Solved

Weird Windows XP behaviour

Posted on 2004-04-27
21
1,861 Views
Last Modified: 2007-12-19
I don't have a lot to give you here...I'm just hoping that someone has seen something like this before.

I'm using Windows XP Pro with Office 2003.  Every now and then the title bar for one of my open programs will begin flashing (the same way they do when an action occurs in a non-acitve window).  However, when I click on that program/window, the window/title bar continues to flash.  It will also randomly miniize itself, restore itself, or restore down.  While this problem seems to happen to randomly to any active window I might have open, however it seems that Microsoft Outlook is the program most commonly affected.

This occurs quite consistenly...it'll occur on and off for a half hour or so and then just go away for hours or days at a time.

I've used adaware and spybot to hunt down any malware and scanned for viruses, just hoping if anyone has any other ideas.

Thanks for your help,
J
0
Comment
Question by:Intricate
  • 7
  • 7
  • 2
  • +3
21 Comments
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 10932809
Hello Intricate =)

Download HijackThis from here, run it and Post the Log File here:
http://www.softpedia.com/public/cat/10/17/10-17-69.shtml

!! GOOD LUCK !!
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10932810
Have you tried reinstalling office 2003 and checked if it would solve the issue ?

Try it

Also do system file checker (start --> run --> sfc/ scannow) and press "enter"
Have your xp CD ready.
Post back if these would help
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 10932815
coz i want to check that what are the background applications that are running on ur system :)
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 10932870
What happens when you click on the flashing item in the task bar..??  Occasionally this happens on my system, and I know for sure that I don't have spyware, etc., on this machine..  I believe it has something to do with what is happening in the background, as shehary alludes to in his comment above..

BTW:  Hope everyone is having a fine day..  :)

FE
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10932882
Fatal_Exception,
> Hope everyone is having a fine day

Sure FE..Just was thinking I was having a perfect time to answer some questions, you are right there..
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 10932885
> BTW:  Hope everyone is having a fine day..  :)

Nopes, don't include me on this :(
0
 
LVL 1

Author Comment

by:Intricate
ID: 10933187
Thanks for getting back to me so fast everyone....Here's the log from HiJackThis:

Logfile of HijackThis v1.94.0
Scan saved at 5:08:14 PM, on 27/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://ca.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Tummon's Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\System32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=%SystemRoot%\system32\blank.htm
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (disabled by BHODemon)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (disabled by BHODemon)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (disabled by BHODemon)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MailScan Dispatcher] "C:\Program Files\eScanNT\LAUNCH.EXE"
O4 - HKLM\..\Run: [eScanx Monitor] C:\PROGRA~1\eScanNT\ESCANMX.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: TREND MICRO HouseCall (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'mwtsp.dll' missing
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (FormFlow Form Control) - https://www.cbs.gov.on.ca/obra/forms/Codebase/FormCtl.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.motorola.com/iden/client/iUpdateAutoLaunch.ocx
O16 - DPF: {7421F2A7-DC5E-41F1-AA7E-329BC8B42BA9} (GetMAC.ctlGetMAC) - http://www.rogershelp.com/help/content/trouble/oneclickfixes/getmac/getmac.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae05585062/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downloads/common/housecall/HouseCallButton.CAB
O16 - DPF: {94B6A838-7EA3-4C3C-B768-D260DDD685B6} (GetFQDN.ctlTrace) - http://www.rogershelp.com/help/content/trouble/oneclickfixes/fqdn/getfqdn.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38020.3863310185
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
0
 
LVL 1

Author Comment

by:Intricate
ID: 10933203
I haven't got the CD or the time to reinstall Office right now but will try to later this evening.

Trying the system file checker right now.

Thanks!
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 10933213
hey is it the complete log file ????

It is not showing the current running processes on ur system !!!
0
 
LVL 1

Author Comment

by:Intricate
ID: 10933399
Sorry...I was using an older version of Hijack.  Here's the log from teh current version:

Logfile of HijackThis v1.97.7
Scan saved at 5:31:11 PM, on 27/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\eScanNT\helperservice.exe
C:\PROGRA~1\eScanNT\AVKWCTL.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\PROGRA~1\eScanNT\TRAYCSER.EXE
C:\PROGRA~1\eScanNT\avkserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dantz\Client\Remotsvc.exe
C:\Program Files\Dantz\Client\retroclient.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\eScanNT\ESCANMX.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\eScanNT\MAILDISP.EXE
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\ESCANNT\SPOOLER.EXE
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Microsoft Office\OFFICE11\MSACCESS.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jeff Tummon\Desktop\Downloads\Removal Tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tummon's Internet
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (disabled by BHODemon)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (disabled by BHODemon)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (disabled by BHODemon)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MailScan Dispatcher] "C:\Program Files\eScanNT\LAUNCH.EXE"
O4 - HKLM\..\Run: [eScanx Monitor] C:\PROGRA~1\eScanNT\ESCANMX.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: TREND MICRO HouseCall (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'mwtsp.dll' missing
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (FormFlow Form Control) - https://www.cbs.gov.on.ca/obra/forms/Codebase/FormCtl.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.motorola.com/iden/client/iUpdateAutoLaunch.ocx
O16 - DPF: {7421F2A7-DC5E-41F1-AA7E-329BC8B42BA9} (GetMAC.ctlGetMAC) - http://www.rogershelp.com/help/content/trouble/oneclickfixes/getmac/getmac.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae05585062/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downloads/common/housecall/HouseCallButton.CAB
O16 - DPF: {94B6A838-7EA3-4C3C-B768-D260DDD685B6} (GetFQDN.ctlTrace) - http://www.rogershelp.com/help/content/trouble/oneclickfixes/fqdn/getfqdn.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38020.3863310185
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab

0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 10933584
hmmmmmm the LOG file seems to be OK. nothing is suspisious !!

u r using eScan, and there are lots of appplications related to it run in the backgrounds, and i was just thinking that might be there is an application that occasionally scan ur system, like McAfee has the feauture of NT-On_Scan, i mean something like that...!!!

Alos does this behaviour just started, or is it form the very beginning ??
0
 
LVL 1

Author Comment

by:Intricate
ID: 10942627
This behaviour started only about a week ago...I've been using the computer for 5 or 6 months now.

The only feature of escan that's active is teh email scanning, which obviously scans email as they come in.  I don't see any evidence that this problem is occuring when or around the time new email arrives.

I tried the system file checker but came up with nothing.

I'm repiaring office right now...I'll try reinstalling if that doesn't do anything.

J
0
 
LVL 1

Author Comment

by:Intricate
ID: 10943124
I dont' know...it's happened again.  I"ve run HijackThis while the problem was occuring this time...maybe someone can see something there.

Logfile of HijackThis v1.97.7
Scan saved at 4:02:00 PM, on 28/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\eScanNT\helperservice.exe
C:\PROGRA~1\eScanNT\AVKWCTL.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\PROGRA~1\eScanNT\TRAYCSER.EXE
C:\PROGRA~1\eScanNT\avkserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dantz\Client\Remotsvc.exe
C:\Program Files\Dantz\Client\retroclient.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\eScanNT\ESCANMX.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\eScanNT\MAILDISP.EXE
C:\PROGRA~1\ESCANNT\SPOOLER.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Microsoft Office\OFFICE11\MSACCESS.EXE
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Dantz\Client\pcpds.exe
C:\Documents and Settings\Jeff Tummon\Desktop\Downloads\Removal Tools\HijackThis.exe
C:\Documents and Settings\Jeff Tummon\Desktop\Downloads\Removal Tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tummon's Internet
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (disabled by BHODemon)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (disabled by BHODemon)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (disabled by BHODemon)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MailScan Dispatcher] "C:\Program Files\eScanNT\LAUNCH.EXE"
O4 - HKLM\..\Run: [eScanx Monitor] C:\PROGRA~1\eScanNT\ESCANMX.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: TREND MICRO HouseCall (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'mwtsp.dll' missing
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (FormFlow Form Control) - https://www.cbs.gov.on.ca/obra/forms/Codebase/FormCtl.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.motorola.com/iden/client/iUpdateAutoLaunch.ocx
O16 - DPF: {7421F2A7-DC5E-41F1-AA7E-329BC8B42BA9} (GetMAC.ctlGetMAC) - http://www.rogershelp.com/help/content/trouble/oneclickfixes/getmac/getmac.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae05585062/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downloads/common/housecall/HouseCallButton.CAB
O16 - DPF: {94B6A838-7EA3-4C3C-B768-D260DDD685B6} (GetFQDN.ctlTrace) - http://www.rogershelp.com/help/content/trouble/oneclickfixes/fqdn/getfqdn.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38020.3863310185
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab

0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 10944140
hmmmmmmmmmm so i found three Extra processes in the log fie this time, and those are,

C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\Dantz\Client\pcpds.exe

The first one is i think the Logitech mouse control panel.
And i couldn't find anything abt C:\Program Files\Dantz\Client\pcpds.exe

And YES this third one, C:\WINDOWS\System32\WISPTIS.EXE

So tell me have u installed Microsoft Journal Viewer, coz i found this inforamtion on this site >> http://blogs.msdn.com/junfeng/archive/2004/02/05/67791.aspx
0
 
LVL 1

Author Comment

by:Intricate
ID: 10949786
Wisptis is associated with the MS Journal Viewer and appears to start whenever I open a MS office program.

Could be the problem, although I installed the journal viewer awhile ago.

I got a new mouse yesterday...that's why the logitech crap is showing up now.

The pcpds.exe is associated with our backup software.  Might be somethign there. Maybe this problem only occurs once a backup begins..I'll have to look into that further.

I'll keep ya posted.

Thanks,
J
0
 
LVL 3

Expert Comment

by:charlietou
ID: 10959594
I believe em_exec is a little message pop-up that has nothing to do with the functionality of the mouse, and you should be able to remove it safely from your startup list.  It'll either be in HKLM/Software/Microsoft/Windows/CurrentVersion/Run, or
  HKCU/Software/Microsoft/Windows/CurrentVersion/Run.

Hope this helps,  (although I don't know if it'll have anything to do with your posted problem).

Charlie T.
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 10991497
Intricate,,,,,,,, any progress man :)
0
 
LVL 1

Author Comment

by:Intricate
ID: 11042780
Sorry about the delay in getting back....I've been travelling a ton lately for work and haven't had a chance to look in to this.  However, as I was travelling the problem never occured.
After a little more digging...I figure out what the problem was.  We have Dantz Retrospect running on our server at work.  The problem occurs everytime my computer gets backed up by the server.  I'm tryign to work through the problem with Dantz right now.

Thansk for the help though everyone,
J
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 11042859
Good luck with the tech support at Dantz then...  

FE
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 11075800
Closed, 250 points refunded.

modulo
Community Support Moderator
Experts Exchange
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

There are 2 things you must have in order to connect to the internet behind a router, The "Gateway IP" of the router, which is usually something like 192.168.xxx.1, I've seen routers with default values of: 192.168.0.1, 192.168.1.1, 192.168.11.1, …
If you have done a reformat of your hard drive and proceeded to do a successful Windows XP installation, you may notice that a choice between two operating systems when you start up the machine. Here is how to get rid of this: Click Start Clic…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now