Solve : Winword.exe starting automatically?

1.	Solve : Winword.exe starting automatically?
Answer» Hi, Winword.exe process is always running in my background right since computer logons. I have checked the Run and Runonce registry keys or LOCAL machine and current user. Also checked the msconfig. From where other can it get started.A HijackThis log should reveal all.Good Idea, I just forgot it. Will update you what happens Now how do i analyse that info I got stuck with that some time back also.Gotcha, But couldn't find winword anywhere.Post your logfile here (You may have to span it over several posts) or upload it to some WEB space and post a link to it.I searched the startup items there. Because its starting at the startup and that was a small one. If you still want it tell me 8-)Have you checked startup folder and msconfig?Yes all, I am thinking does any application require winword.exe Quote I searched the startup items there. Because its starting at the startup and that was a small one. If you still want it tell me 8-) If Word is still starting, post the log. Here you are: StartupList report, 2/28/2006, 11:00:10 AM StartupList version: 1.52.2 Started from : C:\Documents and Settings\agarwalv\Desktop\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v7.00 (7.00.5296.0000) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\S24EvMon.exe C:\Program Files\Funk Software\Odyssey Client\odClientService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Rational\ClearCase\bin\albd_server.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Program Files\Rational\ClearCase\bin\cccredmgr.exe C:\Program Files\Rational\ClearCase\bin\lockmgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\mobile automation\rstate.exe C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\Rational\common\rwp\bin\jk_nt_service.exe C:\Program Files\Rational\common\rwp\bin\jk_nt_service.exe C:\Program Files\Rational\common\java\jre\bin\java.exe C:\WINDOWS\System32\RegSrvc.exe C:\Program Files\Rational\common\java\jre\bin\java.exe C:\WINDOWS\System32\RoamMgr.exe C:\Windows\System32\r_server.exe C:\WINDOWS\system32\tcpsvcs.exe C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\HHVcdV7Sys\VC7SecS.exe C:\Program Files\Intel\Switching\User\RoamSvc.exe C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe C:\Program Files\Rational\common\rwp\bin\rwp.exe C:\TEMP\PJE49B.EXE C:\Program Files\Rational\common\rwp\bin\rotatelogs.exe C:\Program Files\Rational\common\rwp\bin\rotatelogs.exe C:\Program Files\Rational\common\rwp\bin\rwp.exe C:\Program Files\Rational\common\rwp\bin\rotatelogs.exe C:\Program Files\Rational\common\rwp\bin\rotatelogs.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe C:\Program Files\Funk Software\Odyssey Client\OdTray.exe C:\Program Files\Microsoft OFFICE Communicator\Communicator.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\apps\MSOffice\OFFICE11\OUTLOOK.EXE C:\apps\MSOffice\OFFICE11\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\apps\Radmin\radmin.exe C:\Documents and Settings\agarwalv\Desktop\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] Microsoft Office Outlook 2003.lnk = ? -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run OfficeScanNT MONITOR = "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow (Default) = OdTray.exe = "C:\Program Files\Funk Software\Odyssey Client\OdTray.exe" -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Communicator = "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /background MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background Yahoo! Pager = "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=INI section not found run=INI section not found Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=Registry value not found HKLM\..\Windows NT\CurrentVersion\WinLogon: run=Registry value not found HKLM\..\Windows\CurrentVersion\WinLogon: load=Registry key not found HKLM\..\Windows\CurrentVersion\WinLogon: run=Registry key not found HKCU\..\Windows NT\CurrentVersion\WinLogon: load=Registry value not found HKCU\..\Windows NT\CurrentVersion\WinLogon: run=Registry value not found HKCU\..\Windows\CurrentVersion\WinLogon: load=Registry key not found HKCU\..\Windows\CurrentVersion\WinLogon: run=Registry key not found HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=Registry value not found HKLM\..\Windows NT\CurrentVersion\Windows: load=Registry value not found HKLM\..\Windows NT\CurrentVersion\Windows: run=Registry value not found HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=wbsys.dll -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=INI section not found SCRNSAVE.EXE=INI section not found drivers=INI section not found Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=Registry value not found drivers=Registry value not found Policies Shell key: HKCU\..\Policies: Shell=Registry key not found HKLM\..\Policies: Shell=Registry value not found -------------------------------------------------- Quote A HIJACKTHIS LOG should reveal all. I'm knackered after a long day and have to turn in but we'll look at you HijackThis log tomorrow. In the MEANTIME, do you have any idea of what this refers to: C:\TEMP\PJE49B.EXE No idea, I posted you the log of startup items. And I asked for a HijackThis log!Where shall i post it. Its a huge one.

