RpcRtRemote.dll
C:\Windows\system32\credssp.dll
C:\Windows\system32\AUTHZ.dll
C:\Windows\system32\UBPM.dll
C:\Windows\system32\ADVAPI32.dll
C:\Windows\system32\SHELL32.dll
C:\Windows\system32\SHLWAPI.dll
C:\Windows\system32\USERENV.dll
C:\Windows\system32\WINTRUST.dll
C:\Windows\system32\CRYPT32.dll
C:\Windows\system32\MSASN1.dll
C:\Windows\system32\apphelp.dll
C:\Windows\system32\WTSAPI32.dll
C:\Windows\system32\WINSTA.dll
C:\Windows\system32\WS2_32.dll
C:\Windows\system32\NSI.dll
C:\Windows\system32\mswsock.dll
C:\Windows\System32\wshtcpip.dll
C:\Windows\System32\wship6.dll
C:\Windows\system32\ole32.dll
C:\Windows\system32\CRYPTSP.dll
C:\Windows\system32\rsaenh.dll

========== filefind ==========

Searching for "services.exe"
C:\Windows\ERDNT\cache64\services.exe --a---- 328704 bytes [23:09 18/12/2011] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

-= EOF =-
sephiroth1987
Regular Member
 
Posts: 17
Joined: December 14th, 2011, 7:47 pm

Re: Services.exe uses 30% CPU at all times

Unread postby deltalima » December 21st, 2011, 12:29 pm

Hi sephiroth1987,

There are 2 unnecessary services running that may be causing the symptoms that you are experiencing.

We will temporarily disable the services to check if they are the cause.

Disable services
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad. Save it as "All Files" and name it FixServices.bat Please save it on your desktop.

@echo off
sc stop clr_optimization_v4.0.30319_32
sc config clr_optimization_v4.0.30319_32 start= disabled
sc stop clr_optimization_v4.0.30319_64
sc config clr_optimization_v4.0.30319_64 start= disabled
exit


Right click FixServices.bat and select: Run as Administrator. A window will open and close. This is normal.

Now reboot the computer.

Next, run Combofix again using the previous instructions and post the log (C:\ComboFix.txt) in your next reply.

Please let me know how the computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Services.exe uses 30% CPU at all times

Unread postby sephiroth1987 » December 22nd, 2011, 2:03 pm

Still seems to be no change with the services process. It looks like I may have to reformat.

