Computer shutting down/restarting itself

[fattydq]

I've been getting error messages that windows will restart or shutdown in 60 seconds with a countdown bar popping up. I've done a virus scan, removed everything found, and the problem persists. Here's my hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 1:11:49 AM, on 6/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\windows\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\windows\system32\wscntfy.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\??mbols\taskmgr.exe
C:\WINDOWS\system32\DOBE~1\nslookup.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.systemsecure.org/? CLICK YES TO ENTER WEBSITE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=...rSB8WVLNFK/9QFIfUAJqf6eHBDBZ+xMOvvMNq6OntQvUj
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.juno.com/s/sp?r=al&cf=sp&...000000&C=1062054000000&D=0&I=6.2B4JU&N=PL&O=I
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O2 - BHO: (no name) - {C97A6830-DDDB-A352-D178-8CADDCE621E1} - C:\windows\system32\gnxcfqxf.dll (file missing)
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKCU\..\Run: [Tzb] "C:\Program Files\Common Files\??mbols\taskmgr.exe"
O4 - HKCU\..\Run: [Aida] "C:\WINDOWS\system32\DOBE~1\nslookup.exe" -vt yazb
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1537d41ea5da85f39b05/netzip/RdxIE601.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe





Thanks in advance for any help : )

 

[fattydq]

I'm running Windows XP, btw

 

[xxxalpinexxx80]

no clue try another software

 

[Buzz1927]

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

[fattydq]