Answer»

Hi,

Winword.exe process is always running in my background right since computer logons.

I have checked the Run and Runonce registry keys or LOCAL machine and current user.
Also checked the msconfig.

From where other can it get started.A HijackThis log should reveal all.Good Idea,

I just forgot it.
Will update you what happens Now how do i analyse that info

I got stuck with that some time back also.Gotcha,

But couldn't find winword anywhere.Post your logfile here (You may have to span it over several posts) or upload it to some WEB space and post a link to it.I searched the startup items there.
Because its starting at the startup and that was a small one.

If you still want it tell me 8-)Have you checked startup folder and msconfig?Yes all,

I am thinking does any application require winword.exe
Quote

I searched the startup items there.
Because its starting at the startup and that was a small one.

If you still want it tell me 8-)

If Word is still starting, post the log.
Here you are:

StartupList report, 2/28/2006, 11:00:10 AM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\agarwalv\Desktop\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.5296.0000)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rational\ClearCase\bin\albd_server.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Rational\ClearCase\bin\cccredmgr.exe
C:\Program Files\Rational\ClearCase\bin\lockmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\mobile automation\rstate.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Rational\common\rwp\bin\jk_nt_service.exe
C:\Program Files\Rational\common\rwp\bin\jk_nt_service.exe
C:\Program Files\Rational\common\java\jre\bin\java.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Rational\common\java\jre\bin\java.exe
C:\WINDOWS\System32\RoamMgr.exe
C:\Windows\System32\r_server.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\HHVcdV7Sys\VC7SecS.exe
C:\Program Files\Intel\Switching\User\RoamSvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\Program Files\Rational\common\rwp\bin\rwp.exe
C:\TEMP\PJE49B.EXE
C:\Program Files\Rational\common\rwp\bin\rotatelogs.exe
C:\Program Files\Rational\common\rwp\bin\rotatelogs.exe
C:\Program Files\Rational\common\rwp\bin\rwp.exe
C:\Program Files\Rational\common\rwp\bin\rotatelogs.exe
C:\Program Files\Rational\common\rwp\bin\rotatelogs.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Funk Software\Odyssey Client\OdTray.exe
C:\Program Files\Microsoft OFFICE Communicator\Communicator.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\apps\MSOffice\OFFICE11\OUTLOOK.EXE
C:\apps\MSOffice\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\apps\Radmin\radmin.exe
C:\Documents and Settings\agarwalv\Desktop\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Microsoft Office Outlook 2003.lnk = ?

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

OfficeScanNT MONITOR = "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
(Default) =
OdTray.exe = "C:\Program Files\Funk Software\Odyssey Client\OdTray.exe"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Communicator = "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /background
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
Yahoo! Pager = "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=wbsys.dll

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------
Quote

A HIJACKTHIS LOG should reveal all.

I'm knackered after a long day and have to turn in but we'll look at you HijackThis log tomorrow. In the MEANTIME, do you have any idea of what this refers to:
C:\TEMP\PJE49B.EXE
No idea,

I posted you the log of startup items. And I asked for a HijackThis log!Where shall i post it.

Its a huge one.

Solve : Winword.exe starting automatically?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment