neal, i have been getting blue screen error when i turn on the system then it loads and after that the blue screen errors appers.

and

when it loads to the desktop, it auto restarts the system from the begining

i hav done system recovery and i still have the same problem ecept the 1st problem only the 2nd problem

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:39:33 AM, on 9/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Trend Micro\HijackThis\foolyou.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL Welcome
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = AOL Welcome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL Welcome
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL Welcome
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PCDrProfiler] "C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" -r
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6564 bytes

* Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and zLaunch Malwarebytes Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.


Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Update Java: Security Issue

* Go to Start > Control Panel double-click on the Software icon > add/remove programs.
* Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

It should have next icon next to it:
Select it and click Remove.
* The current version can be downloaded from Sun here: Java SE Downloads Scroll down the page to 'Java Runtime Environment (JRE) 6u7 and press the 'Download' button. On the new web page, click the 'Accept License Agreement' button. Then select 'Windows Offline Installation, Multi-language' in the Windows Platform area just below the Accept button.

this is the log file

Malwarebytes' Anti-Malware 1.28
Database version: 1225
Windows 5.1.2600 Service Pack 2

9/30/2008 10:50:14 PM
mbam-log-2008-09-30 (22-50-14).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 182047
Time elapsed: 37 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\HP_Administrator\Desktop\ramesh\setup\Wav ePad_3.05___Keygen\Keygen.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Desktop\ramesh\software collection\original names from the cd's\pc world\PCW IND JAN08 (E)\Data\Software\Utilities\vLite-1.1.beta2.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Desktop\ramesh\cracks\ad obe cracks (www.cw-network.info)\CAM\PhotoShop CS3 Extended Keygen + Activation.exe (Trojan.Horst) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Desktop\ramesh\cracks\Ke ygens\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Desktop\ramesh\cracks\Ke ygens\NCH.Swift.WavePad.Masters.Edition.v3.05.WinA LL.Incl.Keygen-ARN\keygen\keygen.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.


THIS IS THE NEW HIJACKTHIS LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:01 PM, on 9/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\foolyou.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL Welcome
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = AOL Welcome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL Welcome
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL Welcome
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = AOL Welcome
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5350 bytes

I HAVE NOT INSTALLED THE JAVE YET>>>

What is going on now?

for now there is no problems... anyways is the vista forum stable?? can they handle the viruses and the softwares cause you said last time that there is not much help for that section

There are more tools out now then before for Vista if that is what your asking.

hey, i'm still having problem with this pc... when i oned the pc, it loads to the desktop then it auto restarts the comp, and the screen will say that the pc is going to sleep. then it will restart the comp. this happen very frequently... i have also dont system recovery 2 times and there is no help from this.. what to do??

Can you do this?



Visit this page below to familiarize yourself to the tool below and download from one of the links provided.

A guide and tutorial on using ComboFix




If you have previously downloaded ComboFix,please delete that version now.



It is IMPORTANT that it is saved directly to your desktop

Close any open browsers.

Disconnect from the Internet.

Please do not re-connect your machine back to the Internet until Combofix has completely finished.

Disable your antivirus program and any realtime malware scanners and script blockers now


How To Disable



Double click on combofix.exe and follow the prompts.

When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.

Note:
Do not mouseclick combofix's window while it's running.

That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Re-enable your anti-virus and re-connect back to the internet and post the combofix log.



*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

ComboFix SHOULD NOT be used unless requested by a forum helper.

i have folllowed the instruction given in the A guide and tutorial on using ComboFix. i have installed the combofix and added the boot file downloaded from microsoft as said in the tutorial. it has already createded the recovery file and i have scanned the system. this is the combofix log

ComboFix 08-10-07.06 - HP_Administrator 2008-10-08 7:50:15.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.635 [GMT 5.5:30]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\HP_Administrator\Desktop\ramesh\photoshop pictures\happy\Desktop_.ini
C:\Documents and Settings\HP_Administrator\Desktop\ramesh\software collection\original names from the cd's\antivirus,tutorials,songs,html\WWE MUSIC\Desktop_.ini
C:\Documents and Settings\HP_Administrator\Desktop\ramesh\software collection\original names from the cd's\muthu's multimedia cd\Adobe Page Maker 6\Desktop_.ini
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\KarthikaThiagarajan\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
D:\Autorun.inf
J:\autorun.inf
J:\RECYCLER\desktop.ini
.
---- Previous Run -------
.
C:\WINDOWS\admintxt.txt
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-09-08 to 2008-10-08 )))))))))))))))))))))))))))))))
.

2008-10-06 11:04 . 2008-10-05 21:29 <DIR> dr-hs---- C:\WINDOWS\system32\dllcache
2008-10-05 21:28 . 2006-12-03 19:27 <DIR> d-------- C:\Documents and Settings\HP_Administrator\WINDOWS
2008-10-05 21:28 . 2006-12-03 19:51 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Symantec
2008-10-05 21:28 . 2008-10-05 21:28 1,880 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_EY935AA-ACJ m7560in_YC_0Pavi_QINI624_E63APemMPA1_48_IAsterope2 _SHewleet-Packard_V1.0_B3.14_T060522_WXP2_L409_M1024_J160_7I ntel_8Pentium D_92.8_#061204_N10EC8139_Z11C10620_G10DE01D1.MRK
2008-10-05 21:27 . 2008-10-05 21:31 <DIR> d-------- C:\Documents and Settings\HP_Administrator
2008-10-05 21:26 . 2006-12-03 19:27 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-10-05 21:26 . 2006-12-03 19:51 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Applicati on Data\Symantec
2008-10-05 21:04 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-10-05 21:04 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-10-05 21:04 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-10-05 21:04 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-10-05 21:04 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-10-05 16:30 . 2008-10-06 06:58 90,112 --a------ C:\WINDOWS\DUMP6939.tmp
2008-10-05 16:30 . 2008-10-07 08:07 90,112 --a------ C:\WINDOWS\DUMP51b9.tmp
2008-10-02 09:10 . 2008-10-02 09:10 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\vlc
2008-10-02 09:09 . 2008-10-02 09:09 <DIR> d-------- C:\Program Files\VideoLAN
2008-10-02 09:08 . 2008-10-02 09:08 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-10-02 09:07 . 2008-10-02 09:07 <DIR> dr-h----- C:\MSOCache
2008-10-02 08:58 . 2008-10-02 15:46 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\AVGTOOLBAR
2008-09-30 22:05 . 2008-09-30 22:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-30 22:05 . 2008-09-30 22:05 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-09-30 22:05 . 2008-09-30 22:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-10-02 03:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-09-21 15:54 98,304 ----a-w C:\WINDOWS\DUMP6244.tmp
2008-08-26 09:14 98,304 ----a-w C:\WINDOWS\DUMP5bdb.tmp
2008-08-12 09:12 98,304 ----a-w C:\WINDOWS\DUMP6707.tmp
2008-03-15 08:55 251 ----a-w C:\Program Files\wt3d.ini
2007-01-25 18:44 164,656 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\GDIPFONTCACHEV1.DAT
2007-06-20 11:06 267,991 --sha-r C:\WINDOWS\Winlogons.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.E XE" [2004-08-10 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScI nst.exe" [2004-08-10 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT \TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TIN TSETP.EXE" [2004-08-10 455168]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-14 7557120]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 52848]
"IS CfgWiz"="c:\Program Files\Norton Internet Security\cfgwiz.exe" [2005-09-30 120464]
"SSC_UserPrompt"="c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-03 218240]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"IcoSet"="c:\hp\bin\cloaker.exe" [1999-11-07 27136]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-13 663552]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
"ftutil2"="ftutil2.dll" [2004-06-07 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-09 C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 C:\WINDOWS\arpwrmsg.exe]
"nwiz"="nwiz.exe" [2006-02-14 C:\WINDOWS\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Curr entversion\policies\explorer\Run]
"Winlogons"="C:\WINDOWS\Winlogons.exe" [2007-06-20 267991]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
.lnk - C:\WINDOWS\Winlogons.exe [2008-10-08 267991]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-05-25 113664]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2006-12-03 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;C:\WINDOWS\system32\drivers\hcw88aud.sys [2006-01-31 11970]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;C:\WINDOWS\system32\drivers\hcw88bda.sys [2006-01-31 138816]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;C:\WINDOWS\system32\drivers\hcw88tse.sys [2006-01-31 299715]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;C:\WINDOWS\system32\drivers\hcw88tun.sys [2006-01-31 142913]
R3 hcw88vid;Hauppauge WinTV 88x Video;C:\WINDOWS\system32\drivers\hcw88vid.sys [2006-01-31 494144]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;C:\WINDOWS\system32\drivers\HCW88BAR.sys [2006-01-31 23104]
R3 WN5301;LIteon Wireless PCI Network Adapter Service;C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-06 468768]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c17c7249-92cc-11dd-b8ae-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e82c9480-94da-11dd-b8b4-00c0a8b8f063}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
\Shell\Open*\command - J:\MicrosoftPowerPoint.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2006-12-03 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2005-09-09 15:51]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PCDrProfiler - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IN&c=63&bd=PAVILION &pf=desktop
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IN&c=63&bd=PAVILION &pf=desktop
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IN&c=63&bd=PAVILION &pf=desktop
O8 -: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 -: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 -: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 -: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 -: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 -: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
.

************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-08 07:52:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-10-08 7:53:48
ComboFix-quarantined-files.txt 2008-10-08 02:23:45

Pre-Run: 99,719,954,432 bytes free
Post-Run: 99,735,973,888 bytes free

165


WHATS NEXT??