"Owner" - 2007-06-03 13:58:07 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Owner\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\windows\system32\awtst.dll
C:\windows\system32\ccwolckb.dll
C:\windows\system32\cryodhrk.dll
C:\windows\system32\cyrchgfx.dll
C:\windows\system32\mfrbqnjs.dll
C:\windows\system32\rpnmrlib.dll
C:\windows\system32\vtsqr.dll
C:\windows\system32\hggdebx.dll
C:\windows\system32\khfebyw.dll
C:\windows\system32\opnljjg.dll
C:\windows\system32\opnlkli.dll
C:\WINDOWS\Registration\eulacmd.dll
C:\windows\system32\tjwchlms.exe
C:\windows\system32\tstwa.ini
C:\windows\system32\sjnqbrfm.ini
C:\windows\system32\rqstv.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\windows\system32\mc-110-12-0000140.exe"
"C:\windows\drsmartload.dat"
"C:\windows\drsmartload2.dat"
"C:\windows\drsmartloadb1.dat"
"C:\windows\enewsletterpro1.dat"
"C:\windows\gimmygames.dat"
"C:\windows\gimmygames1.dat"
"C:\windows\keyboard1.dat"
"C:\windows\keyboard21.dat"
"C:\windows\keyboard41.dat"
"C:\windows\mousepad6.exe"
"C:\windows\msresearch1.dat"
"C:\windows\newname.dat"
"C:\windows\timessquare1.dat"
"C:\windows\tool.exe"
"C:\windows\winsysupd101.dat"
"C:\windows\winsysupd121.dat"
"C:\windows\winsysupd21.dat"
"C:\windows\winsysupd31.dat"
"C:\windows\winsysupd41.dat"
"C:\windows\winsysupd5.exe"
"C:\windows\winsysupd51.dat"
"C:\Program Files\Common Files\Yazzle1275OinAdmin.exe"
"C:\Program Files\Common Files\Yazzle1275OinUninstaller.exe"
"C:\Program Files\Common Files\Yazzle1281OinAdmin.exe"
"C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe"
"C:\windows\system32\5_exception.nls"
"C:\windows\system32\dlh9jkdq8.exe"
"C:\U.exe"
"C:\windows\retadpu1000106.exe"
"C:\windows\retadpu11.exe"
"C:\windows\system32\RunOnce2.t__"
"C:\DOCUME~1\Owner\APPLIC~1\Install.dat"
"C:\windows\system32\winupd_KB17836474.exe"
"C:\windows\system32\winupd_KB34216966.exe"
"C:\windows\system32\winupd_KB38810001.exe"
"C:\windows\system32\winupd_KB62062812.exe"
"C:\windows\system32\winupd_KB77119758.exe"
"C:\windows\system32\winupd_KB93736873.exe"
"C:\windows\system32\winupd_KB95349334.exe"
"C:\windows\system32\wnscpsv.exe"
"C:\windows\system32\drivers\ip6fw.sys"
"C:\Program Files\Internet Explorer\laxuki.dll"
"C:\windows\system32\Gtq61.sys"
"C:\DOCUME~1\Owner\APPLIC~1\Microsoft\classes.dat"
"C:\Program Files\Common Files\inetget\freeprodtb.exe"
"C:\Program Files\Common Files\vcclient\ClientUpdater.bat"
"C:\Program Files\Common Files\vcclient\ICSharpCode.SharpZipLib.dll"
"C:\Program Files\Common Files\vcclient\temp.txt"
"C:\Program Files\Common Files\vcclient\VCClient.exe.config"
"C:\Program Files\Common Files\vcclient\VCUpdate.exe.config"
"C:\Program Files\Common Files\vcclient\Version.txt"
"C:\Program Files\Common Files\windows\ack.html"
"C:\Program Files\Common Files\windows\AutoIt3.exe"
"C:\Program Files\Common Files\windows\psapi.dll"
"C:\Program Files\Common Files\windows\request.html"
"C:\Program Files\dns\affid.dat"
"C:\Program Files\dns\gui.exe"
"C:\Program Files\dns\regexp.dat"
"C:\Program Files\dns\regexpDate.dat"
"C:\Program Files\dns\uid.dat"
"C:\Program Files\dns\urls.dat"
"C:\Program Files\dns\version.txt"
"C:\Program Files\dns\x.bmp"
"C:\Program Files\ipwindows\ipwins.dll"
"C:\Program Files\ipwindows\ipwins.exe"
"C:\Program Files\outerinfo\Terms.rtf"
"C:\Program Files\toolbar888\basis.xml"
"C:\Program Files\toolbar888\basis.xmlold"
"C:\Program Files\toolbar888\icons.bmp"
"C:\Program Files\toolbar888\installed.html"
"C:\Program Files\toolbar888\logo.bmp"
"C:\Program Files\toolbar888\ToolBar888.crc"
"C:\Program Files\toolbar888\version.txt"
"C:\Program Files\toolbar888\tbu02640\basis.xml"
"C:\Program Files\toolbar888\tbu02640\basis.xmlold"
"C:\Program Files\toolbar888\tbu02640\icons.bmp"
"C:\Program Files\toolbar888\tbu02640\installed.html"
"C:\Program Files\toolbar888\tbu02640\logo.bmp"
"C:\Program Files\toolbar888\tbu02640\ToolBar888.crc"
"C:\Program Files\toolbar888\tbu02640\version.txt"
"C:\Program Files\webhancer\Programs\license.txt"
"C:\Program Files\webhancer\Programs\readme.txt"
"C:\Program Files\webhancer\Programs\sporder.dll"
"C:\Program Files\webhancer\Programs\webhdll.dll"
"C:\Program Files\webhancer\Programs\whagent.exe"
"C:\Program Files\webhancer\Programs\whAgent.ini"
"C:\Program Files\webhancer\Programs\whiehlpr.dll"
"C:\Program Files\webhancer\Programs\whinstaller.exe"
"C:\windows\system32\smpi1\lb5.exe"
"C:\windows\system32\smpi1\lib06.exe"
"C:\windows\system32\smpi1\lib67.exe"
"C:\windows\system32\smpi1\lpc22.exe"
"C:\Temp\17O7\tmpTF.log"
"C:\windows\inet20026\1.txt"
"C:\windows\inet20026\mm.pid"
"C:\windows\inet20026\mm6.exe"
"C:\windows\inet20026\tmp.req"
"C:\windows\inet20026\2\favicon.ico"
"C:\windows\inet20026\2\tg\nu\007\best.html"
"C:\windows\inet20026\2\tg\nu\007\index.html"
"C:\windows\inet20026\2\tg\nu\008\index.html"
"C:\windows\inet20026\2\tg\nu\009\best.html"
"C:\windows\inet20026\2\tg\nu\015\index.html"
"C:\windows\inet20026\2\tg\nu\019\best.html"
"C:\windows\inet20026\2\tg\nu\021\best.html"
"C:\windows\inet20026\2\tg\nu\021\index.html"
"C:\DOCUME~1\Owner\APPLIC~1.\install.dat"
"C:\Program Files\Common Files\inetget"
"C:\Program Files\Common Files\system32.dll"
"C:\Program Files\ipwindows\ipwins.dll"
"C:\Program Files\ipwindows\ipwins.exe"
"C:\windows\system32\bin29a.log"
"C:\windows\system32\bszip.dll"
"C:\windows\system32\cmd.com"
"C:\windows\system32\imas3r"
"C:\windows\system32\info.txt"
"C:\windows\system32\koos.exe"
"C:\windows\system32\kprof"
"C:\windows\system32\ksys.sys"
"C:\windows\system32\netstat.com"
"C:\windows\system32\ping.com"
"C:\windows\system32\poof"
"C:\windows\system32\regedit.com"
"C:\windows\system32\svcp.csv"
"C:\windows\system32\taskkill.com"
"C:\windows\system32\tasklist.com"
"C:\windows\system32\tracert.com"
"C:\windows\system32\vx.tll"
"C:\windows\system32\winsub.xml"
"C:\windows\system32\zlbw.dll"
"C:\secure32.html"
"C:\winstall.exe"
"C:\windows\offun.exe"
"C:\windows\pf78.exe"
"C:\windows\uni_e6h.exe"
"C:\windows\system32\drivers\core.cache.dsk"
"C:\windows\system32\drivers\core.sys"
"C:\windows\b122.exe"
"C:\windows\VTTC.exe"
"C:\windows\system32\dnsersnd.dll"
"C:\windows\system32\drivers\runtime2.sys"
"C:\windows\sammy3.exe"
"C:\windows\rau001978.exe"
"C:\windows\dls0523pmw.exe"
"C:\windows\b136.exe"
"C:\windows\Setup89.exe"
"C:\windows\uninst108.exe"
"C:\windows\Uninst2.htm"
"C:\windows\Unist1.htm"
"C:\windows\Registration\ntp2.ini"
"C:\Program Files\Common Files\vcclient"
"C:\Program Files\Common Files\windows"
"C:\Program Files\dns"
"C:\Program Files\inetget2"
"C:\Program Files\ipwindows"
"C:\Program Files\outerinfo"
"C:\Program Files\toolbar888"
"C:\Program Files\webhancer"
"C:\windows\system32\smpi1"
"C:\Temp\17O7"
"C:\windows\system32\drv32dta"
"C:\windows\inet20026"
"C:\windows\system32\ksl48.bin"