ComboFix 11-12-21.02 - Mike 12/22/2011 10:26:58.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6058.4093 [GMT -5:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\install.exe
c:\programdata\~Qat7dp6n4HlJq5
c:\programdata\~Qat7dp6n4HlJq5r
c:\programdata\Qat7dp6n4HlJq5
c:\windows\system32\java.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-22 to 2011-12-22 )))))))))))))))))))))))))))))))
.
.
2011-12-22 15:59 . 2011-12-22 15:59 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-12-22 15:59 . 2011-12-22 15:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-21 02:05 . 2011-12-21 02:05 -------- d-----w- c:\users\Default\AppData\Local\SlimWare Utilities Inc
2011-12-21 02:01 . 2011-12-21 02:01 -------- d-----w- C:\_OTL
2011-12-21 00:38 . 2011-12-21 00:37 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2011-12-17 21:42 . 2011-12-17 21:42 -------- d-----w- C:\MGADiagToolOutput
2011-12-17 21:41 . 2011-12-17 21:41 -------- d-----w- c:\programdata\Office Genuine Advantage
2011-12-15 13:24 . 2011-12-16 13:09 -------- d-----w- c:\users\Mike\AppData\Local\BIT.TRIP RUNNER
2011-12-15 13:18 . 2011-12-15 13:18 -------- d-----w- c:\users\Mike\AppData\Roaming\Nicalis
2011-12-14 23:21 . 2011-12-14 23:21 388096 ----a-r- c:\users\Mike\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-14 23:21 . 2011-12-14 23:21 -------- d-----w- c:\program files (x86)\Trend Micro
2011-12-14 12:51 . 2011-12-14 12:51 -------- d-----w- c:\windows\system32\SPReview
2011-12-14 12:50 . 2011-12-14 12:50 -------- d-----w- c:\windows\system32\EventProviders
2011-12-14 12:45 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-13 13:14 . 2011-12-13 13:14 -------- d-----w- c:\users\Mike\AppData\Roaming\Malwarebytes
2011-12-13 13:13 . 2011-12-13 13:13 -------- d-----w- c:\programdata\Malwarebytes
2011-12-13 13:13 . 2011-12-13 13:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-13 01:57 . 2011-12-13 01:57 -------- d-----w- c:\users\Mike\AppData\Roaming\SUPERAntiSpyware.com
2011-12-13 01:55 . 2011-12-15 22:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-13 01:54 . 2011-12-13 01:54 -------- d-----w- c:\programdata\SUPERSetup
2011-12-11 22:19 . 2011-12-13 01:42 -------- d-----w- c:\program files (x86)\To the Moon
2011-12-11 22:02 . 2011-12-11 22:02 -------- d-----w- c:\program files (x86)\Robot Entertainment
2011-12-11 21:27 . 2011-12-11 21:27 -------- d-----w- c:\users\Mike\AppData\Roaming\Trine2
2011-12-11 21:25 . 2011-12-13 01:42 -------- d-----w- c:\program files (x86)\Trine 2.v 1.07
2011-12-05 13:21 . 2011-12-13 01:45 -------- d-----w- c:\programdata\FLEXnet
2011-12-05 13:19 . 2011-12-05 13:19 -------- d-----w- c:\programdata\ALM
2011-12-05 13:18 . 2011-12-05 13:18 -------- d-----w- c:\windows\SysWow64\spool
2011-12-05 13:18 . 2011-12-13 01:44 -------- d-----w- c:\program files (x86)\Adobe Media Player
2011-12-05 13:17 . 2011-12-13 01:30 -------- d-----w- c:\program files\Common Files\Adobe
2011-12-05 13:17 . 2011-12-13 01:25 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-12-05 13:14 . 2011-12-13 01:26 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2011-12-05 02:02 . 2011-12-13 01:45 -------- d-----w- c:\program files (x86)\Super Mario Blue Twilight DX
2011-11-26 22:16 . 2011-11-26 22:19 -------- d-----w- c:\users\Mike\AppData\Roaming\Polynomial
2011-11-24 17:47 . 2011-12-13 01:45 -------- d-----w- c:\program files (x86)\The_Wonderful_End_of_the_World
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-21 23:13 . 2011-11-20 16:44 15672 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2011-12-21 00:37 . 2011-04-19 10:54 660368 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-15 13:24 . 2011-04-28 00:10 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2011-12-15 13:24 . 2011-04-28 00:10 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-12-15 13:24 . 2011-04-28 00:10 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-12-15 13:24 . 2011-04-28 00:10 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-12-14 13:28 . 2009-07-14 02:36 175104 ----a-w- c:\windows\system32\msclmd.dll
2011-12-14 13:28 . 2009-07-14 02:36 152064 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-10-07 10:23 . 2011-10-07 10:23 283728 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2011-09-29 16:24 . 2011-11-20 17:12 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-05-27 01:05 . 2011-05-27 01:05 722680 ----a-w- c:\program files (x86)\unins000.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2011-12-22_00.36.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-12-22 00:05 . 2011-12-22 00:05 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-12-22 16:01 . 2011-12-22 16:01 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2011-12-22 00:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-12-22 16:02 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-12-22 00:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-22 16:02 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-22 16:02 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-22 00:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-19 10:57 . 2011-12-22 15:16 41368 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-22 15:16 28052 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-26 22:47 . 2011-12-22 16:10 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-26 22:47 . 2011-12-22 00:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-26 22:47 . 2011-12-22 16:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-04-26 22:47 . 2011-12-22 00:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-22 16:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-22 00:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-26 23:20 . 2011-12-22 16:02 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-26 23:20 . 2011-12-22 00:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-26 23:20 . 2011-12-22 16:02 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-04-26 23:20 . 2011-12-22 00:06 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-04-26 23:20 . 2011-12-22 00:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-26 23:20 . 2011-12-22 16:02 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-26 23:20 . 2011-12-22 17:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-26 23:20 . 2011-12-22 00:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-26 23:20 . 2011-12-22 17:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-04-26 23:20 . 2011-12-22 00:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-26 23:21 . 2011-12-22 15:16 9370 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2921622865-4259557802-1319513234-1002_UserData.bin
- 2011-12-22 00:06 . 2011-12-22 00:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-22 16:02 . 2011-12-22 16:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-22 16:02 . 2011-12-22 16:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-22 00:06 . 2011-12-22 00:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2011-12-22 00:14 669530 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-22 16:09 669530 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-22 16:09 125426 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-12-22 00:14 125426 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-12-22 00:05 306220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-12-22 16:01 306220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-22 16:08 . 2011-12-22 16:08 7603712 c:\windows\Installer\671cb.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" [2011-12-15 5486464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-08-15 130976]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\DRIVERS\nvstusb.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PROCEXP150;PROCEXP150;c:\windows\system32\Drivers\PROCEXP150.SYS [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 US122;US122 Driver;c:\windows\system32\Drivers\US122x64.sys [x]
R3 US122DL;US122 Firmware Downloader;c:\windows\system32\Drivers\US122DLx64.sys [x]
R3 US122WdmService;US122 Wdm Audio;c:\windows\system32\Drivers\US122Wdmx64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\Mike\AppData\Local\Temp\0055D47.tmp [x]
R4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-12-13 140672]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-07-01 151552]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-12-03 5253632]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-02-19 2009704]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-02-18 378472]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2921622865-4259557802-1319513234-1002Core.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-26 23:22]
.
2011-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2921622865-4259557802-1319513234-1002UA.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-26 23:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-12-08 6560360]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-11-30 2186856]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-02-18 312936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-12 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-12 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-12 418840]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon64.exe" [2008-07-29 511488]
"TBIA"="c:\windows\system32\M-AudioTaskBarIcon64.exe" [2008-07-29 511488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.dell.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7nk8xhfm.default\
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Mike\AppData\Local\Temp\0055D47.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2921622865-4259557802-1319513234-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*óÿÿÿåpæ;]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2921622865-4259557802-1319513234-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*óÿÿÿåpæ;\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2921622865-4259557802-1319513234-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*óÿÿÿåpæ;]
@Allowed: (Read) (RestrictedCode)
"0"=hex:43,3a,5c,55,73,65,72,73,5c,4d,69,6b,65,5c,44,65,73,6b,74,6f,70,5c,41,
6d,65,72,69,63,61,6e,2e,48,6f,72,72,6f,72,2e,53,74,6f,72,79,2e,53,30,31,45,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2011-12-22 12:28:28 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-22 17:28
ComboFix2.txt 2011-12-18 23:23
.
Pre-Run: 76,143,857,664 bytes free
Post-Run: 73,982,877,696 bytes free
.
- - End Of File - - 2B11B7EA4520BFA82AF84FF061A3FE07
sephiroth1987
Regular Member
 
Posts: 17
Joined: December 14th, 2011, 7:47 pm

Re: Services.exe uses 30% CPU at all times

Unread postby deltalima » December 22nd, 2011, 3:22 pm

Hi sephiroth1987,

It looks like I may have to reformat.


In this case I agree, we have done a thorough check and there are no significant signs of malware infection.
There is only so much diagnosis that can be done remotely so a reformat would be the quickest way to get the computer working as it should.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Services.exe uses 30% CPU at all times

Unread postby sephiroth1987 » December 22nd, 2011, 4:23 pm

Oh well, I guess that's what I will do. I really appreciate all of the time you put into this. Have a great holiday!
sephiroth1987
Regular Member
 
Posts: 17
Joined: December 14th, 2011, 7:47 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: mAL_rEm018 and 26 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware