svchost sucking up CPU and memory, causes odd problems

[mario0412]

Hello,
I found this thread which almost exactly describes my problem, however I am not familiar enough with IE add ons to know which I should or should not have. My problem is as follows: When I start my computer and log into windows one of the svchost.exe processes will slowly start to suck up CPU usage and memory. It starts out with 0% CPU and around 20k memory, and after about 30 seconds to one minute it will jump to 50% - 99% CPU. Over the next minute the process will eat memory to a maximum of around 90k - 120k, and then I get the following memory error: "Instruction at 0x745f2780 referenced memory at 0x00000000. The memory cannot be read." I also get a generic host process for win 32 error. I inspected the error log and it has this as the error signature szAppName: svchost.exe, szAppVer: 5.1.2600.2180, szModName: msi.dll, szModVer: 3.1.4000.2435, offset:00012780.

After I receive these errors I experience oddities such as the windows theme flashing from XP to classic, and ultimately (within a few minutes) the system will lock up entirely.

I have noted that if I open the task manager and kill the process before the errors, I am able to use the computer like normal with one exception, the process comes back if I try to use Windows Update, and if I kill it during the update the above mentioned problems occur (theme flashing and lock up).


I have Windows Xp media Center edition SP2. Here are the contents of my panda scan and comboscan:


Incident Status Location

Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\FFE KAT\Application Data\Mozilla\Firefox\Profiles\ea8gao3y.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\FFE KAT\Application Data\Mozilla\Firefox\Profiles\ea8gao3y.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\FFE KAT\Application Data\Mozilla\Firefox\Profiles\ea8gao3y.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\FFE KAT\Application Data\Mozilla\Firefox\Profiles\ea8gao3y.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\FFE KAT\Application Data\Mozilla\Firefox\Profiles\ea8gao3y.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\FFE KAT\Application Data\Mozilla\Firefox\Profiles\ea8gao3y.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\FFE KAT\Application Data\Mozilla\Firefox\Profiles\ea8gao3y.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\FFE KAT\Application Data\Mozilla\Firefox\Profiles\ea8gao3y.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.overture.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.ehg.hitbox.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.com.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.belnk.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.go.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Kat\Application Data\Mozilla\Firefox\Profiles\bmxgua2t.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Kat\Cookies\kat@atwola[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Kat\Cookies\kat@belnk[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Kat\Cookies\kat@cgi-bin[7].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Kat\Cookies\kat@dist.belnk[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Kat\Cookies\kat@go[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Kat\Cookies\kat@target[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Kat\Cookies\kat@www.burstbeacon[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Kat\Cookies\kat@www.myaffiliateprogram[1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Kat\Cookies\kat@www48.seeq[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Kat\Cookies\kat@xiti[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Kat\Cookies\kat@yadro[1].txt

ComboScan v20070210.13 run by Kat on 2007-02-12 at 21:12:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Failed to create restore point: System Restore is disabled (service is not running).
Performed disk cleanup.


-- HijackThis log (run as Kat.com) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:13:05 PM, on 2/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Kat\Desktop\comboscan.exe
C:\DOCUME~1\Kat\LOCALS~1\Temp\~eixvfdu.tmp\Kat.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1134937265069
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

