need help

  1. 09-10-2008  #11
    ramesh help
    ramesh help is offline Elite Member

    Re: need help

    VirusTotal - Free Online Virus and Malware Scan result for

    C:\WINDOWS\Winlogons.exe

    Antivirus Version Last Update Result
    AhnLab-V3 - - -
    AntiVir - - TR/Drop.Ag.267992.A
    Authentium - - -
    Avast - - -
    AVG - - -
    BitDefender - - -
    CAT-QuickHeal - - W32.Brontok.Q
    ClamAV - - PUA.Packed.MEW-1
    DrWeb - - -
    eSafe - - Virus.Win32.AutoIt.c
    eTrust-Vet - - -
    Ewido - - -
    F-Prot - - -
    F-Secure - - Trojan-Downloader.Win32.AutoIt.t
    FileAdvisor - - -
    Fortinet - - -
    Ikarus - - Backdoor.Win32.Beastdoor.l
    Kaspersky - - Virus.Win32.AutoIt.c
    McAfee - - W32/Sdbot.worm.gen.by
    Microsoft - - -
    NOD32v2 - - -
    Norman - - Suspicious_M.gen
    Panda - - Suspicious file
    Prevx1 - - Heuristic: Suspicious File With Persistence
    Rising - - -
    Sophos - - Mal/EncPk-BA
    Sunbelt - - W32/Sdbot.worm.gen.by
    Symantec - - -
    TheHacker - - W32/Behav-Heuristic-066
    VBA32 - - -
    VirusBuster - - Packed/MEW
    Webwasher-Gateway - - Trojan.Drop.Ag.267992.A


    C:\WINDOWS\DUMP6707.tmp

    Antivirus Version Last Update Result
    AhnLab-V3 2008.10.9.0 2008.10.09 -
    AntiVir 7.8.1.34 2008.10.08 -
    Authentium 5.1.0.4 2008.10.08 -
    Avast 4.8.1248.0 2008.10.08 -
    AVG 8.0.0.161 2008.10.09 -
    BitDefender 7.2 2008.10.09 -
    CAT-QuickHeal 9.50 2008.10.08 -
    ClamAV 0.93.1 2008.10.08 -
    DrWeb 4.44.0.09170 2008.10.08 -
    eSafe 7.0.17.0 2008.10.08 -
    eTrust-Vet 31.6.6134 2008.10.07 -
    Ewido 4.0 2008.10.08 -
    F-Prot 4.4.4.56 2008.10.08 -
    F-Secure 8.0.14332.0 2008.10.09 -
    Fortinet 3.113.0.0 2008.10.08 -
    GData 19 2008.10.09 -
    Ikarus T3.1.1.34.0 2008.10.09 -
    K7AntiVirus 7.10.488 2008.10.08 -
    Kaspersky 7.0.0.125 2008.10.08 -
    McAfee 5400 2008.10.07 -
    Microsoft 1.4005 2008.10.09 -
    NOD32 3505 2008.10.09 -
    Norman 5.80.02 2008.10.08 -
    Panda 9.0.0.4 2008.10.09 -
    PCTools 4.4.2.0 2008.10.08 -
    Prevx1 V2 2008.10.09 -
    Rising 20.65.22.00 2008.10.08 -
    SecureWeb-Gateway 6.7.6 2008.10.08 -
    Sophos 4.34.0 2008.10.09 -
    Sunbelt 3.1.1708.1 2008.10.08 -
    Symantec 10 2008.10.08 -
    TheHacker 6.3.1.0.103 2008.10.07 -
    TrendMicro 8.700.0.1004 2008.10.08 -
    VBA32 3.12.8.6 2008.10.09 -
    ViRobot 2008.10.9.1413 2008.10.09 -
    VirusBuster 4.5.11.0 2008.10.08 -

    Additional information
    File size: 98304 bytes
    MD5...: 4e3d80ba71c12cdc3499872df0afa39f
    SHA1..: a5976355c4d6fd7ed432433d15976277acdce8a1
    SHA256: 0dadcc26f5ee247b0c3222269e9ba3eaf65fec7efa5250c557 4bfa11874d547a
    SHA512: 930ba3c70692c9142c861ac76abf6e28b07082e688db7dc3bf 7618e6032690ff
    345da6e79781fd308633b60fc85f0a6b83f9f4d877a444f5ad 9d7d187541bf0a
    PEiD..: -
    TrID..: File type identification
    Windows memory dump (100.0%)
    PEInfo: -
  2. 09-10-2008  #12
    Neal
    Neal is offline Dedicated Member
    Since 14 anti-virus programs found C:\WINDOWS\Winlogons.exe to be bad let's try to kill it.


