Tech Support Forum - View Single Post - svchost sucking up CPU and memory, causes odd problems

mario0412 · 02-12-2007, 07:59 PM

Hello,
I found this thread which almost exactly describes my problem, however I am not familiar enough with IE add ons to know which I should or should not have. My problem is as follows: When I start my computer and log into windows one of the svchost.exe processes will slowly start to suck up CPU usage and memory. It starts out with 0% CPU and around 20k memory, and after about 30 seconds to one minute it will jump to 50% - 99% CPU. Over the next minute the process will eat memory to a maximum of around 90k - 120k, and then I get the following memory error: "Instruction at 0x745f2780 referenced memory at 0x00000000. The memory cannot be read." I also get a generic host process for win 32 error. I inspected the error log and it has this as the error signature szAppName: svchost.exe, szAppVer: 5.1.2600.2180, szModName: msi.dll, szModVer: 3.1.4000.2435, offset:00012780.

After I receive these errors I experience oddities such as the windows theme flashing from XP to classic, and ultimately (within a few minutes) the system will lock up entirely.

I have noted that if I open the task manager and kill the process before the errors, I am able to use the computer like normal with one exception, the process comes back if I try to use Windows Update, and if I kill it during the update the above mentioned problems occur (theme flashing and lock up).

I have Windows Xp media Center edition SP2. Here are the contents of my panda scan and comboscan:

Incident Status Location

Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\FFE KAT\Application Data\Mozilla\Firefox\Profiles\ea8gao3y.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\FFE KAT\Application Data\Mozilla\Firefox\Profiles\ea8gao3y.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\FFE KAT\Application Data\Mozilla\Firefox\Profiles\ea8gao3y.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\FFE KAT\Application Data\Mozilla\Firefox\Profiles\ea8gao3y.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\FFE KAT\Application Data\Mozilla\Firefox\Profiles\ea8gao3y.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\FFE KAT\Application Data\Mozilla\Firefox\Profiles\ea8gao3y.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\FFE KAT\Application Data\Mozilla\Firefox\Profiles\ea8gao3y.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\FFE KAT\Application Data\Mozilla\Firefox\Profiles\ea8gao3y.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.overture.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.ehg.hitbox.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.com.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.belnk.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.go.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Kat\Cookies\kat@atwola[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Kat\Cookies\kat@belnk[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Kat\Cookies\kat@cgi-bin[7].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Kat\Cookies\kat@dist.belnk[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Kat\Cookies\kat@go[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Kat\Cookies\kat@target[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Kat\Cookies\kat@www.burstbeacon[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Kat\Cookies\kat@www.myaffiliateprogram[1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Kat\Cookies\kat@www48.seeq[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Kat\Cookies\kat@xiti[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Kat\Cookies\kat@yadro[1].txt

ComboScan v20070210.13 run by Kat on 2007-02-12 at 21:12:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Failed to create restore point: System Restore is disabled (service is not running).
Performed disk cleanup.

-- HijackThis log (run as Kat.com) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:13:05 PM, on 2/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Kat\Desktop\comboscan.exe
C:\DOCUME~1\Kat\LOCALS~1\Temp\~eixvfdu.tmp\Kat.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1134937265069
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

