Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Services.exe uses 30% CPU at all times

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Services.exe uses 30% CPU at all times

Unread postby sephiroth1987 » December 14th, 2011, 7:55 pm

In taskmanager, services.exe is using 30% cpu and 342,604K of memory. My computer is very hot and the fan is running nonstop. I recently deleted some spyware. Thanks!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:39:41 PM, on 12/14/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16912)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Mike\Desktop\procexp.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mike\AppData\Local\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Google Update] "C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2921622865-4259557802-1319513234-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2921622865-4259557802-1319513234-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: IHA_MessageCenter - Unknown owner - C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10774 bytes
sephiroth1987
Regular Member
 
Posts: 17
Joined: December 14th, 2011, 7:47 pm
Advertisement
Register to Remove

Re: Services.exe uses 30% CPU at all times

Unread postby deltalima » December 16th, 2011, 12:28 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Services.exe uses 30% CPU at all times

Unread postby deltalima » December 16th, 2011, 12:34 pm

Hi sephiroth1987,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe and select: Run as Administrator.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Services.exe uses 30% CPU at all times

Unread postby sephiroth1987 » December 17th, 2011, 12:29 pm

OTL logfile created on: 12/17/2011 11:16:14 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mike\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.92 Gb Total Physical Memory | 3.56 Gb Available Physical Memory | 60.17% Memory free
11.83 Gb Paging File | 9.23 Gb Available in Paging File | 77.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 93.79 Gb Free Space | 20.80% Space Free | Partition Type: NTFS
Drive D: | 5.75 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MIKE-PC | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Mike\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe (SlimWare Utilities, Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (NIHardwareService) -- C:\Program Files\Common Files\NATIVE INSTRUMENTS\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (IHA_MessageCenter) -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys ()
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys ()
DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics)
DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (US122WdmService) -- C:\Windows\SysNative\drivers\US122Wdmx64.sys (Frontier Design Group, LLC)
DRV:64bit: - (US122DL) -- C:\Windows\SysNative\drivers\US122DLx64.sys (Frontier Design Group)
DRV:64bit: - (US122) -- C:\Windows\SysNative\drivers\US122x64.sys (Frontier Design Group, LLC)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (pfc) -- C:\Windows\SysWOW64\drivers\pfc.sys (Padus, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2921622865-4259557802-1319513234-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2921622865-4259557802-1319513234-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-21-2921622865-4259557802-1319513234-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKU\S-1-5-21-2921622865-4259557802-1319513234-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2921622865-4259557802-1319513234-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mike\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mike\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/12/13 20:44:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/12 20:44:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/12 20:44:56 | 000,000,000 | ---D | M]

[2011/04/28 07:26:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions
[2011/12/12 20:33:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7nk8xhfm.default\extensions
[2011/12/12 20:45:41 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7nk8xhfm.default\extensions\video.downloader.plugin@ffpimp.com
[2011/07/19 09:28:00 | 000,002,365 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7nk8xhfm.default\searchplugins\s-amazon.xml
[2011/11/15 02:02:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/13 20:44:54 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
[2011/11/15 02:02:19 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/25 17:53:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/15 02:02:19 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mike\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Mike\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mike\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\plugins/avgnpss.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Mike\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\

O1 HOSTS File: ([2011/12/16 07:30:48 | 000,000,698 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon64.exe (Avid Technology, Inc.)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TBIA] C:\Windows\SysNative\M-AudioTaskBarIcon64.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2921622865-4259557802-1319513234-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2921622865-4259557802-1319513234-1002..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2921622865-4259557802-1319513234-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2921622865-4259557802-1319513234-1000..\RunOnce: [spchecker] "C:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2921622865-4259557802-1319513234-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2921622865-4259557802-1319513234-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2921622865-4259557802-1319513234-1002\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2921622865-4259557802-1319513234-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA8D6C6C-F8F2-4B3B-A4FF-B70D02002369}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) -C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/14 04:29:38 | 000,000,122 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe -- [2009/07/14 04:29:38 | 000,106,760 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/15 08:30:33 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2011/12/15 08:30:33 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2011/12/15 08:30:33 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2011/12/15 08:30:33 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2011/12/15 08:30:30 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2011/12/15 08:30:30 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2011/12/15 08:30:28 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2011/12/15 08:30:28 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2011/12/15 08:30:26 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2011/12/15 08:30:26 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2011/12/15 08:30:25 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2011/12/15 08:30:25 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2011/12/15 08:30:24 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2011/12/15 08:30:24 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2011/12/15 08:30:22 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2011/12/15 08:30:22 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2011/12/15 08:24:55 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\BIT.TRIP RUNNER
[2011/12/15 08:18:53 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Nicalis
[2011/12/14 18:21:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/12/14 18:21:48 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/12/14 07:51:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/12/14 07:50:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011/12/14 07:45:07 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/14 07:44:48 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/12/14 07:44:48 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/14 07:44:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/14 07:44:47 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/12/14 07:44:47 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/12/14 07:44:47 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/14 07:44:47 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/14 07:44:47 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/12/14 07:44:47 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/12/14 07:44:46 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/12/14 07:44:46 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/12/14 07:44:46 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/14 07:44:46 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/14 07:44:46 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/12/14 07:44:46 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/12/14 07:44:27 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/14 07:44:27 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/13 08:14:07 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Malwarebytes
[2011/12/13 08:13:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/13 08:13:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/13 08:13:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/13 07:39:28 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/12/12 20:57:56 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\SUPERAntiSpyware.com
[2011/12/12 20:55:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/12/12 20:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/12/12 20:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2011/12/12 18:04:29 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
[2011/12/11 17:19:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\To the Moon
[2011/12/11 17:18:30 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\Cthulhu
[2011/12/11 17:05:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Robot Entertainment
[2011/12/11 17:02:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Robot Entertainment
[2011/12/11 16:27:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarGame
[2011/12/11 16:27:41 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Trine2
[2011/12/11 16:25:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trine 2.v 1.07
[2011/12/05 08:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2011/12/05 08:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2011/12/05 08:18:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2011/12/05 08:18:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2011/12/05 08:18:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2011/12/05 08:17:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/12/05 08:17:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011/12/05 08:14:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2011/12/05 08:04:40 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\Adobe.Illustrator.CS4.-.EcaSmB
[2011/12/04 21:02:55 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Super Mario Blue Twilight DX
[2011/12/04 21:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Mario Blue Twilight DX
[2011/12/04 21:02:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Super Mario Blue Twilight DX
[2011/11/26 17:16:11 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Polynomial
[2011/11/24 12:47:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The_Wonderful_End_of_the_World
[2011/11/20 12:42:16 | 000,169,200 | ---- | C] (http://x360ce.googlecode.com) -- C:\Users\Mike\Desktop\xinput1_3.dll
[2011/11/20 12:41:56 | 001,274,808 | ---- | C] (TocaEdit) -- C:\Users\Mike\Desktop\x360ce.exe
[2011/11/20 12:13:24 | 002,228,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2011/11/20 12:13:23 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2011/11/20 12:13:23 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2011/11/20 12:13:23 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2011/11/20 12:13:23 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2011/11/20 12:13:23 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2011/11/20 12:13:23 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2011/11/20 12:13:23 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2011/11/20 12:13:22 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2011/11/20 12:13:22 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2011/11/20 12:13:22 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2011/11/20 12:13:22 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2011/11/20 12:13:22 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2011/11/20 12:13:09 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/11/20 12:13:09 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/11/20 12:13:00 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/11/20 12:13:00 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/11/20 12:12:59 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/11/20 12:12:59 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/11/20 12:12:59 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/11/20 12:12:59 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/11/20 12:12:59 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/11/20 12:12:59 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/11/20 12:12:59 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/11/20 12:12:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/11/20 12:12:59 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/11/20 12:12:59 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/11/20 12:12:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/11/20 12:12:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/11/20 12:12:58 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/11/20 12:12:58 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/11/20 12:12:58 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/11/20 12:12:58 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/11/20 12:12:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/11/20 12:12:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/11/20 12:12:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/11/20 12:12:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/11/20 12:12:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/11/20 12:12:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/11/20 12:12:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/11/20 12:12:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/11/20 12:12:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/11/20 12:12:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/11/20 12:12:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/11/20 12:12:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/11/20 12:12:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/11/20 12:12:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/11/20 12:12:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/11/20 12:12:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/11/20 12:12:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/11/20 12:12:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/11/20 12:12:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/11/20 12:12:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/11/20 12:12:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/11/20 12:12:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/11/20 12:12:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/11/20 12:12:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/11/20 12:12:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/11/20 12:12:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/11/20 12:12:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/11/20 12:12:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/11/20 12:12:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/11/20 12:12:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/11/20 12:12:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/11/20 12:12:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/11/20 12:12:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/11/20 12:12:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/11/20 12:12:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/11/20 12:12:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/11/20 12:12:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/11/20 12:12:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/11/20 12:12:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/11/20 12:12:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/11/20 12:12:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/11/20 12:12:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/11/20 12:12:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/11/20 12:12:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/11/20 12:12:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/11/20 12:12:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/11/20 12:12:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/11/20 12:12:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/11/20 12:12:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/11/20 12:12:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/11/20 12:12:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/11/20 12:12:54 | 005,474,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/11/20 12:12:54 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/11/20 12:12:53 | 003,911,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/11/20 12:12:48 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/11/20 12:12:48 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/11/20 12:12:48 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2011/11/20 12:12:48 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2011/11/20 12:12:48 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/11/20 12:12:48 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2011/11/20 12:12:48 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/11/20 12:12:48 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2011/11/20 12:12:48 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2011/11/20 12:12:48 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2011/11/20 12:12:45 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/11/20 12:12:45 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/11/20 12:12:42 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011/11/20 12:12:42 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011/11/20 12:12:42 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011/11/20 12:12:42 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011/11/20 12:12:41 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011/11/20 12:12:41 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011/11/20 12:12:41 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011/11/20 12:12:41 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011/11/20 12:12:41 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011/11/20 12:12:41 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011/11/20 12:12:41 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011/11/20 12:12:38 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/11/20 12:12:37 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011/11/20 12:12:37 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011/11/20 12:12:34 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/11/20 12:12:33 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011/11/20 12:12:30 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/11/20 12:12:30 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/11/20 12:12:29 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2011/11/20 12:12:26 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/11/20 12:12:26 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/11/20 12:12:22 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/11/20 12:12:19 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2011/11/20 12:12:19 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2011/11/20 12:06:58 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/11/20 12:06:58 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/11/20 11:44:20 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\SlimWare Utilities Inc
[2011/11/20 11:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
[2011/11/20 11:44:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverUpdate
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/17 11:19:37 | 000,014,240 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/17 11:19:37 | 000,014,240 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/17 11:18:58 | 000,793,112 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/17 11:18:58 | 000,669,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/17 11:18:58 | 000,125,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/17 11:15:39 | 084,399,615 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/12/17 11:12:39 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\DriverUpdate Startup.job
[2011/12/17 11:12:29 | 000,015,672 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2011/12/17 11:11:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/17 11:11:44 | 469,372,927 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/16 07:54:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2921622865-4259557802-1319513234-1002UA.job
[2011/12/15 08:24:32 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011/12/15 08:24:31 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011/12/15 08:24:31 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2011/12/15 08:24:31 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2011/12/14 18:21:48 | 000,002,931 | ---- | M] () -- C:\Users\Mike\Desktop\HiJackThis.lnk
[2011/12/14 18:12:42 | 403,827,352 | ---- | M] () -- C:\Users\Mike\Desktop\services.dmp
[2011/12/14 08:36:52 | 002,880,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/14 08:28:49 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2011/12/14 08:28:49 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2011/12/13 20:32:44 | 000,026,373 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/12/13 20:32:44 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/12/13 17:51:45 | 000,388,785 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/12/13 08:13:59 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/13 08:10:14 | 000,007,605 | ---- | M] () -- C:\Users\Mike\AppData\Local\Resmon.ResmonCfg
[2011/12/13 04:54:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2921622865-4259557802-1319513234-1002Core.job
[2011/12/13 00:28:33 | 2111,660,032 | ---- | M] () -- C:\Users\Mike\Desktop\Star.Wars.Original.Trilogy.1977.A.New.Hope.BDRip.XVID.AC3.HQ.Hive-CM8.avi
[2011/12/12 18:08:04 | 000,000,448 | ---- | M] () -- C:\ProgramData\Qat7dp6n4HlJq5
[2011/12/12 18:04:30 | 000,000,304 | ---- | M] () -- C:\ProgramData\~Qat7dp6n4HlJq5
[2011/12/12 18:04:30 | 000,000,224 | ---- | M] () -- C:\ProgramData\~Qat7dp6n4HlJq5r
[2011/12/10 12:57:15 | 004,221,066 | ---- | M] () -- C:\Users\Mike\Desktop\test.png
[2011/11/24 12:48:13 | 000,001,143 | ---- | M] () -- C:\Users\Mike\Desktop\The Wonderful End of the World.lnk
[2011/11/20 20:32:30 | 000,485,240 | ---- | M] () -- C:\Users\Mike\Desktop\snare.wav
[2011/11/20 20:22:28 | 000,007,828 | ---- | M] () -- C:\Users\Mike\Desktop\crash.pk
[2011/11/20 20:22:26 | 000,661,640 | ---- | M] () -- C:\Users\Mike\Desktop\crash.wav
[2011/11/20 20:19:13 | 000,010,936 | ---- | M] () -- C:\Users\Mike\Desktop\fill.pk
[2011/11/20 20:19:10 | 000,926,240 | ---- | M] () -- C:\Users\Mike\Desktop\fill.wav
[2011/11/20 19:47:39 | 000,325,424 | ---- | M] () -- C:\Users\Mike\Desktop\130.wav
[2011/11/20 12:49:09 | 000,002,868 | ---- | M] () -- C:\Users\Mike\Desktop\x360ce.ini
[2011/11/20 12:42:16 | 000,169,200 | ---- | M] (http://x360ce.googlecode.com) -- C:\Users\Mike\Desktop\xinput1_3.dll
[2011/11/20 12:38:19 | 000,786,960 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/20 00:10:20 | 729,741,312 | ---- | M] () -- C:\Users\Mike\Desktop\Play Piano in a Flash! - AC3 [XviD].avi
[2011/11/20 00:10:20 | 729,407,488 | ---- | M] () -- C:\Users\Mike\Desktop\Play Piano in a Flash! - DVD EXTRAS - AC3 [XviD].avi
[2011/11/20 00:10:19 | 001,572,310 | ---- | M] () -- C:\Users\Mike\Desktop\Play Piano in a Flash! - Play Like a Pro Whether You've Had Lessons or Not.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/14 18:21:48 | 000,002,931 | ---- | C] () -- C:\Users\Mike\Desktop\HiJackThis.lnk
[2011/12/14 18:12:38 | 403,827,352 | ---- | C] () -- C:\Users\Mike\Desktop\services.dmp
[2011/12/13 20:31:44 | 000,026,373 | ---- | C] () -- C:\Windows\diagwrn.xml
[2011/12/13 20:31:44 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2011/12/13 08:13:59 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/13 08:10:14 | 000,007,605 | ---- | C] () -- C:\Users\Mike\AppData\Local\Resmon.ResmonCfg
[2011/12/12 23:02:33 | 2111,660,032 | ---- | C] () -- C:\Users\Mike\Desktop\Star.Wars.Original.Trilogy.1977.A.New.Hope.BDRip.XVID.AC3.HQ.Hive-CM8.avi
[2011/12/12 18:04:30 | 000,000,224 | ---- | C] () -- C:\ProgramData\~Qat7dp6n4HlJq5r
[2011/12/12 18:04:29 | 000,000,304 | ---- | C] () -- C:\ProgramData\~Qat7dp6n4HlJq5
[2011/12/12 18:04:25 | 000,000,448 | ---- | C] () -- C:\ProgramData\Qat7dp6n4HlJq5
[2011/12/10 12:57:14 | 004,221,066 | ---- | C] () -- C:\Users\Mike\Desktop\test.png
[2011/12/05 08:20:00 | 000,001,582 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS4.lnk
[2011/12/05 08:19:34 | 000,001,101 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS4.lnk
[2011/12/05 08:19:12 | 000,001,438 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Drive CS4.lnk
[2011/12/05 08:17:37 | 000,001,194 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS4.lnk
[2011/12/05 08:16:47 | 000,001,285 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS4.lnk
[2011/12/05 08:16:32 | 000,001,409 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk
[2011/12/04 18:09:11 | 001,572,310 | ---- | C] () -- C:\Users\Mike\Desktop\Play Piano in a Flash! - Play Like a Pro Whether You've Had Lessons or Not.pdf
[2011/12/04 18:08:17 | 729,407,488 | ---- | C] () -- C:\Users\Mike\Desktop\Play Piano in a Flash! - DVD EXTRAS - AC3 [XviD].avi
[2011/12/04 18:07:20 | 729,741,312 | ---- | C] () -- C:\Users\Mike\Desktop\Play Piano in a Flash! - AC3 [XviD].avi
[2011/11/24 12:48:13 | 000,001,143 | ---- | C] () -- C:\Users\Mike\Desktop\The Wonderful End of the World.lnk
[2011/11/20 20:32:29 | 000,485,240 | ---- | C] () -- C:\Users\Mike\Desktop\snare.wav
[2011/11/20 20:22:28 | 000,007,828 | ---- | C] () -- C:\Users\Mike\Desktop\crash.pk
[2011/11/20 20:22:24 | 000,661,640 | ---- | C] () -- C:\Users\Mike\Desktop\crash.wav
[2011/11/20 20:18:13 | 000,010,936 | ---- | C] () -- C:\Users\Mike\Desktop\fill.pk
[2011/11/20 20:18:08 | 000,926,240 | ---- | C] () -- C:\Users\Mike\Desktop\fill.wav
[2011/11/20 19:47:37 | 000,325,424 | ---- | C] () -- C:\Users\Mike\Desktop\130.wav
[2011/11/20 12:42:14 | 000,002,868 | ---- | C] () -- C:\Users\Mike\Desktop\x360ce.ini
[2011/11/20 11:44:24 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\DriverUpdate Startup.job
[2011/11/20 11:44:21 | 000,015,672 | ---- | C] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2011/09/09 17:23:17 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/06/01 17:00:38 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\dsplib.dll
[2011/05/26 20:05:34 | 000,722,680 | ---- | C] () -- C:\Program Files (x86)\unins000.exe
[2011/05/26 20:05:33 | 000,300,821 | ---- | C] () -- C:\Program Files (x86)\unins000.dat
[2011/05/25 21:51:25 | 000,000,092 | ---- | C] () -- C:\Users\Mike\AppData\Local\fusioncache.dat
[2011/04/28 07:26:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/04/27 17:28:19 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011/04/27 16:49:31 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2011/04/27 07:06:11 | 000,786,960 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/27 06:43:44 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/04/27 06:43:43 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/04/27 06:43:43 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/04/19 08:17:52 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/04/19 08:17:50 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/04/19 08:17:48 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2010/04/02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >
sephiroth1987
Regular Member
 