    Open notepad(Must be NotePad) and copy/paste the text in the quotebox below into it:NOT THE WORD QUOTE

    File::
    C:\WINDOWS\Winlogons.exe
    Save this as CFScript

    Then drag the CFScript into ComboFix.exe as you see in the screenshot below.






    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
  3. 10-10-2008  #13
    ramesh help
    ramesh help is offline Elite Member
    i have done what you asked here is the report

    ComboFix 08-10-07.06 - HP_Administrator 2008-10-10 20:30:21.4 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.626 [GMT 5.5:30]
    Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\CFScript.txt
    * Created a new restore point

    FILE ::
    C:\WINDOWS\Winlogons.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\Winlogons.exe

    .
    ((((((((((((((((((((((((( Files Created from 2008-09-10 to 2008-10-10 )))))))))))))))))))))))))))))))
    .

    2008-10-09 08:57 . 2008-10-09 08:57 917,504 --a------ C:\WINDOWS\system32\FLASH.OCX
    2008-10-08 21:59 . 2008-09-10 00:08 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-08 21:59 . 2008-09-10 00:08 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-06 11:04 . 2008-10-05 21:29 <DIR> dr-hs---- C:\WINDOWS\system32\dllcache
    2008-10-05 21:28 . 2006-12-03 19:27 <DIR> d-------- C:\Documents and Settings\HP_Administrator\WINDOWS
    2008-10-05 21:28 . 2006-12-03 19:51 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Symantec
    2008-10-05 21:28 . 2008-10-05 21:28 1,880 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_EY935AA-ACJ m7560in_YC_0Pavi_QINI624_E63APemMPA1_48_IAsterope2 _SHewleet-Packard_V1.0_B3.14_T060522_WXP2_L409_M1024_J160_7I ntel_8Pentium D_92.8_#061204_N10EC8139_Z11C10620_G10DE01D1.MRK
    2008-10-05 21:27 . 2008-10-09 08:58 <DIR> d-------- C:\Documents and Settings\HP_Administrator
    2008-10-05 21:26 . 2006-12-03 19:27 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
    2008-10-05 21:26 . 2006-12-03 19:51 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Applicati on Data\Symantec
    2008-10-05 21:04 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2008-10-05 21:04 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2008-10-05 21:04 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
    2008-10-05 21:04 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2008-10-05 21:04 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2008-10-05 16:30 . 2008-10-06 06:58 90,112 --a------ C:\WINDOWS\DUMP6939.tmp
    2008-10-05 16:30 . 2008-10-07 08:07 90,112 --a------ C:\WINDOWS\DUMP51b9.tmp
    2008-10-05 16:30 . 2008-10-10 20:21 90,112 --a------ C:\WINDOWS\DUMP4342.tmp
    2008-10-02 09:10 . 2008-10-02 09:10 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\vlc
    2008-10-02 09:09 . 2008-10-02 09:09 <DIR> d-------- C:\Program Files\VideoLAN
    2008-10-02 09:08 . 2008-10-02 09:08 <DIR> d-------- C:\Program Files\Microsoft.NET
    2008-10-02 09:07 . 2008-10-02 09:07 <DIR> dr-h----- C:\MSOCache
    2008-10-02 08:58 . 2008-10-02 15:46 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\AVGTOOLBAR
    2008-09-30 22:05 . 2008-10-08 21:59 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-30 22:05 . 2008-09-30 22:05 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
    2008-09-30 22:05 . 2008-09-30 22:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2008-10-10 10:41 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-10-08 05:20 --------- d-----w C:\Program Files\Google
    2008-10-02 03:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
    2008-09-21 15:54 98,304 ----a-w C:\WINDOWS\DUMP6244.tmp
    2008-08-26 09:14 98,304 ----a-w C:\WINDOWS\DUMP5bdb.tmp
    2008-08-12 09:12 98,304 ----a-w C:\WINDOWS\DUMP6707.tmp
    2008-03-15 08:55 251 ----a-w C:\Program Files\wt3d.ini
    2007-01-25 18:44 164,656 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\GDIPFONTCACHEV1.DAT
    .