4 abp480n5 - \SystemRoot\system32\DRIVERS\ABP480N5.SYS
4 adpu160m - \SystemRoot\system32\DRIVERS\adpu160m.sys
4 agpCPQ (Compaq AGP Bus Filter) - \SystemRoot\system32\DRIVERS\agpCPQ.sys
4 Aha154x - \SystemRoot\system32\DRIVERS\aha154x.sys
4 aic78u2 - \SystemRoot\system32\DRIVERS\aic78u2.sys
4 aic78xx - \SystemRoot\system32\DRIVERS\aic78xx.sys
4 AliIde - \SystemRoot\system32\DRIVERS\aliide.sys
4 alim1541 (ALI AGP Bus Filter) - \SystemRoot\system32\DRIVERS\alim1541.sys
4 amdagp (AMD AGP Bus Filter Driver) - \SystemRoot\system32\DRIVERS\amdagp.sys
2 AMON - \??\C:\WINDOWS\system32\drivers\amon.sys
4 amsint - \SystemRoot\system32\DRIVERS\amsint.sys
4 asc - \SystemRoot\system32\DRIVERS\asc.sys
4 asc3350p - \SystemRoot\system32\DRIVERS\asc3350p.sys
4 asc3550 - \SystemRoot\system32\DRIVERS\asc3550.sys
3 ati2mtag - system32\DRIVERS\ati2mtag.sys
4 cbidf - \SystemRoot\system32\DRIVERS\cbidf2k.sys
4 cd20xrnt - \SystemRoot\system32\DRIVERS\cd20xrnt.sys
4 CmdIde - \SystemRoot\system32\DRIVERS\cmdide.sys
4 Cpqarray - \SystemRoot\system32\DRIVERS\cpqarray.sys
4 dac2w2k - \SystemRoot\system32\DRIVERS\dac2w2k.sys
4 dac960nt - \SystemRoot\system32\DRIVERS\dac960nt.sys
4 dpti2o - \SystemRoot\system32\DRIVERS\dpti2o.sys
0 drvmcdb - system32\drivers\drvmcdb.sys
2 drvnddm - system32\drivers\drvnddm.sys
3 E100B (Intel(R) PRO Adapter Driver) - system32\DRIVERS\e100b325.sys
3 e1express (Intel(R) PRO/1000 PCI Express Network Connection Driver) - system32\DRIVERS\e1e5132.sys
3 HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - system32\DRIVERS\HDAudBus.sys
3 HidUsb (Microsoft HID Class Driver) - system32\DRIVERS\hidusb.sys
4 hpn - \SystemRoot\system32\DRIVERS\hpn.sys
4 i2omp - \SystemRoot\system32\DRIVERS\i2omp.sys
0 iastor (Intel AHCI Controller) - system32\drivers\iastor.sys
4 ini910u - \SystemRoot\system32\DRIVERS\ini910u.sys
3 IntelC51 - system32\DRIVERS\IntelC51.sys
3 IntelC52 - system32\DRIVERS\IntelC52.sys
3 IntelC53 - system32\DRIVERS\IntelC53.sys
1 intelppm (Intel Processor Driver) - system32\DRIVERS\intelppm.sys
1 kbdhid (Keyboard HID Driver) - system32\DRIVERS\kbdhid.sys
3 mf - system32\DRIVERS\mf.sys
3 MHNDRV (MHN driver) - system32\DRIVERS\mhndrv.sys
3 MODEMCSA (Unimodem Streaming Filter Device) - system32\drivers\MODEMCSA.sys
3 mohfilt - system32\DRIVERS\mohfilt.sys
3 mouhid (Mouse HID Driver) - system32\DRIVERS\mouhid.sys
4 mraid35x - \SystemRoot\system32\DRIVERS\mraid35x.sys
3 nv - system32\DRIVERS\nv4_mini.sys
0 PCIIde - system32\DRIVERS\pciide.sys
4 perc2 - \SystemRoot\system32\DRIVERS\perc2.sys
4 perc2hib - \SystemRoot\system32\DRIVERS\perc2hib.sys
0 PxHelp20 - System32\Drivers\PxHelp20.sys
4 ql1080 - \SystemRoot\system32\DRIVERS\ql1080.sys
4 Ql10wnt - \SystemRoot\system32\DRIVERS\ql10wnt.sys
4 ql12160 - \SystemRoot\system32\DRIVERS\ql12160.sys
4 ql1240 - \SystemRoot\system32\DRIVERS\ql1240.sys
4 ql1280 - \SystemRoot\system32\DRIVERS\ql1280.sys
2 Sentinel - \SystemRoot\System32\Drivers\SENTINEL.SYS
4 sisagp (SIS AGP Bus Filter) - \SystemRoot\system32\DRIVERS\sisagp.sys
4 Sparrow - \SystemRoot\system32\DRIVERS\sparrow.sys
1 sscdbhk5 - system32\drivers\sscdbhk5.sys
1 ssrtln - system32\drivers\ssrtln.sys
3 STHDA (High Definition Audio Driver (WDM) - SigmaTel CODEC) - system32\drivers\sthda.sys
4 symc810 - \SystemRoot\system32\DRIVERS\symc810.sys
4 symc8xx - \SystemRoot\system32\DRIVERS\symc8xx.sys
4 sym_hi - \SystemRoot\system32\DRIVERS\sym_hi.sys
4 sym_u3 - \SystemRoot\system32\DRIVERS\sym_u3.sys
2 tfsnboio - system32\dla\tfsnboio.sys
2 tfsncofs - system32\dla\tfsncofs.sys
2 tfsndrct - system32\dla\tfsndrct.sys
2 tfsndres - system32\dla\tfsndres.sys
2 tfsnifs - system32\dla\tfsnifs.sys
2 tfsnopio - system32\dla\tfsnopio.sys
2 tfsnpool - system32\dla\tfsnpool.sys
2 tfsnudf - system32\dla\tfsnudf.sys
2 tfsnudfa - system32\dla\tfsnudfa.sys
4 TosIde - \SystemRoot\system32\DRIVERS\toside.sys
4 ultra - \SystemRoot\system32\DRIVERS\ultra.sys
3 usbccgp (Microsoft USB Generic Parent Driver) - system32\DRIVERS\usbccgp.sys
3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - system32\DRIVERS\usbehci.sys
3 usbprint (Microsoft USB PRINTER Class) - system32\DRIVERS\usbprint.sys
3 usbscan (USB Scanner Driver) - system32\DRIVERS\usbscan.sys
3 USBSTOR (USB Mass Storage Driver) - system32\DRIVERS\USBSTOR.SYS
4 viaagp (VIA AGP Bus Filter) - \SystemRoot\system32\DRIVERS\viaagp.sys
4 ViaIde - \SystemRoot\system32\DRIVERS\viaide.sys
4 wanatw (WAN Miniport (ATW)) - system32\DRIVERS\wanatw4.sys
1 WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - \SystemRoot\System32\drivers\ws2ifsl.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3 Adobe LM Service - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
3 aspnet_state (ASP.NET State Service) - %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
4 Ati HotKey Poller - %SystemRoot%\system32\Ati2evxx.exe
2 ehRecvr (Media Center Receiver Service) - C:\WINDOWS\eHome\ehRecvr.exe
2 ehSched (Media Center Scheduler Service) - C:\WINDOWS\eHome\ehSched.exe
2 Fax - %systemroot%\system32\fxssvc.exe
4 IAANTMon (Intel(R) Matrix Storage Event Monitor) - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
3 lxcc_device - C:\WINDOWS\system32\lxcccoms.exe -service
2 McrdSvc (Media Center Extender Service) - C:\WINDOWS\ehome\mcrdsvc.exe
4 MDM (Machine Debug Manager) - "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
3 MHN - %SystemRoot%\System32\svchost.exe -k netsvcs
2 MSSQL$MICROSOFTBCM - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe -sMICROSOFTBCM
3 MSSQLServerADHelper - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
3 NetSvc (Intel NCS NetService) - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
2 NOD32krn (NOD32 Kernel Service) - "C:\Program Files\Eset\nod32krn.exe"
3 ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
2 SentinelProtectionServer (Sentinel Protection Server) - "C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe"
3 SQLAgent$MICROSOFTBCM - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -i MICROSOFTBCM
3 UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe

-- Files created between 2007-01-12 and 2007-02-12 ------------------------------

2007-02-12 21:08:51 21312 --a------ C:\WINDOWS\choice.exe<Unsigned: n/a>
2007-02-12 21:07:29 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~2>
2007-02-12 21:05:17 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-02-12 19:55:53 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-02-12 18:38:29 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-02-03 18:27:43 0 d-------- C:\Documents and Settings\LocalService\Application Data\Help
2007-01-19 20:44:25 0 d-------- C:\WINDOWS\WBEM
2007-01-19 20:44:24 0 d-------- C:\WINDOWS\system32\en-US
2007-01-19 20:44:05 0 d--h---c- C:\WINDOWS\ie7
2007-01-19 20:42:43 0 d-------- C:\WINDOWS\network diagnostic<NETWOR~1>
2007-01-19 19:47:29 0 d-------- C:\Program Files\a-squared Free<A-SQUA~1>
2007-01-19 19:29:11 0 d-------- C:\WINDOWS\pss

-- Find3M Report ----------------------------------------------------------------

2007-02-12 21:11:12 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-12 20:26:11 0 d-------- C:\Program Files\Lexmark 3300 Series<LEXMAR~1>
2007-02-12 14:46:20 0 d-------- C:\Documents and Settings\Kat\Application Data\Adobe
2007-02-10 10:12:24 0 d-------- C:\Program Files\Lx_cats
2007-01-13 15:36:36 0 d-------- C:\Documents and Settings\Kat\Application Data\AdobeUM
2006-12-18 13:04:03 0 d---s---- C:\Documents and Settings\Kat\Application Data\Microsoft<MICROS~1>
2006-12-12 18:56:03 0 d-------- C:\Program Files\Common Files\Adobe

-- Registry Dump ----------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"LXCCCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCCtime.dll,_RunDLLEntry@16"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\AutorunsDisabled]
"LXCCCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCCtime.dll,_RunDLLEntry@16"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kat^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"path"="C:\\Documents and Settings\\Kat\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fm3032"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Lexmark Fax Solutions\\fm3032.exe\" /s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IndexSearch"
"hkey"="HKLM"
"command"="C:\\Program Files\\Scansoft\\PaperPort\\IndexSearch.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lxccmon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Lexmark 3300 Series\\lxccmon.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OneTouchMon"
"hkey"="HKLM"
"command"="C:\\Program Files\\Visioneer OneTouch\\OneTouchMon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pptd40nt"
"hkey"="HKLM"
"command"="C:\\Program Files\\Scansoft\\PaperPort\\pptd40nt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="stsystra"
"hkey"="HKLM"
"command"="stsystra.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MDM"=dword:00000002
"Ati HotKey Poller"=dword:00000002
"Adobe LM Service"=dword:00000003

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
Shell\AutoRun\command E:\setup.exe

-- End of ComboScan: finished at 2007-02-12 at 21:13:37 -------------------------

Thanks for your help!
Mario.

02-12-2007, 07:59 PM	#1 (permalink)
mario0412 Registered User Join Date: Feb 2007 Posts: 4 OS: XP	svchost sucking up CPU and memory, causes odd problems Hello, I found this thread which almost exactly describes my problem, however I am not familiar enough with IE add ons to know which I should or should not have. My problem is as follows: When I start my computer and log into windows one of the svchost.exe processes will slowly start to suck up CPU usage and memory. It starts out with 0% CPU and around 20k memory, and after about 30 seconds to one minute it will jump to 50% - 99% CPU. Over the next minute the process will eat memory to a maximum of around 90k - 120k, and then I get the following memory error: "Instruction at 0x745f2780 referenced memory at 0x00000000. The memory cannot be read." I also get a generic host process for win 32 error. I inspected the error log and it has this as the error signature szAppName: svchost.exe, szAppVer: 5.1.2600.2180, szModName: msi.dll, szModVer: 3.1.4000.2435, offset:00012780. After I receive these errors I experience oddities such as the windows theme flashing from XP to classic, and ultimately (within a few minutes) the system will lock up entirely. I have noted that if I open the task manager and kill the process before the errors, I am able to use the computer like normal with one exception, the process comes back if I try to use Windows Update, and if I kill it during the update the above mentioned problems occur (theme flashing and lock up). I have Windows Xp media Center edition SP2. Here are the contents of my panda scan and comboscan: Incident Status Location Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\FFE KAT\Application Data\Mozilla\Firefox\Profiles\ea8gao3y.default\cookies.txt[.bluestreak.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\FFE KAT\Application Data\Mozilla\Firefox\Profiles\ea8gao3y.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\FFE KAT\Application Data\Mozilla\Firefox\Profiles\ea8gao3y.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\FFE KAT\Application Data\Mozilla\Firefox\Profiles\ea8gao3y.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\FFE KAT\Application Data\Mozilla\Firefox\Profiles\ea8gao3y.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\FFE KAT\Application Data\Mozilla\Firefox\Profiles\ea8gao3y.default\cookies.txt[.apmebf.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\FFE KAT\Application Data\Mozilla\Firefox\Profiles\ea8gao3y.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\FFE KAT\Application Data\Mozilla\Firefox\Profiles\ea8gao3y.default\cookies.txt[.advertising.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.advertising.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.perf.overture.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.overture.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.bluestreak.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.fastclick.net/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.hitbox.com/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.atwola.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.2o7.net/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.realmedia.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.ehg.hitbox.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.com.com/] Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.as-us.falkag.net/] Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.belnk.com/] Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.burstnet.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.go.com/] Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.maxserving.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Kat\Cookies\kat@atwola[2].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Kat\Cookies\kat@belnk[1].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Kat\Cookies\kat@cgi-bin[7].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Kat\Cookies\kat@dist.belnk[2].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Kat\Cookies\kat@go[2].txt Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Kat\Cookies\kat@target[2].txt Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Kat\Cookies\kat@www.burstbeacon[2].txt Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Kat\Cookies\kat@www.myaffiliateprogram[1].txt Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Kat\Cookies\kat@www48.seeq[1].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Kat\Cookies\kat@xiti[1].txt Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Kat\Cookies\kat@yadro[1].txt ComboScan v20070210.13 run by Kat on 2007-02-12 at 21:12:35 Computer is in Normal Mode. -------------------------------------------------------------------------------- Failed to create restore point: System Restore is disabled (service is not running). Performed disk cleanup. -- HijackThis log (run as Kat.com) ---------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 9:13:05 PM, on 2/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Documents and Settings\Kat\Desktop\comboscan.exe C:\DOCUME~1\Kat\LOCALS~1\Temp\~eixvfdu.tmp\Kat.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1134937265069 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- File Associations ------------------------------------------------------------ .bat - batfile - "%1" %* .chm - chm.file - "C:\WINDOWS\hh.exe" %1 .com - comfile - "%1" %* .exe - exefile - "%1" %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 .js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %* .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - "%1" %* .reg - regfile - regedit.exe "%1" .scr - scrfile - "%1" /S .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 .vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------- 4 abp480n5 - \SystemRoot\system32\DRIVERS\ABP480N5.SYS 4 adpu160m - \SystemRoot\system32\DRIVERS\adpu160m.sys 4 agpCPQ (Compaq AGP Bus Filter) - \SystemRoot\system32\DRIVERS\agpCPQ.sys 4 Aha154x - \SystemRoot\system32\DRIVERS\aha154x.sys 4 aic78u2 - \SystemRoot\system32\DRIVERS\aic78u2.sys 4 aic78xx - \SystemRoot\system32\DRIVERS\aic78xx.sys 4 AliIde - \SystemRoot\system32\DRIVERS\aliide.sys 4 alim1541 (ALI AGP Bus Filter) - \SystemRoot\system32\DRIVERS\alim1541.sys 4 amdagp (AMD AGP Bus Filter Driver) - \SystemRoot\system32\DRIVERS\amdagp.sys 2 AMON - \??\C:\WINDOWS\system32\drivers\amon.sys 4 amsint - \SystemRoot\system32\DRIVERS\amsint.sys 4 asc - \SystemRoot\system32\DRIVERS\asc.sys 4 asc3350p - \SystemRoot\system32\DRIVERS\asc3350p.sys 4 asc3550 - \SystemRoot\system32\DRIVERS\asc3550.sys 3 ati2mtag - system32\DRIVERS\ati2mtag.sys 4 cbidf - \SystemRoot\system32\DRIVERS\cbidf2k.sys 4 cd20xrnt - \SystemRoot\system32\DRIVERS\cd20xrnt.sys 4 CmdIde - \SystemRoot\system32\DRIVERS\cmdide.sys 4 Cpqarray - \SystemRoot\system32\DRIVERS\cpqarray.sys 4 dac2w2k - \SystemRoot\system32\DRIVERS\dac2w2k.sys 4 dac960nt - \SystemRoot\system32\DRIVERS\dac960nt.sys 4 dpti2o - \SystemRoot\system32\DRIVERS\dpti2o.sys 0 drvmcdb - system32\drivers\drvmcdb.sys 2 drvnddm - system32\drivers\drvnddm.sys 3 E100B (Intel(R) PRO Adapter Driver) - system32\DRIVERS\e100b325.sys 3 e1express (Intel(R) PRO/1000 PCI Express Network Connection Driver) - system32\DRIVERS\e1e5132.sys 3 HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - system32\DRIVERS\HDAudBus.sys 3 HidUsb (Microsoft HID Class Driver) - system32\DRIVERS\hidusb.sys 4 hpn - \SystemRoot\system32\DRIVERS\hpn.sys 4 i2omp - \SystemRoot\system32\DRIVERS\i2omp.sys 0 iastor (Intel AHCI Controller) - system32\drivers\iastor.sys 4 ini910u - \SystemRoot\system32\DRIVERS\ini910u.sys 3 IntelC51 - system32\DRIVERS\IntelC51.sys 3 IntelC52 - system32\DRIVERS\IntelC52.sys 3 IntelC53 - system32\DRIVERS\IntelC53.sys 1 intelppm (Intel Processor Driver) - system32\DRIVERS\intelppm.sys 1 kbdhid (Keyboard HID Driver) - system32\DRIVERS\kbdhid.sys 3 mf - system32\DRIVERS\mf.sys 3 MHNDRV (MHN driver) - system32\DRIVERS\mhndrv.sys 3 MODEMCSA (Unimodem Streaming Filter Device) - system32\drivers\MODEMCSA.sys 3 mohfilt - system32\DRIVERS\mohfilt.sys 3 mouhid (Mouse HID Driver) - system32\DRIVERS\mouhid.sys 4 mraid35x - \SystemRoot\system32\DRIVERS\mraid35x.sys 3 nv - system32\DRIVERS\nv4_mini.sys 0 PCIIde - system32\DRIVERS\pciide.sys 4 perc2 - \SystemRoot\system32\DRIVERS\perc2.sys 4 perc2hib - \SystemRoot\system32\DRIVERS\perc2hib.sys 0 PxHelp20 - System32\Drivers\PxHelp20.sys 4 ql1080 - \SystemRoot\system32\DRIVERS\ql1080.sys 4 Ql10wnt - \SystemRoot\system32\DRIVERS\ql10wnt.sys 4 ql12160 - \SystemRoot\system32\DRIVERS\ql12160.sys 4 ql1240 - \SystemRoot\system32\DRIVERS\ql1240.sys 4 ql1280 - \SystemRoot\system32\DRIVERS\ql1280.sys 2 Sentinel - \SystemRoot\System32\Drivers\SENTINEL.SYS 4 sisagp (SIS AGP Bus Filter) - \SystemRoot\system32\DRIVERS\sisagp.sys 4 Sparrow - \SystemRoot\system32\DRIVERS\sparrow.sys 1 sscdbhk5 - system32\drivers\sscdbhk5.sys 1 ssrtln - system32\drivers\ssrtln.sys 3 STHDA (High Definition Audio Driver (WDM) - SigmaTel CODEC) - system32\drivers\sthda.sys 4 symc810 - \SystemRoot\system32\DRIVERS\symc810.sys 4 symc8xx - \SystemRoot\system32\DRIVERS\symc8xx.sys 4 sym_hi - \SystemRoot\system32\DRIVERS\sym_hi.sys 4 sym_u3 - \SystemRoot\system32\DRIVERS\sym_u3.sys 2 tfsnboio - system32\dla\tfsnboio.sys 2 tfsncofs - system32\dla\tfsncofs.sys 2 tfsndrct - system32\dla\tfsndrct.sys 2 tfsndres - system32\dla\tfsndres.sys 2 tfsnifs - system32\dla\tfsnifs.sys 2 tfsnopio - system32\dla\tfsnopio.sys 2 tfsnpool - system32\dla\tfsnpool.sys 2 tfsnudf - system32\dla\tfsnudf.sys 2 tfsnudfa - system32\dla\tfsnudfa.sys 4 TosIde - \SystemRoot\system32\DRIVERS\toside.sys 4 ultra - \SystemRoot\system32\DRIVERS\ultra.sys 3 usbccgp (Microsoft USB Generic Parent Driver) - system32\DRIVERS\usbccgp.sys 3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - system32\DRIVERS\usbehci.sys 3 usbprint (Microsoft USB PRINTER Class) - system32\DRIVERS\usbprint.sys 3 usbscan (USB Scanner Driver) - system32\DRIVERS\usbscan.sys 3 USBSTOR (USB Mass Storage Driver) - system32\DRIVERS\USBSTOR.SYS 4 viaagp (VIA AGP Bus Filter) - \SystemRoot\system32\DRIVERS\viaagp.sys 4 ViaIde - \SystemRoot\system32\DRIVERS\viaide.sys 4 wanatw (WAN Miniport (ATW)) - system32\DRIVERS\wanatw4.sys 1 WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - \SystemRoot\System32\drivers\ws2ifsl.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 3 Adobe LM Service - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" 3 aspnet_state (ASP.NET State Service) - %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe 4 Ati HotKey Poller - %SystemRoot%\system32\Ati2evxx.exe 2 ehRecvr (Media Center Receiver Service) - C:\WINDOWS\eHome\ehRecvr.exe 2 ehSched (Media Center Scheduler Service) - C:\WINDOWS\eHome\ehSched.exe 2 Fax - %systemroot%\system32\fxssvc.exe 4 IAANTMon (Intel(R) Matrix Storage Event Monitor) - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe 3 lxcc_device - C:\WINDOWS\system32\lxcccoms.exe -service 2 McrdSvc (Media Center Extender Service) - C:\WINDOWS\ehome\mcrdsvc.exe 4 MDM (Machine Debug Manager) - "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" 3 MHN - %SystemRoot%\System32\svchost.exe -k netsvcs 2 MSSQL$MICROSOFTBCM - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe -sMICROSOFTBCM 3 MSSQLServerADHelper - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe 3 NetSvc (Intel NCS NetService) - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe 2 NOD32krn (NOD32 Kernel Service) - "C:\Program Files\Eset\nod32krn.exe" 3 ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" 2 SentinelProtectionServer (Sentinel Protection Server) - "C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe" 3 SQLAgent$MICROSOFTBCM - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -i MICROSOFTBCM 3 UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe -- Files created between 2007-01-12 and 2007-02-12 ------------------------------ 2007-02-12 21:08:51 21312 --a------ C:\WINDOWS\choice.exe<Unsigned: n/a> 2007-02-12 21:07:29 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~2> 2007-02-12 21:05:17 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1> 2007-02-12 19:55:53 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1> 2007-02-12 18:38:29 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2007-02-03 18:27:43 0 d-------- C:\Documents and Settings\LocalService\Application Data\Help 2007-01-19 20:44:25 0 d-------- C:\WINDOWS\WBEM 2007-01-19 20:44:24 0 d-------- C:\WINDOWS\system32\en-US 2007-01-19 20:44:05 0 d--h---c- C:\WINDOWS\ie7 2007-01-19 20:42:43 0 d-------- C:\WINDOWS\network diagnostic<NETWOR~1> 2007-01-19 19:47:29 0 d-------- C:\Program Files\a-squared Free<A-SQUA~1> 2007-01-19 19:29:11 0 d-------- C:\WINDOWS\pss -- Find3M Report ---------------------------------------------------------------- 2007-02-12 21:11:12 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1> 2007-02-12 20:26:11 0 d-------- C:\Program Files\Lexmark 3300 Series<LEXMAR~1> 2007-02-12 14:46:20 0 d-------- C:\Documents and Settings\Kat\Application Data\Adobe 2007-02-10 10:12:24 0 d-------- C:\Program Files\Lx_cats 2007-01-13 15:36:36 0 d-------- C:\Documents and Settings\Kat\Application Data\AdobeUM 2006-12-18 13:04:03 0 d---s---- C:\Documents and Settings\Kat\Application Data\Microsoft<MICROS~1> 2006-12-12 18:56:03 0 d-------- C:\Program Files\Common Files\Adobe -- Registry Dump ---------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe" "nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE" "LXCCCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCCtime.dll,_RunDLLEntry@16" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\AutorunsDisabled] "LXCCCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCCtime.dll,_RunDLLEntry@16" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kat^Start Menu^Programs^Startup^Adobe Gamma.lnk] "path"="C:\\Documents and Settings\\Kat\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup" "location"="Startup" "command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE " "item"="Adobe Gamma" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="atiptaxx" "hkey"="HKLM" "command"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ctfmon" "hkey"="HKCU" "command"="C:\\WINDOWS\\system32\\ctfmon.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="fm3032" "hkey"="HKLM" "command"="\"C:\\Program Files\\Lexmark Fax Solutions\\fm3032.exe\" /s" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IndexSearch" "hkey"="HKLM" "command"="C:\\Program Files\\Scansoft\\PaperPort\\IndexSearch.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="lxccmon" "hkey"="HKLM" "command"="\"C:\\Program Files\\Lexmark 3300 Series\\lxccmon.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="OneTouchMon" "hkey"="HKLM" "command"="C:\\Program Files\\Visioneer OneTouch\\OneTouchMon.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="pptd40nt" "hkey"="HKLM" "command"="C:\\Program Files\\Scansoft\\PaperPort\\pptd40nt.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="stsystra" "hkey"="HKLM" "command"="stsystra.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "MDM"=dword:00000002 "Ati HotKey Poller"=dword:00000002 "Adobe LM Service"=dword:00000003 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{81559C35-8464-49F7-BB0E-07A383BEF910}"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] Shell\AutoRun\command E:\setup.exe -- End of ComboScan: finished at 2007-02-12 at 21:13:37 ------------------------- Thanks for your help! Mario.