Posts: 17
Joined: December 14th, 2011, 7:47 pm

Re: Services.exe uses 30% CPU at all times

Unread postby sephiroth1987 » December 17th, 2011, 12:30 pm

OTL Extras logfile created on: 12/17/2011 11:16:14 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mike\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.92 Gb Total Physical Memory | 3.56 Gb Available Physical Memory | 60.17% Memory free
11.83 Gb Paging File | 9.23 Gb Available in Paging File | 77.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 93.79 Gb Free Space | 20.80% Space Free | Partition Type: NTFS
Drive D: | 5.75 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MIKE-PC | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2921622865-4259557802-1319513234-1002\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel(R) PROSet/Wireless WiFi Software
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{65510247-DAA8-4161-9898-42C78EAF1BC5}" = AVG 2012
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 267.21
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 267.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
"{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4
"{C9BCE8B9-2510-48D4-B93A-EA7BEA81D6E7}" = Native Instruments Traktors 12
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D597935A-5F0E-44F8-A028-A0EF9C647D95}" = Native Instruments Rammfire
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EC761E9C-5B2D-4C52-9C6D-7BB25712B258}" = AVG 2012
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"US122 Driver_is1" = US122 Driver 3.40

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10B39DCD-0325-49FE-BFBC-8EC011CB7CA8}" = ACID Pro 7.0
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{232769D5-3512-4E0F-BAD3-3B41B5A8FEBA}" = DriverUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29CEA3FA-DB08-4FB4-B3BD-3143CACE5CA0}" = A+ 2009 Book Demo
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{35DE6B98-31C9-4A01-AB64-20A3C71BE1D0}" = Native Instruments Reflektor
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A1D9EDD-1284-4A0F-9B6F-512DCF5ED9D5}" = Fast Track USB
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B5B8C28-EFC6-444C-B984-DE5561A9926F}" = Producer USB
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer
"{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D634FB6-42BB-42AB-A37A-DCFF95CD654D}" = Angry Birds Rio
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5806F4F5-D0D4-4313-8AB1-FFA824DB5449}" = Vz In Home Agent
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745D37C2-26F4-4B65-BA13-F9840EBFA75B}" = Might & Magic Heroes VI
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{8094F7AE-CA21-4AF2-A256-BC918CE0E796}" = EZXClaustrophobic
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E31F4DD-4019-48EE-B6FB-FDD77FC8931A}" = Micro
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{918B89F5-3089-4631-BD8A-77990EA7E4FD}" = Session 1.6.3
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE2DDF55-4C42-44CC-A56E-C8E4A65CB2FF}" = IHA_MessageCenter
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BFB8C7BE-3BFA-446C-9F3E-3AFBA5BC1033}" = Nero 7 Ultra Edition
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1EBF11E-8CE3-4EF5-8E2D-FD5B8D6BD294}" = EZXTwisted
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}" = EZXDfh
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E43ED0A0-C85E-40F0-807C-6A8A9D2FAEF3}_is1" = King's Bounty. The Legend (Remove Only)
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel(R) Wireless Display
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acoustica Beatcraft" = Acoustica Beatcraft
"Acoustica Effects Pack" = Acoustica Effects Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Bejeweled 31.0" = Bejeweled 3
"Broken Sword - Director's Cut_is1" = Broken Sword - Director's Cut
"Cakewalk Beatscape_is1" = Beatscape 1.0.2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dell Webcam Central" = Dell Webcam Central
"Dimension Pro Free Expansion Packs 1-3_is1" = Dimension Pro Free Expansion Packs 1-3
"DimensionPro_x64_is1" = Dimension Pro 1.5
"FruityLoops Studio Producer Edition v5.02" = FruityLoops Studio Producer Edition v5.02
"GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4
"Native Instruments Rammfire" = Native Instruments Rammfire
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktors 12" = Native Instruments Traktors 12
"Nehrim - At Fate's Edge_is1" = NehrimUninstaller
"NEO-GEO" = NEO-GEO
"Nintendo" = Nintendo
"Nintendo 64" = Nintendo 64
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"OpenAL" = OpenAL
"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
"Peggle" = Peggle (remove only)
"PunkBusterSvc" = PunkBuster Services
"QuakeUninstallKey" = Quake
"Rage_is1" = Rage
"Reason5_is1" = Reason 5.0
"Sega Genesis" = Sega Genesis
"Serious Sam HD - The Second Encounter_is1" = Serious Sam HD - The Second Encounter
"SONARX1Producer_x64_is1" = SONAR X1 Producer x64
"Sonic Generations_is1" = Sonic Generations
"Steam App 107100" = Bastion
"Steam App 13250" = Unreal Gold
"Steam App 18700" = And Yet It Moves
"Steam App 200900" = Cave Story+
"Steam App 220" = Half-Life 2
"Steam App 22600" = Worms Reloaded
"Steam App 240" = Counter-Strike: Source
"Steam App 24980" = Mass Effect 2
"Steam App 26500" = Cogs
"Steam App 26800" = Braid
"Steam App 26900" = Crayon Physics Deluxe
"Steam App 29180" = Osmos
"Steam App 380" = Half-Life 2: Episode One
"Steam App 39800" = Nation Red
"Steam App 40700" = Machinarium
"Steam App 40800" = Super Meat Boy
"Steam App 40810" = Super Meat Boy Editor
"Steam App 41100" = Hammerfight
"Steam App 41800" = Gratuitous Space Battles
"Steam App 440" = Team Fortress 2
"Steam App 55040" = Atom Zombie Smasher
"Steam App 6120" = Shank
"Steam App 63710" = BIT.TRIP RUNNER
"Steam App 67000" = The Polynomial
"Steam App 70" = Half-Life
"Steam App 70300" = VVVVVV
"Steam App 8190" = Just Cause 2
"Steam App 93200" = Revenge of the Titans
"Steam App 94200" = Jamestown
"Steam App 96200" = Steel Storm: Burning Retribution
"Steam App 99700" = NightSky
"Super Mario: Blue Twilight DX (Low Quality Version)" = Super Mario: Blue Twilight DX (Low Quality Version)
"Super Nintendo" = Super Nintendo
"Ultimate Doom for Windows 95" = Ultimate Doom for Windows 95
"Unofficial Oblivion Patch_is1" = Unofficial Oblivion Patch v3.2.0
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.9
"Voxatron" = Voxatron 0.1.3
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2921622865-4259557802-1319513234-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/13/2011 7:17:55 PM | Computer Name = Mike-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SkyrimLauncher.exe, version: 1.2.14.0,
time stamp: 0x4eb1a8ce Faulting module name: d3d9.dll, version: 0.0.0.0, time stamp:
0x4e3c5a98 Exception code: 0xc0000417 Fault offset: 0x00003a22 Faulting process id:
0x1680 Faulting application start time: 0x01ccb9ed717f59b9 Faulting application path:
C:\Program Files (x86)\The Elder Scrolls V Skyrim\SkyrimLauncher.exe Faulting module
path: C:\Program Files (x86)\The Elder Scrolls V Skyrim\d3d9.dll Report Id: af43b25c-25e0-11e1-82b6-14feb5a5a670