    ((((((((((((((((((((((((((((( snapshot@2008-10-08_ 7.53.25.28 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2004-08-10 18:00:00 9,736 ----a-w C:\WINDOWS\system32\SecSystem.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 1694208]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe" [2008-10-08 171448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.E XE" [2004-08-10 208952]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScI nst.exe" [2004-08-10 59392]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT \TINTSETP.EXE" [2004-08-10 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TIN TSETP.EXE" [2004-08-10 455168]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-14 7557120]
    "HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
    "DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 237568]
    "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 52848]
    "IS CfgWiz"="c:\Program Files\Norton Internet Security\cfgwiz.exe" [2005-09-30 120464]
    "SSC_UserPrompt"="c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-03 218240]
    "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
    "IcoSet"="c:\hp\bin\cloaker.exe" [1999-11-07 27136]
    "Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-13 663552]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-03 180269]
    "ftutil2"="ftutil2.dll" [2004-06-07 C:\WINDOWS\system32\ftutil2.dll]
    "RTHDCPL"="RTHDCPL.EXE" [2006-03-09 C:\WINDOWS\RTHDCPL.EXE]
    "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 C:\WINDOWS\arpwrmsg.exe]
    "nwiz"="nwiz.exe" [2006-02-14 C:\WINDOWS\system32\nwiz.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=

    R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;C:\WINDOWS\system32\drivers\hcw88aud.sys [2006-01-31 11970]
    R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;C:\WINDOWS\system32\drivers\hcw88bda.sys [2006-01-31 138816]
    R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;C:\WINDOWS\system32\drivers\hcw88tse.sys [2006-01-31 299715]
    R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;C:\WINDOWS\system32\drivers\hcw88tun.sys [2006-01-31 142913]
    R3 hcw88vid;Hauppauge WinTV 88x Video;C:\WINDOWS\system32\drivers\hcw88vid.sys [2006-01-31 494144]
    R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;C:\WINDOWS\system32\drivers\HCW88BAR.sys [2006-01-31 23104]
    R3 WN5301;LIteon Wireless PCI Network Adapter Service;C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-06 468768]

    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e82c9480-94da-11dd-b8b4-00c0a8b8f063}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
    \Shell\Open*\command - J:\MicrosoftPowerPoint.exe

    *Newly Created Service* - COMHOST

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1A63B46F-972B-B8C9-0506-030106070006}]
    C:\WINDOWS\system32\SecSystem.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2006-12-03 C:\WINDOWS\Tasks\Symantec NetDetect.job
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2005-09-09 15:51]
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Explorer_Run-Winlogons - C:\WINDOWS\Winlogons.exe



    ************************************************** ************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-10 20:33:02
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    ************************************************** ************************
    .
    Completion time: 2008-10-10 20:33:51
    ComboFix-quarantined-files.txt 2008-10-10 15:03:47
    ComboFix2.txt 2008-10-08 16:25:42
    ComboFix3.txt 2008-10-08 02:23:49

    Pre-Run: 99,946,033,152 bytes free
    Post-Run: 99,930,873,856 bytes free

    148


    THIS IS THE HIJACKTHIS LOG

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:35:46 PM, on 10/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\arservice.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\ARPWRMSG.EXE
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\HP\KBD\KBD.EXE
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Trend Micro\HijackThis\foolyou.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = AOL Welcome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL Welcome
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = AOL Welcome
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [SSC_UserPrompt] "c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [IcoSet] c:\hp\bin\cloaker.exe c:\hp\bin\IcoSet\adjust.bat seticon
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Global Startup: .lnk = ?
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 8936 bytes
  4. 10-10-2008  #14
    Neal
    Neal is offline Dedicated Member
    If you have CCleaner I would use that next, if you don't here is info for that:


    To clean your temp folder, recycle bin, etc..please download this free tool:

    CCleaner

    Don't install any Toolbars, or other programs, should it ask you!Just uncheck the option of installing the Yahoo toolbar.
    It will put a shortcut on your Desktop.

    Uncheck cookies

    Before first use:
    Select Options then Advanced.
    UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

    Click on CCleaner to start it. Then click "Run Cleaner", just use the windows tab up front by default.


    Then Reboot (Exit)


    How is your PC performing now?
  5. 11-10-2008  #15
    ramesh help
    ramesh help is offline Elite Member
    well... its helping abit.. its not to bad now but the sad part is that its still auto shut down. after loading to the desktop for about 10min later, it will restart the computer by its self.... something is wrong.. but i dont know what it is... please help. i have used the ccleanner already... and have fixed somefiles and also deleted the missing files that cannot be fixed..
  6. 13-10-2008  #16
    Neal
    Neal is offline Dedicated Member
    Save 20% on AVG Internet Security 2012 Suite!
    Is there an error with or before restart?

    Check this:

    click control panel

    click system

    click startup and recovery settings button and see if automatic restart is checked if so uncheck it and reboot.
+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
« Spy ware elimination | so slow!!! »