when i try to turn off my computer or reboot , my computer do nothing , what i do its i turn off with the Windows Task Manager some programe in the one by one and each time i ask to turn off my windows xp. and when i turn off the one called xpwin.exe . the windows turn off corectly. now i try to find whats is this programe do it . now Riskyone101 ask mee to do some programe and i give you the result.
thanks for your help. and have a nice week end.
DDS (Ver_09-05-14.01) - NTFSx86
Run by marc at 9:27:00,61 on 2009-06-20
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.281 [GMT -4:00]
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Belkin Bulldog Plus\upsd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\xpwin.exe
C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Cobian Backup 9\Cobian.exe
C:\Program Files\PhotoJoy\bin\PjApp.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\Belkin Bulldog Plus\MUPS.exe
C:\Program Files\Horloge\Horloge.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Cobian Backup 9\cbInterface.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\Documents and Settings\marc\Bureau\dds\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://sympatico.msn.ca/?lang=fr-ca
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Window Washer] c:\program files\webroot\washer\wwDisp.exe /startup
uRun: [PhotoJoy] c:\program files\photojoy\bin\PhotoJoy.exe /c
uRun: [WeatherEye] c:\program files\météomédia\météoimédia\WeatherEye.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [Cobian Backup 9] "c:\program files\cobian backup 9\Cobian.exe"
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [SSBkgdUpdate] "c:\program files\fichiers communs\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [SetDefPrt] c:\program files\brother\brmfl06a\BrStDvPt.exe
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [Easy-PrintToolBox] c:\program files\canon\easy-printtoolbox\BJPSMAIN.EXE /logon
mRun: [RoxioEngineUtility] "c:\program files\fichiers communs\roxio shared\system\EngUtil.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ccApp] "c:\program files\fichiers communs\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [ArcSoft Connection Service] c:\program files\fichiers communs\arcsoft\connection service\bin\ACDaemon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun:[*] c:\windows\system32\xpwin.exe
mRunOnce: [Index Washer] c:\program files\webroot\washer\WashIdx.exe "marc"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\marc\menudm~1\progra~1\dmarra~1\horloge.lnk - c:\program files\horloge\Horloge.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\corece~1.lnk - c:\program files\msi\core center\CoreCenter.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\mups.lnk - c:\program files\belkin bulldog plus\MUPS.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: Barre RoboForm - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint
Prévisualiser - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Enregistrer le formulaire - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Personnaliser le menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Remplir le formulaire - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231743071765
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://219.118.247.53/activex/AxisCamControl.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://209.169.162.27/activex/AMC.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
============= SERVICES / DRIVERS ===============
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\fichiers communs\symantec shared\ccEvtMgr.exe [2005-4-8 185968]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\fichiers communs\symantec shared\ccSetMgr.exe [2005-4-8 161392]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-4-17 1706176]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 NAVENG;NAVENG;c:\progra~1\fichie~1\symant~1\virusd~1\20090619.004\naveng.sys [2009-6-19 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\fichie~1\symant~1\virusd~1\20090619.004\navex15.sys [2009-6-19 876144]
R3 PCAlertDriver;PCAlertDriver;c:\program files\msi\core center\NTGLM7X.sys [2009-1-11 28160]
R3 USR1806;U.S. Robotics Faxmodem Driver 1806;c:\windows\system32\drivers\USR1806.SYS [2009-1-11 793598]
S2 RHDISK;RHDISK;\??\c:\program files\rohos\rhdisk.sys --> c:\program files\rohos\RHDISK.SYS [?]
S3 ADM8511;Convertisseur USB vers Fast Ethernet ADMtek ADM8511/AN986;c:\windows\system32\drivers\ADM8511.SYS [2009-1-11 20160]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [2006-7-31 580992]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\fichiers communs\symantec shared\ccPwdSvc.exe [2005-4-8 83568]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-4-17 124608]
S3 VAD_DEV;Virtual Audio Service; [x]
=============== Created Last 30 ================
2009-06-19 10:46 <DIR> --d----- c:\docume~1\marc\applic~1\Uniblue
2009-06-19 10:46 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\~0
2009-06-18 23:14 355,584 a------- c:\windows\system32\TuneUpDefragService.exe
2009-06-15 23:38 <DIR> --d----- c:\windows\pss
2009-06-15 21:50 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-06-15 09:12 <DIR> --d----- c:\docume~1\marc\applic~1\Malwarebytes
2009-06-15 09:12 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-15 09:12 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-15 09:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-15 09:12 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-14 18:50 <DIR> --d----- c:\program files\ToniArts
2009-06-11 07:33 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 07:33 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-10 14:11 <DIR> --d----- c:\program files\feeding frenzy 2 deluxe
2009-06-10 13:49 <DIR> --d----- c:\program files\Bejeweled 2
2009-06-10 13:14 1,551,360 ----h--- c:\windows\system32\xpwin.exe
2009-06-10 13:03 <DIR> --d----- c:\docume~1\marc\applic~1\SpinTop
2009-06-02 21:46 <DIR> --d----- c:\program files\PPLEGestion
2009-06-02 21:08 <DIR> --d----- c:\program files\Gus & Co
2009-05-31 20:09 <DIR> --d----- c:\program files\mIRC
2009-05-31 12:29 <DIR> --d----- c:\docume~1\marc\applic~1\OpenOffice.org
2009-05-31 12:25 <DIR> --d----- c:\program files\OpenOffice.org 3
2009-05-29 15:58 <DIR> --d----- c:\program files\MSECache
2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts
2009-05-25 21:17 146 a------- c:\windows\marclabrecque@sympatico.ca
2009-05-25 10:24 <DIR> --d----- c:\docume~1\marc\applic~1\Ancient Quest of Saqqarah__reflexive
2009-05-25 10:23 <DIR> --d----- c:\program files\Ancient Quest Of Saqqarah
2009-05-24 11:08 <DIR> --d----- c:\program files\Axis Communications
==================== Find3M ====================
2009-06-13 07:44 458,230 a------- c:\windows\system32\perfh00C.dat
2009-06-13 07:44 71,248 a------- c:\windows\system32\perfc00C.dat
2009-06-10 08:52 87,496 a------- c:\docume~1\marc\applic~1\GDIPFONTCACHEV1.DAT
2009-05-13 01:04 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 11:45 24,192 a------- c:\documents and settings\marc\usbsermptxp.sys
2009-05-09 11:45 22,768 a------- c:\windows\system32\drivers\usbsermpt.sys
2009-05-09 11:45 22,768 a------- c:\documents and settings\marc\usbsermpt.sys
2009-05-09 11:00 720,896 a------- c:\windows\iun6002.exe
2009-05-07 11:33 348,672 a------- c:\windows\system32\localspl.dll
2009-04-19 15:50 1,847,296 a------- c:\windows\system32\win32k.sys
2009-04-15 10:53 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-01-17 19:49 87,608 a------- c:\docume~1\marc\applic~1\inst.exe
2009-01-17 19:49 47,360 a------- c:\docume~1\marc\applic~1\pcouffin.sys
2003-08-05 12:41 53,248 a------- c:\windows\inf\ap561.exe
2002-11-26 17:24 32,768 a------- c:\windows\inf\Remove561.exe
2002-11-22 16:56 118,784 a------- c:\windows\inf\ShowBmp.exe
2002-10-29 19:07 36,864 a------- c:\windows\inf\Setup8a.exe
2002-10-01 15:43 119,798 a------- c:\windows\inf\spca561.sys
2001-11-23 13:08 712,704 a------- c:\windows\inf\other\AUDIO3D.DLL
============= FINISH: 9:27:15,42 ===============
just another thing riskyone101 ask mee to do it the GMER and i cant put in the post now because its just give mee the permission to put two attached files. if you need just tell mee what i have to do to put here thanks.