Error - 12/13/2011 7:20:12 PM | Computer Name = Mike-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SkyrimLauncher.exe, version: 1.2.14.0,
time stamp: 0x4eb1a8ce Faulting module name: d3d9.dll, version: 0.0.0.0, time stamp:
0x4e3c5a98 Exception code: 0xc0000417 Fault offset: 0x00003a22 Faulting process id:
0x17a8 Faulting application start time: 0x01ccb9edc2280d43 Faulting application path:
C:\Program Files (x86)\The Elder Scrolls V Skyrim\SkyrimLauncher.exe Faulting module
path: C:\Program Files (x86)\The Elder Scrolls V Skyrim\d3d9.dll Report Id: 00df3242-25e1-11e1-82b6-14feb5a5a670

Error - 12/13/2011 7:20:18 PM | Computer Name = Mike-PC | Source = Application Error | ID = 1000
Description = Faulting application name: TESV.exe, version: 1.1.21.0, time stamp:
0x4ea9b052 Faulting module name: d3d9.dll, version: 0.0.0.0, time stamp: 0x4e3c5a98
Exception
code: 0xc0000417 Fault offset: 0x00003a22 Faulting process id: 0x1540 Faulting application
start time: 0x01ccb9edc60fcf36 Faulting application path: C:\Program Files (x86)\The
Elder Scrolls V Skyrim\TESV.exe Faulting module path: C:\Program Files (x86)\The
Elder Scrolls V Skyrim\d3d9.dll Report Id: 0474504d-25e1-11e1-82b6-14feb5a5a670

Error - 12/13/2011 7:22:13 PM | Computer Name = Mike-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\The
Binding of Isaac\FlashAchievements.exe". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/13/2011 7:40:57 PM | Computer Name = Mike-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\The
Binding of Isaac\FlashAchievements.exe". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/13/2011 8:00:36 PM | Computer Name = Mike-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SkyrimLauncher.exe, version: 1.2.14.0,
time stamp: 0x4eb1a8ce Faulting module name: d3d9.dll, version: 0.0.0.0, time stamp:
0x4e3c5a98 Exception code: 0xc0000417 Fault offset: 0x00003a22 Faulting process id:
0x57c Faulting application start time: 0x01ccb9f3672f766c Faulting application path:
C:\Program Files (x86)\The Elder Scrolls V Skyrim\SkyrimLauncher.exe Faulting module
path: C:\Program Files (x86)\The Elder Scrolls V Skyrim\d3d9.dll Report Id: a5c981b0-25e6-11e1-82b6-14feb5a5a670

Error - 12/13/2011 9:28:18 PM | Computer Name = Mike-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SkyrimLauncher.exe, version: 1.2.14.0,
time stamp: 0x4eb1a8ce Faulting module name: d3d9.dll, version: 0.0.0.0, time stamp:
0x4e3c5a98 Exception code: 0xc0000417 Fault offset: 0x00003a22 Faulting process id:
0x17d0 Faulting application start time: 0x01ccb9ffa7ac58b3 Faulting application path:
C:\Program Files (x86)\The Elder Scrolls V Skyrim\SkyrimLauncher.exe Faulting module
path: C:\Program Files (x86)\The Elder Scrolls V Skyrim\d3d9.dll Report Id: e6128ee9-25f2-11e1-9e02-14feb5a5a670

Error - 12/13/2011 9:37:09 PM | Computer Name = Mike-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SkyrimLauncher.exe, version: 1.2.14.0,
time stamp: 0x4eb1a8ce Faulting module name: d3d9.dll, version: 0.0.0.0, time stamp:
0x4e3c5a98 Exception code: 0xc0000417 Fault offset: 0x00003a22 Faulting process id:
0x101c Faulting application start time: 0x01ccba00e4a66c69 Faulting application path:
C:\Program Files (x86)\The Elder Scrolls V Skyrim\SkyrimLauncher.exe Faulting module
path: C:\Program Files (x86)\The Elder Scrolls V Skyrim\d3d9.dll Report Id: 22f8e650-25f4-11e1-9e02-14feb5a5a670

Error - 12/13/2011 11:33:18 PM | Computer Name = Mike-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16768,
time stamp: 0x4d688122 Faulting module name: ntdll.dll, version: 6.1.7600.20826,
time stamp: 0x4cc7b3ed Exception code: 0xc0000005 Fault offset: 0x000000000004c8c4
Faulting
process id: 0x9cc Faulting application start time: 0x01ccba0fa82e6e69 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 5c84d6a8-2604-11e1-8279-14feb5a5a670

Error - 12/14/2011 12:28:40 AM | Computer Name = Mike-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = The Cryptographic Services service failed to initialize the VSS backup
"System Writer" object. Details: Could not query the status of the EventSystem service.

System
Error: The remote procedure call failed. .

[ System Events ]
Error - 12/17/2011 12:11:35 PM | Computer Name = Mike-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 12/17/2011 12:13:00 PM | Computer Name = Mike-PC | Source = PNRPSvc | ID = 102
Description =

Error - 12/17/2011 12:13:00 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 12/17/2011 12:13:00 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 12/17/2011 12:13:10 PM | Computer Name = Mike-PC | Source = PNRPSvc | ID = 102
Description =

Error - 12/17/2011 12:13:10 PM | Computer Name = Mike-PC | Source = PNRPSvc | ID = 102
Description =

Error - 12/17/2011 12:13:10 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 12/17/2011 12:13:10 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 12/17/2011 12:13:10 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 12/17/2011 12:13:10 PM | Computer Name = Mike-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535


< End of report >
sephiroth1987
Regular Member
 
Posts: 17
Joined: December 14th, 2011, 7:47 pm

Re: Services.exe uses 30% CPU at all times

Unread postby deltalima » December 17th, 2011, 12:39 pm

Hi sephiroth1987,

Remove P2P Programs

  • I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    µTorrent


  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

CKScanner

  • Please download CKScanner from here to your Desktop.
  • Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Right click on CKScanner.exe and select: Run as Administrator then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Next

  • Please download this tool from Microsoft.
  • Right click on MGADiag.exe and select: Run as Administrator.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

Please let me know if the computer is used for home or for business use.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Services.exe uses 30% CPU at all times