-- Purity Folders:

C:\Program Files\Common Files\SCURIT~1
C:\Program Files\Common Files\YSTEM3~1
C:\Program Files\Common Files\MBOLS~1
C:\Program Files\CROSOF~1.NET
C:\DOCUME~1\Owner\MYDOCU~1\ICROSO~1
C:\DOCUME~1\Owner\MYDOCU~1\ICROSO~1.NET



((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService


((((((((((((((((((((((((((((((( Files Created from 2007-05-03 to 2007-06-03 ))))))))))))))))))))))))))))))))))


2007-05-31 14:52 60,928 --a------ C:\WINDOWS\system32\bjiwf.dll
2007-05-26 19:33 <DIR> d-------- C:\Robert_Miles_-_Dreamland_[1996]_[www.p2p-world.dl.am]
2007-05-16 22:16 43,062 --a------ C:\WINDOWS\WpAJTrYf67HazytRD.exe
2007-05-16 22:15 531,920 -r-hs---- C:\WINDOWS\sbjmaeoA.exe
2007-05-16 22:14 46,592 --a------ C:\WINDOWS\sbjmaeo.exe
2007-05-16 22:14 <DIR> d-------- C:\Program Files\myCleanerPC
2007-05-16 22:13 288,832 --a------ C:\temp\gorPUS.exe
2007-05-16 22:11 14,390 --a------ C:\sysuobn.exe
2007-05-15 19:01 <DIR> d-------- C:\WINDOWS\system32\SBO
2007-05-14 19:05 19,520 --a------ C:\WINDOWS\system32\1k4WYrvh.exe
2007-05-13 21:44 6,815,744 --a------ C:\Documents and Settings\Owner\ntuser.dat
2007-05-13 21:44 6,815,744 --a------ C:\DOCUME~1\Owner\ntuser.dat
2007-05-12 14:34 0 --a------ C:\Documents and Settings\Owner\loaded.exe
2007-05-12 14:34 0 --a------ C:\DOCUME~1\Owner\loaded.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-12 18:46:15 -------- d-----w C:\Program Files\dlsmgr
2007-05-12 18:46:10 -------- d-----w C:\Program Files\Microsoft AntiSpyware
2007-05-12 18:42:45 -------- d-----w C:\Program Files\ewido anti-spyware 4.0
2007-04-11 23:17:23 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Digidesign
2007-04-06 00:12:13 -------- d-----w C:\Program Files\Drag and Drop Drummer Lite
2007-04-06 00:12:07 -------- d-----w C:\Program Files\SlowBlast
2007-04-06 00:11:56 -------- d-----w C:\Program Files\Cakewalk
2005-07-29 21:24:26 472 --sha-r C:\windows\amFuZSB3aWVjaA\uAIRtm1auqp3uE.vbs
2004-11-27 01:46:22 0 --sha-w C:\windows\system32\netsh.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}=C:\WINDOWS\DOWNLO~1\vzbb.dll []
{C97A6830-DDDB-A352-D178-8CADDCE621E1}=C:\windows\system32\gnxcfqxf.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X83 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe" [2001-10-18 10:25]
"Lexmark X83 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe" [2001-06-14 12:42]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-09-15 06:56]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe" [2005-07-15 14:48]
"A Verizon App"="C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE" [2005-05-23 13:20]
"Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe" [2005-04-13 19:51]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-05-10 16:04]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tzb"="C:\Program Files\Common Files\??mbols\taskmgr.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices]
"Window Monitor"=winmon32.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Window Monitor"=winmon32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"winawd"=C:\WINDOWS\system32\winawd.exe

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
C:\WINDOWS\system32\ad.html

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [2005-11-15 13:12]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" [2006-06-16 10:38]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^owjp.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\owjp.exe
backup=C:\WINDOWS\pss\owjp.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^pvucd.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\pvucd.exe
backup=C:\windows\pss\pvucd.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^svchost.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
backup=C:\WINDOWS\pss\svchost.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^wmplayer.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\wmplayer.exe
backup=C:\WINDOWS\pss\wmplayer.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Zeno.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Zeno.lnk
backup=C:\windows\pss\Zeno.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Z_Start.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Z_Start.lnk
backup=C:\windows\pss\Z_Start.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0mcamcap]
C:\windows\system32\0mcamcap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\770a04aa.exe]
C:\windows\system32\770a04aa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\9iYLA3]
"C:\Program Files\InetGet2\CP.GH2.exe" /SHUN /PC=CP.GH2

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]
"C:\WINDOWS\system32\DOBE~1\nslookup.exe" -vt yazb

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"C:\Program Files\BearShare\BearShare.exe" /pause

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserUpdateSched]
C:\WINDOWS\system32\qwinkrag.exe CORN001

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\clcbt.exe]
C:\windows\system32\clcbt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\csr]
csrrs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DCOM Server]
C:\windows\system32\dxvwvyxw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlsmgr]
C:\Program Files\dlsmgr\dlsmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
"C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gimmygames]
C:\\gimmygames10a.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Net]
C:\WINDOWS\winlogon.exe -stealth

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IpNetwork]
C:\Program Files\Network\ipnetwork.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jqsux]
C:\Documents and Settings\Owner\My Documents\?icrosoft\chkntfs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kbdins]
C:\WINDOWS\system32\kbdins.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kbdjav]
C:\WINDOWS\system32\kbdjav.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]
C:\windows\keyboard4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X83 Button Manager]
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X83 Button Monitor]
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft standard protector]
C:\WINDOWS\inet20026\socks.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mousepad]
C:\windows\mousepad4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname]
C:\windows\newname6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NJv7jy]
"C:\WINDOWS\system32\dgfgql.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvchost]
C:\WINDOWS\winlogon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Qqj]
C:\WINDOWS\system32\l?ass.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
C:\WINDOWS\inet20026\winlogon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\windows\retadpu11.exe 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\services32]
C:\Program Files\Common Files\Windows\mc-110-12-0000140.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shell]
"C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00021.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Soft Stop]
C:\Program Files\Spyware Soft Stop\Spyware Soft Stop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spc_w]
"C:\Program Files\JUSearch\juspc.exe" -w

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spoolsvv]
C:\WINDOWS\system32\spoolsvv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\susse]
"C:\WINDOWS\system32\hpsw.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System]
C:\windows\system32\kernels8.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Systems]
C:\windows\system32\kerneld16.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTray]
C:\Program Files\qmekex.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\taskdir]
C:\WINDOWS\system32\taskdir.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tdttx]
C:\windows\system32\xojbwc.exe reg_run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TheMonitor]
C:\WINDOWS\SYSC00.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]
C:\Program Files\webHancer\Programs\whagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion]
C:\Program Files\webHancer\Programs\whsurvey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wgnswa]
C:\windows\system32\xojbwc.exe reg_run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winawd]
C:\WINDOWS\system32\winawd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows installer]
C:\winstall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winsync]
C:\WINDOWS\system32\pqcykc.exe reg_run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wmpcd]
C:\WINDOWS\System32\wmpcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wmplayer]
C:\Program Files\wmplayer\wmplayer.exe /auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xlj]
"C:\Documents and Settings\Owner\My Documents\?icrosoft.NET\mmc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xolehlp]
C:\WINDOWS\System32\xolehlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xp]
p2pnetworking.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xp_system]
C:\WINDOWS\inet20026\winlogon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{73-31-19-98-ZN}]
C:\windows\system32\qjdsregl.exe CORN001

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


Contents of the 'Scheduled Tasks' folder
2006-11-26 18:03:55 C:\windows\tasks\AppleSoftwareUpdate.job
2007-06-03 04:01:47 C:\windows\tasks\At1.job
2007-05-14 23:05:14 C:\windows\tasks\At10.job
2007-05-14 23:05:14 C:\windows\tasks\At11.job
2007-05-26 15:01:34 C:\windows\tasks\At12.job
2007-05-28 16:01:46 C:\windows\tasks\At13.job
2007-06-03 17:01:39 C:\windows\tasks\At14.job
2007-06-03 18:01:39 C:\windows\tasks\At15.job
2007-06-02 19:01:39 C:\windows\tasks\At16.job
2007-06-02 20:01:47 C:\windows\tasks\At17.job
2007-06-02 21:00:30 C:\windows\tasks\At18.job
2007-06-02 22:01:27 C:\windows\tasks\At19.job
2007-06-03 05:01:36 C:\windows\tasks\At2.job
2007-06-02 23:01:39 C:\windows\tasks\At20.job
2007-06-03 00:01:32 C:\windows\tasks\At21.job
2007-06-03 01:00:37 C:\windows\tasks\At22.job
2007-06-03 02:01:54 C:\windows\tasks\At23.job
2007-05-31 03:00:36 C:\windows\tasks\At24.job
2007-05-28 06:01:43 C:\windows\tasks\At3.job
2007-05-28 07:01:53 C:\windows\tasks\At4.job
2007-05-14 23:05:14 C:\windows\tasks\At5.job
2007-05-14 23:05:14 C:\windows\tasks\At6.job
2007-05-14 23:05:14 C:\windows\tasks\At7.job
2007-05-14 23:05:14 C:\windows\tasks\At8.job
2007-05-14 23:05:14 C:\windows\tasks\At9.job

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-03 14:16:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-06-03 14:18:12 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-03 14:17

--- E O F ---

 

[fattydq]

bump

 

[heyman421]

you sure it's not just overheating?

'tis the summer

there have been an awful lot of 'random restart' threads since the temps have been climbing

 

[Buzz1927]

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum after doing the following scan

Download install, update and run a full scan with AVG Antispyware.
http://downloads.grisoft.cz/softw/70/filedir/inst/avgas-setup-7.5.1.36.exe

When the scan has finished, delete all it finds and save the report. Post the report here, along with the log from SDfix.

 

[leeroyMarv]

In the meantime if you want to cancel the system shutdown you can just type "shutdown -a" without the quotes in the command prompt

 

[xBoom]

you sure it's not just overheating?

'tis the summer

there have been an awful lot of 'random restart' threads since the temps have been climbing

If the pc is overheating, why does he see the 60 seconds countdown before restarts. It did happen to me when I'm using Windows XP without any service packs (and they're not even out yet) and it looks like the Blaster virus problem (i guess).

In the meantime if you want to cancel the system shutdown you can just type "shutdown -a" without the quotes in the command prompt

Yeah, and you can even make a shortcut on your desktop to cancel the shutdown (cmd.exe shutdown-a).