4 abp480n5 - \SystemRoot\system32\DRIVERS\ABP480N5.SYS
4 adpu160m - \SystemRoot\system32\DRIVERS\adpu160m.sys
4 agpCPQ (Compaq AGP Bus Filter) - \SystemRoot\system32\DRIVERS\agpCPQ.sys
4 Aha154x - \SystemRoot\system32\DRIVERS\aha154x.sys
4 aic78u2 - \SystemRoot\system32\DRIVERS\aic78u2.sys
4 aic78xx - \SystemRoot\system32\DRIVERS\aic78xx.sys
4 AliIde - \SystemRoot\system32\DRIVERS\aliide.sys
4 alim1541 (ALI AGP Bus Filter) - \SystemRoot\system32\DRIVERS\alim1541.sys
4 amdagp (AMD AGP Bus Filter Driver) - \SystemRoot\system32\DRIVERS\amdagp.sys
2 AMON - \??\C:\WINDOWS\system32\drivers\amon.sys
4 amsint - \SystemRoot\system32\DRIVERS\amsint.sys
4 asc - \SystemRoot\system32\DRIVERS\asc.sys
4 asc3350p - \SystemRoot\system32\DRIVERS\asc3350p.sys
4 asc3550 - \SystemRoot\system32\DRIVERS\asc3550.sys
3 ati2mtag - system32\DRIVERS\ati2mtag.sys
4 cbidf - \SystemRoot\system32\DRIVERS\cbidf2k.sys
4 cd20xrnt - \SystemRoot\system32\DRIVERS\cd20xrnt.sys
4 CmdIde - \SystemRoot\system32\DRIVERS\cmdide.sys
4 Cpqarray - \SystemRoot\system32\DRIVERS\cpqarray.sys
4 dac2w2k - \SystemRoot\system32\DRIVERS\dac2w2k.sys
4 dac960nt - \SystemRoot\system32\DRIVERS\dac960nt.sys
4 dpti2o - \SystemRoot\system32\DRIVERS\dpti2o.sys
0 drvmcdb - system32\drivers\drvmcdb.sys
2 drvnddm - system32\drivers\drvnddm.sys
3 E100B (Intel(R) PRO Adapter Driver) - system32\DRIVERS\e100b325.sys
3 e1express (Intel(R) PRO/1000 PCI Express Network Connection Driver) - system32\DRIVERS\e1e5132.sys
3 HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - system32\DRIVERS\HDAudBus.sys
3 HidUsb (Microsoft HID Class Driver) - system32\DRIVERS\hidusb.sys
4 hpn - \SystemRoot\system32\DRIVERS\hpn.sys
4 i2omp - \SystemRoot\system32\DRIVERS\i2omp.sys
0 iastor (Intel AHCI Controller) - system32\drivers\iastor.sys
4 ini910u - \SystemRoot\system32\DRIVERS\ini910u.sys
3 IntelC51 - system32\DRIVERS\IntelC51.sys
3 IntelC52 - system32\DRIVERS\IntelC52.sys
3 IntelC53 - system32\DRIVERS\IntelC53.sys
1 intelppm (Intel Processor Driver) - system32\DRIVERS\intelppm.sys
1 kbdhid (Keyboard HID Driver) - system32\DRIVERS\kbdhid.sys
3 mf - system32\DRIVERS\mf.sys
3 MHNDRV (MHN driver) - system32\DRIVERS\mhndrv.sys
3 MODEMCSA (Unimodem Streaming Filter Device) - system32\drivers\MODEMCSA.sys
3 mohfilt - system32\DRIVERS\mohfilt.sys
3 mouhid (Mouse HID Driver) - system32\DRIVERS\mouhid.sys
4 mraid35x - \SystemRoot\system32\DRIVERS\mraid35x.sys
3 nv - system32\DRIVERS\nv4_mini.sys
0 PCIIde - system32\DRIVERS\pciide.sys
4 perc2 - \SystemRoot\system32\DRIVERS\perc2.sys
4 perc2hib - \SystemRoot\system32\DRIVERS\perc2hib.sys
0 PxHelp20 - System32\Drivers\PxHelp20.sys
4 ql1080 - \SystemRoot\system32\DRIVERS\ql1080.sys
4 Ql10wnt - \SystemRoot\system32\DRIVERS\ql10wnt.sys
4 ql12160 - \SystemRoot\system32\DRIVERS\ql12160.sys
4 ql1240 - \SystemRoot\system32\DRIVERS\ql1240.sys
4 ql1280 - \SystemRoot\system32\DRIVERS\ql1280.sys
2 Sentinel - \SystemRoot\System32\Drivers\SENTINEL.SYS
4 sisagp (SIS AGP Bus Filter) - \SystemRoot\system32\DRIVERS\sisagp.sys
4 Sparrow - \SystemRoot\system32\DRIVERS\sparrow.sys
1 sscdbhk5 - system32\drivers\sscdbhk5.sys
1 ssrtln - system32\drivers\ssrtln.sys
3 STHDA (High Definition Audio Driver (WDM) - SigmaTel CODEC) - system32\drivers\sthda.sys
4 symc810 - \SystemRoot\system32\DRIVERS\symc810.sys
4 symc8xx - \SystemRoot\system32\DRIVERS\symc8xx.sys
4 sym_hi - \SystemRoot\system32\DRIVERS\sym_hi.sys
4 sym_u3 - \SystemRoot\system32\DRIVERS\sym_u3.sys
2 tfsnboio - system32\dla\tfsnboio.sys
2 tfsncofs - system32\dla\tfsncofs.sys
2 tfsndrct - system32\dla\tfsndrct.sys
2 tfsndres - system32\dla\tfsndres.sys
2 tfsnifs - system32\dla\tfsnifs.sys
2 tfsnopio - system32\dla\tfsnopio.sys
2 tfsnpool - system32\dla\tfsnpool.sys
2 tfsnudf - system32\dla\tfsnudf.sys
2 tfsnudfa - system32\dla\tfsnudfa.sys
4 TosIde - \SystemRoot\system32\DRIVERS\toside.sys
4 ultra - \SystemRoot\system32\DRIVERS\ultra.sys
3 usbccgp (Microsoft USB Generic Parent Driver) - system32\DRIVERS\usbccgp.sys
3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - system32\DRIVERS\usbehci.sys
3 usbprint (Microsoft USB PRINTER Class) - system32\DRIVERS\usbprint.sys
3 usbscan (USB Scanner Driver) - system32\DRIVERS\usbscan.sys
3 USBSTOR (USB Mass Storage Driver) - system32\DRIVERS\USBSTOR.SYS
4 viaagp (VIA AGP Bus Filter) - \SystemRoot\system32\DRIVERS\viaagp.sys
4 ViaIde - \SystemRoot\system32\DRIVERS\viaide.sys
4 wanatw (WAN Miniport (ATW)) - system32\DRIVERS\wanatw4.sys
1 WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - \SystemRoot\System32\drivers\ws2ifsl.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3 Adobe LM Service - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
3 aspnet_state (ASP.NET State Service) - %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
4 Ati HotKey Poller - %SystemRoot%\system32\Ati2evxx.exe
2 ehRecvr (Media Center Receiver Service) - C:\WINDOWS\eHome\ehRecvr.exe
2 ehSched (Media Center Scheduler Service) - C:\WINDOWS\eHome\ehSched.exe
2 Fax - %systemroot%\system32\fxssvc.exe
4 IAANTMon (Intel(R) Matrix Storage Event Monitor) - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
3 lxcc_device - C:\WINDOWS\system32\lxcccoms.exe -service
2 McrdSvc (Media Center Extender Service) - C:\WINDOWS\ehome\mcrdsvc.exe
4 MDM (Machine Debug Manager) - "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
3 MHN - %SystemRoot%\System32\svchost.exe -k netsvcs
2 MSSQL$MICROSOFTBCM - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe -sMICROSOFTBCM
3 MSSQLServerADHelper - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
3 NetSvc (Intel NCS NetService) - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
2 NOD32krn (NOD32 Kernel Service) - "C:\Program Files\Eset\nod32krn.exe"
3 ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
2 SentinelProtectionServer (Sentinel Protection Server) - "C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe"
3 SQLAgent$MICROSOFTBCM - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -i MICROSOFTBCM
3 UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe


-- Files created between 2007-01-12 and 2007-02-12 ------------------------------

2007-02-12 21:08:51 21312 --a------ C:\WINDOWS\choice.exe<Unsigned: n/a>
2007-02-12 21:07:29 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~2>
2007-02-12 21:05:17 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-02-12 19:55:53 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-02-12 18:38:29 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-02-03 18:27:43 0 d-------- C:\Documents and Settings\LocalService\Application Data\Help
2007-01-19 20:44:25 0 d-------- C:\WINDOWS\WBEM
2007-01-19 20:44:24 0 d-------- C:\WINDOWS\system32\en-US
2007-01-19 20:44:05 0 d--h---c- C:\WINDOWS\ie7
2007-01-19 20:42:43 0 d-------- C:\WINDOWS\network diagnostic<NETWOR~1>
2007-01-19 19:47:29 0 d-------- C:\Program Files\a-squared Free<A-SQUA~1>
2007-01-19 19:29:11 0 d-------- C:\WINDOWS\pss


-- Find3M Report ----------------------------------------------------------------

2007-02-12 21:11:12 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-12 20:26:11 0 d-------- C:\Program Files\Lexmark 3300 Series<LEXMAR~1>
2007-02-12 14:46:20 0 d-------- C:\Documents and Settings\Kat\Application Data\Adobe
2007-02-10 10:12:24 0 d-------- C:\Program Files\Lx_cats
2007-01-13 15:36:36 0 d-------- C:\Documents and Settings\Kat\Application Data\AdobeUM
2006-12-18 13:04:03 0 d---s---- C:\Documents and Settings\Kat\Application Data\Microsoft<MICROS~1>
2006-12-12 18:56:03 0 d-------- C:\Program Files\Common Files\Adobe


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"LXCCCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCCtime.dll,_RunDLLEntry@16"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\AutorunsDisabled]
"LXCCCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCCtime.dll,_RunDLLEntry@16"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kat^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"path"="C:\\Documents and Settings\\Kat\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fm3032"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Lexmark Fax Solutions\\fm3032.exe\" /s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IndexSearch"
"hkey"="HKLM"
"command"="C:\\Program Files\\Scansoft\\PaperPort\\IndexSearch.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lxccmon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Lexmark 3300 Series\\lxccmon.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OneTouchMon"
"hkey"="HKLM"
"command"="C:\\Program Files\\Visioneer OneTouch\\OneTouchMon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pptd40nt"
"hkey"="HKLM"
"command"="C:\\Program Files\\Scansoft\\PaperPort\\pptd40nt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="stsystra"
"hkey"="HKLM"
"command"="stsystra.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MDM"=dword:00000002
"Ati HotKey Poller"=dword:00000002
"Adobe LM Service"=dword:00000003


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
Shell\AutoRun\command E:\setup.exe


-- End of ComboScan: finished at 2007-02-12 at 21:13:37 -------------------------



Thanks for your help!
Mario.

[mario0412]

Bump.

[mario0412]

Bump.

[mario0412]

Bump.

[LonnyRJones]

Hello, Welcome.
Try what this member did in the last post
http://forums.techguy.org/windows-nt...t-process.html

[LonnyRJones]

Hopefully that helped
Closing this thread, if you need it re-opend let me know via a pm.