Unread postby sephiroth1987 » December 17th, 2011, 5:42 pm

CKScanner - Additional Security Risks - These are not necessarily bad
c:\cakewalk content\audio library\loops\loopmasters\house techno trance\john flemming and digital blonde\00db_tamb_cracking-dry_133.rx2
c:\cakewalk content\audio library\loops\sample magic\breakbusters\breaks_synthloop_130_digicrackler_f.rx2
c:\cakewalk content\audio library\loops\sample magic\nu-rave\nr_syn130_crackline2_gb.rx2
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack5.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack6.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\oldzepsnarez4crack7.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\2 - snares\stevenslate snares\snare3z4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z1\bonhatclosedshankz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z1\bonhatclosedshankz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z1\bonhatclosedshankz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z1\bonhatclosedshankz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z4\bonhatclosedshankz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z4\bonhatclosedshankz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z4\bonhatclosedshankz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedshank\z4\bonhatclosedshankz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z1\bonhatclosedtipz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z1\bonhatclosedtipz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z1\bonhatclosedtipz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z1\bonhatclosedtipz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z4\bonhatclosedtipz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z4\bonhatclosedtipz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z4\bonhatclosedtipz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatclosedtip\z4\bonhatclosedtipz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z1\bonhatopenshankz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z1\bonhatopenshankz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z1\bonhatopenshankz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z1\bonhatopenshankz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z4\bonhatopenshankz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z4\bonhatopenshankz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z4\bonhatopenshankz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopenshank\z4\bonhatopenshankz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z1\bonhatopentipz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z1\bonhatopentipz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z1\bonhatopentipz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z1\bonhatopentipz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z4\bonhatopentipz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z4\bonhatopentipz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z4\bonhatopentipz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\bonhatopentip\z4\bonhatopentipz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z1\hat3closedshankz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z1\hat3closedshankz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z1\hat3closedshankz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z1\hat3closedshankz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z4\hat3closedshankz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z4\hat3closedshankz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z4\hat3closedshankz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedshank\z4\hat3closedshankz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z1\hat3closedtipz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z1\hat3closedtipz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z1\hat3closedtipz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z1\hat3closedtipz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z4\hat3closedtipz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z4\hat3closedtipz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z4\hat3closedtipz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3closedtip\z4\hat3closedtipz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z1\hat3openshankz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z1\hat3openshankz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z1\hat3openshankz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z1\hat3openshankz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z4\hat3openshankz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z4\hat3openshankz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z4\hat3openshankz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3openshank\z4\hat3openshankz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z1\hat3opentipz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z1\hat3opentipz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z1\hat3opentipz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z1\hat3opentipz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z4\hat3opentipz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z4\hat3opentipz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z4\hat3opentipz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\3 - hats\stevenslate hats\hat3opentip\z4\hat3opentipz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\newmapletom1z4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\4 - hi toms\stevenslate hi toms\oldzeptom1z4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom2z4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\newmapletom3z4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\5 - lo toms\stevenslate lo toms\oldzeptom2z4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\newmapletom4z4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\6 - floor toms\stevenslate floor toms\oldzeptom3z4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\boncrash18z4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\crash17z4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash16z4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash18z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash18z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash18z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\7 - crashes\stevenslate crashes\sigcrash18z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2bellz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2pingz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\8 - rides\stevenslate rides\ride2shankz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinabigz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\chinasmallz4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash10z4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8az4crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz1crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz1crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz1crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz1crack4.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz4crack1.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz4crack2.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz4crack3.flac
c:\program files\cakewalk\vstplugins\session drummer 3\contents\kits\9 - alt cymbals\stevenslate altcymbals\splash8kz4crack4.flac
c:\program files (x86)\amnesia - the dark descent\redist\sounds\11\11_glass_crack.snt
c:\program files (x86)\amnesia - the dark descent\redist\sounds\11\11_glass_crack01.ogg
c:\program files (x86)\amnesia - the dark descent\redist\sounds\11\11_glass_crack02.ogg
c:\program files (x86)\amnesia - the dark descent\redist\sounds\11\11_glass_crack03.ogg
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\castlebase\ceiling\corridor_crack.dae
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\castlebase\ceiling\corridor_crack.msh
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\cellarbase\special\cracked_ceiling.dae
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\cellarbase\special\cracked_ceiling.msh
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_blue.dds
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_blue.mat
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_blue01.dae
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_blue01.msh
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_blue02.dae
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_blue02.msh
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_blue03.dae
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_blue03.msh
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_blue04.dae
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_blue04.msh
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_blue_back.dds
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_blue_back.mat
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_brown.dds
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_brown.mat
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_brown01.dae
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_brown01.msh
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_brown02.dae
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_brown02.msh
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_brown03.dae
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_brown03.msh
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_brown04.dae
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_brown04.msh
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_brown_back.dds
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_brown_back.mat
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_nrm.dds
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\decals\cracks_spec.dds
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\dungeonbase\ceiling\default_cracked.dae
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\dungeonbase\ceiling\default_cracked.msh
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\dungeonbase\wall\corridor_graves_cracked.dae
c:\program files (x86)\amnesia - the dark descent\redist\static_objects\dungeonbase\wall\corridor_graves_cracked.msh
c:\program files (x86)\steam\steamapps\common\nation red\textures\fx\craters\crack.tga
c:\program files (x86)\steam\steamapps\common\nation red\textures\fx\craters\crackburn.tga
c:\program files (x86)\steam\steamapps\common\nation red\textures\fx\craters\crack_nrm.tga
c:\users\mike\appdata\local\microsoft\windows\wer\reportqueue\noncritical_keygen.exe_3b6f3a9425289b48e9fe4ff024f2ee7e81a3fc3a_07979f51\report.wer
c:\users\mike\appdata\local\microsoft\windows\wer\reportqueue\noncritical_keygen.exe_3b6f3a9425289b48e9fe4ff024f2ee7e81a3fc3a_cab_05e6da8c\appcompat.txt
c:\users\mike\appdata\local\microsoft\windows\wer\reportqueue\noncritical_keygen.exe_3b6f3a9425289b48e9fe4ff024f2ee7e81a3fc3a_cab_05e6da8c\report.wer
c:\users\mike\appdata\local\microsoft\windows\wer\reportqueue\noncritical_keygen.exe_3b6f3a9425289b48e9fe4ff024f2ee7e81a3fc3a_cab_05e6da8c\tab9dbb.tmp
c:\users\mike\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\#crackle.com\settings.sol
c:\users\mike\documents\sega genesis\roms\crack down.zip
c:\users\mike\music\music 5\02-crack the skye\thumbs.db
scanner sequence 3.ZZ.11.PXNANJ
----- EOF -----
sephiroth1987
Regular Member
 
Posts: 17
Joined: December 14th, 2011, 7:47 pm

Re: Services.exe uses 30% CPU at all times

Unread postby sephiroth1987 » December 17th, 2011, 5:43 pm

This computer is for Home Use

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-QCPVQ-KHRB8-RMV82
Windows Product Key Hash: +Rj3N34NLM2JqoBO/OzgzTZXgbY=
Windows Product ID: 00359-OEM-8992687-00095
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7600.2.00010300.0.0.003
ID: {9CDD1ADA-8526-44AC-AB3D-9867919F9DBC}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7600.win7_ldr.110622-1505
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{9CDD1ADA-8526-44AC-AB3D-9867919F9DBC}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010300.0.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-RMV82</PKey><PID>00359-OEM-8992687-00095</PID><PIDType>2</PIDType><SID>S-1-5-21-2921622865-4259557802-1319513234</SID><SYSTEM><Manufacturer>Dell Inc. </Manufacturer><Model>Dell System XPS L702X</Model></SYSTEM><BIOS><Manufacturer>Dell Inc. </Manufacturer><Version>A08</Version><SMBIOSVersion major="2" minor="6"/><Date>20110406000000.000000+000</Date></BIOS><HWID>AA0D3C07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>QA09 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7600.16385

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800095-02-1033-7600.0000-1092011
Installation ID: 011383698121828203645720584340751271378201902880767994
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: RMV82
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 12/17/2011 4:41:21 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 10:27:2011 14:53
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: NgAAAAIAAgABAAIAAAACAAAAAwABAAEAonaiUHcW2oUorU5jqtbQK7wtzp++9nCgIlwsyi5z

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL QA09
FACP DELL QA09
HPET DELL QA09
MCFG DELL QA09
SLIC DELL QA09
SSDT DELL PtidDevc
ASF! DELL QA09
SSDT DELL PtidDevc
SSDT DELL PtidDevc
SSDT DELL PtidDevc
UEFI DELL QA09
UEFI DELL QA09
UEFI DELL QA09
sephiroth1987
Regular Member
 
Posts: 17
Joined: December 14th, 2011, 7:47 pm

Re: Services.exe uses 30% CPU at all times

Unread postby deltalima » December 18th, 2011, 7:48 am

Hi sephiroth1987,

Download and Run ComboFix

Download Combofix by sUBs from one of these links and save it to your Desktop.
Link 1 | Link 2

**Ensure you have disabled ALL anti-virus, anti-malware and firewall programs so they do not interfere with ComboFix.**
A guide to do this can be found here. If you still aren't sure how to disable protection software, please ask.

  • Double-click ComboFix.exe to start Combofix (If you get a User Account Control warning, click Allow)
  • If you get a message from ComboFix that a rootkit is detected and it needs to reboot the computer, allow it to do so.
  • Wait for scan to complete. It can take tens of minutes.
  • Do not run any programs or do anything to interfere with ConboFix as it is running.
  • Once finished, a log should open. If not, the log can be located at C:\ComboFix.txt

Please include the ComboFix log (C:\ComboFix.txt) in your next reply.

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Services.exe uses 30% CPU at all times

Unread postby sephiroth1987 » December 18th, 2011, 11:15 pm

ComboFix 11-12-17.05 - Mike 12/18/2011 17:21:42.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6058.3965 [GMT -5:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\Roaming
c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
.
.
((((((((((((((((((((((((( Files Created from 2011-11-18 to 2011-12-18 )))))))))))))))))))))))))))))))
.
.
2011-12-18 22:56 . 2011-12-18 22:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-18 22:56 . 2011-12-18 22:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-12-17 21:42 . 2011-12-17 21:42 -------- d-----w- C:\MGADiagToolOutput
2011-12-17 21:41 . 2011-12-17 21:41 -------- d-----w- c:\programdata\Office Genuine Advantage
2011-12-15 13:24 . 2011-12-16 13:09 -------- d-----w- c:\users\Mike\AppData\Local\BIT.TRIP RUNNER
2011-12-15 13:18 . 2011-12-15 13:18 -------- d-----w- c:\users\Mike\AppData\Roaming\Nicalis
2011-12-14 23:21 . 2011-12-14 23:21 388096 ----a-r- c:\users\Mike\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-14 23:21 . 2011-12-14 23:21 -------- d-----w- c:\program files (x86)\Trend Micro
2011-12-14 12:51 . 2011-12-14 12:51 -------- d-----w- c:\windows\system32\SPReview
2011-12-14 12:50 . 2011-12-14 12:50 -------- d-----w- c:\windows\system32\EventProviders
2011-12-14 12:45 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-13 13:14 . 2011-12-13 13:14 -------- d-----w- c:\users\Mike\AppData\Roaming\Malwarebytes
2011-12-13 13:13 . 2011-12-13 13:13 -------- d-----w- c:\programdata\Malwarebytes
2011-12-13 13:13 . 2011-12-13 13:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-13 01:57 . 2011-12-13 01:57 -------- d-----w- c:\users\Mike\AppData\Roaming\SUPERAntiSpyware.com
2011-12-13 01:55 . 2011-12-15 22:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-13 01:54 . 2011-12-13 01:54 -------- d-----w- c:\programdata\SUPERSetup
2011-12-11 22:19 . 2011-12-13 01:42 -------- d-----w- c:\program files (x86)\To the Moon
2011-12-11 22:02 . 2011-12-11 22:02 -------- d-----w- c:\program files (x86)\Robot Entertainment
2011-12-11 21:27 . 2011-12-11 21:27 -------- d-----w- c:\users\Mike\AppData\Roaming\Trine2
2011-12-11 21:25 . 2011-12-13 01:42 -------- d-----w- c:\program files (x86)\Trine 2.v 1.07
2011-12-05 13:21 . 2011-12-13 01:45 -------- d-----w- c:\programdata\FLEXnet
2011-12-05 13:19 . 2011-12-05 13:19 -------- d-----w- c:\programdata\ALM
2011-12-05 13:18 . 2011-12-05 13:18 -------- d-----w- c:\windows\SysWow64\spool
2011-12-05 13:18 . 2011-12-13 01:44 -------- d-----w- c:\program files (x86)\Adobe Media Player
2011-12-05 13:17 . 2011-12-13 01:30 -------- d-----w- c:\program files\Common Files\Adobe
2011-12-05 13:17 . 2011-12-13 01:25 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-12-05 13:14 . 2011-12-13 01:26 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2011-12-05 02:02 . 2011-12-13 01:45 -------- d-----w- c:\program files (x86)\Super Mario Blue Twilight DX
2011-11-26 22:16 . 2011-11-26 22:19 -------- d-----w- c:\users\Mike\AppData\Roaming\Polynomial
2011-11-24 17:47 . 2011-12-13 01:45 -------- d-----w- c:\program files (x86)\The_Wonderful_End_of_the_World
2011-11-20 17:45 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-11-20 17:45 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-11-20 17:12 . 2011-07-16 05:26 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-11-20 17:06 . 2011-08-27 05:40 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-11-20 17:06 . 2011-08-27 05:40 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-11-20 17:06 . 2011-08-27 04:43 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-11-20 17:06 . 2011-08-27 04:43 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-11-20 16:44 . 2011-12-18 23:01 15672 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2011-11-20 16:44 . 2011-12-13 01:33 -------- d-----w- c:\users\Mike\AppData\Local\SlimWare Utilities Inc
2011-11-20 16:44 . 2011-12-13 01:44 -------- d-----w- c:\program files (x86)\DriverUpdate
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-15 13:24 . 2011-04-28 00:10 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2011-12-15 13:24 . 2011-04-28 00:10 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-12-15 13:24 . 2011-04-28 00:10 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-12-15 13:24 . 2011-04-28 00:10 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-12-14 13:28 . 2009-07-14 02:36 175104 ----a-w- c:\windows\system32\msclmd.dll
2011-12-14 13:28 . 2009-07-14 02:36 152064 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-10-07 10:23 . 2011-10-07 10:23 283728 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2011-05-27 01:05 . 2011-05-27 01:05 722680 ----a-w- c:\program files (x86)\unins000.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" [2011-12-15 5486464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-08-15 130976]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\DRIVERS\nvstusb.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PROCEXP150;PROCEXP150;c:\windows\system32\Drivers\PROCEXP150.SYS [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 US122;US122 Driver;c:\windows\system32\Drivers\US122x64.sys [x]
R3 US122DL;US122 Firmware Downloader;c:\windows\system32\Drivers\US122DLx64.sys [x]
R3 US122WdmService;US122 Wdm Audio;c:\windows\system32\Drivers\US122Wdmx64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\Mike\AppData\Local\Temp\0055D47.tmp [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-12-13 140672]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-07-01 151552]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2010-12-03 5253632]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-02-19 2009704]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-02-18 378472]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-18 c:\windows\Tasks\DriverUpdate Startup.job
- c:\program files (x86)\DriverUpdate\DriverUpdate.exe [2011-09-07 16:33]
.
2011-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2921622865-4259557802-1319513234-1002Core.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-26 23:22]
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2921622865-4259557802-1319513234-1002UA.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-26 23:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-12-08 6560360]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-11-30 2186856]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-02-18 312936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-12 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-12 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-12 418840]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-01-25 4479648]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon64.exe" [2008-07-29 511488]
"TBIA"="c:\windows\system32\M-AudioTaskBarIcon64.exe" [2008-07-29 511488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.dell.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\7nk8xhfm.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Cakewalk Beatscape_is1 - c:\program files (x86)\Cakewalk\Beatscape\unins000.exe
AddRemove-Oblivion mod manager_is1 - c:\program files (x86)\Bethesda Softworks\Oblivion\obmm\uninstall\unins000.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-Unofficial Oblivion Patch_is1 - c:\program files (x86)\Bethesda Softworks\Oblivion\Unofficial Oblivion Patch\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Mike\AppData\Local\Temp\0055D47.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2921622865-4259557802-1319513234-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*óÿÿÿåpæ;]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2921622865-4259557802-1319513234-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*óÿÿÿåpæ;\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2921622865-4259557802-1319513234-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*óÿÿÿåpæ;]
@Allowed: (Read) (RestrictedCode)
"0"=hex:43,3a,5c,55,73,65,72,73,5c,4d,69,6b,65,5c,44,65,73,6b,74,6f,70,5c,41,
6d,65,72,69,63,61,6e,2e,48,6f,72,72,6f,72,2e,53,74,6f,72,79,2e,53,30,31,45,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2011-12-18 18:23:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-18 23:23
.
Pre-Run: 100,557,406,208 bytes free
Post-Run: 101,168,992,256 bytes free
.
- - End Of File - - 519CC5515C399D597792B48A8CA0B32A
sephiroth1987
Regular Member
 
Posts: 17
Joined: December 14th, 2011, 7:47 pm

Re: Services.exe uses 30% CPU at all times

Unread postby deltalima » December 19th, 2011, 8:57 am

Hi sephiroth1987,

Upload a File to Virustotal

Please go to Virustotal

Copy/paste this file and path into the white box at the top:
c:\users\Mike\AppData\Local\Temp\0055D47.tmp

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Services.exe uses 30% CPU at all times

Unread postby sephiroth1987 » December 19th, 2011, 9:18 am

Hello,

I'm having some trouble with the Virustotal website. Am I entering the path into the "submit a url" section? I tried clicking on "choose file" but when I manually navigated to the folder the file you mentioned wasn't there (hidden files are enabled). Maybe I'm doing something wrong. Sorry, thanks for the help.
sephiroth1987
Regular Member
 
Posts: 17
Joined: December 14th, 2011, 7:47 pm

Re: Services.exe uses 30% CPU at all times

Unread postby deltalima » December 19th, 2011, 9:57 am

Hi sephiroth1987,

when I manually navigated to the folder the file you mentioned wasn't there


Ok, no problem, that file may have already been removed.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Services.exe uses 30% CPU at all times

Unread postby sephiroth1987 » December 19th, 2011, 10:23 pm

C:\Program Files (x86)\EA\Bulletstorm\Binaries\Win32\xlive.dll a variant of Win32/Packed.VMProtect.AAD trojan
C:\Program Files (x86)\LIMBO\limbo_lang.exe a variant of Win32/Kryptik.EIF trojan
C:\Users\Mike\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\55db7696-7b24a04d Java/TrojanDownloader.OpenConnection.AR trojan
C:\Users\Mike\Desktop\Adobe.Illustrator.CS4.-.EcaSmB\CS4MCLG.EXE probably a variant of Win32/Spy.Agent.FFETUNH trojan
sephiroth1987
Regular Member
 
Posts: 17
Joined: December 14th, 2011, 7:47 pm

Re: Services.exe uses 30% CPU at all times

Unread postby deltalima » December 20th, 2011, 5:53 am

Hi sephiroth1987,

Upload a File to Virustotal

Please go to Virustotal

Copy/paste this file and path into the white box at the top:
C:\Program Files (x86)\EA\Bulletstorm\Binaries\Win32\xlive.dll

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.

Please also use this method to scan the following files and post the logs in your next reply.
Code: Select all
C:\Program Files (x86)\LIMBO\limbo_lang.exe
C:\Users\Mike\Desktop\Adobe.Illustrator.CS4.-.EcaSmB\CS4MCLG.EXE
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 307 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware