Tech Support Forum banner
Cancel

Flashing Red and white X in sys tray and constant popups

Jump to Latest Follow
Status
Not open for further replies.
1 - 2 of 2 Posts
T

· Registered
Joined
·
1 Posts
Discussion Starter · #1 ·
I have no idea what is going on... ad-aware nor search and destroy find anything when I run them.

Popups are coming up like crazy in IE and I dont even use that proggy. I use firefox 99.9 % of the time.

I searched the net and found something called combofix.exe and ran it. That worked but the problem seems to be set on a timer and goes about a half day and viola a popup fest once again.

There are 3 icons installed on my desktop during this time

Error Cleaner
Privacy Protector
Spyware&Malware Protection

There is also a small red with white x in the system try next to the clock. It comes and goes but during the popups this thing is flashing crazy.

I ran through all 5 steps and also attached on the active scan log file from step 1.

The main txt is listed below and the extra txt is also attached per the 5 step process.

Any help is much obliged.

TexasFM3
Deckard's System Scanner v20071014.68
Run by ng26970 on 2007-11-29 13:17:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
5: 2007-11-29 19:17:31 UTC - RP5 - Deckard's System Scanner Restore Point
4: 2007-11-29 07:33:11 UTC - RP4 - Installed Ad-Aware 2007
3: 2007-11-29 05:59:58 UTC - RP3 - System Checkpoint
2: 2007-11-28 05:31:41 UTC - RP2 - ComboFix created restore point
1: 2007-11-28 05:31:28 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-29 13:20:27
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.5730.11)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AspenTech\BPE\AfwSecCliSvc.exe
C:\Program Files\Symantec\Symantec Antivirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE
C:\Program Files\Common Files\AspenTech Shared\Portmapper\PORTSERV.EXE
C:\Program Files\HP OpenView\Discovery Agent\bin32\discagnt.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\HP OpenView\Discovery Agent\Plugins\usage\discusge.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Antivirus\Rtvscan.exe
C:\Program Files\Timbuktu Pro\tb2launch.exe
C:\WINDOWS\system32\TPHDEXLG.exe
C:\dowwapps\DWSService\DWSService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\Symantec Antivirus\VPTray.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\Utilities\TP98TRAY.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Timbuktu Pro\tb2logon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Philips\Philips Device Manager\bin\DeviceManager.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe
C:\Program Files\Philips\Philips Lime Service\bin\Lime.exe
C:\Program Files\Timbuktu Pro\TimbuktuRemoteConsole.exe
C:\Program Files\MIP\AgentSrv.exe
C:\Program Files\MIP\CBSysTray.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ng26970\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.intranet.dow.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=inet3.nam.dow.com:80;gopher=inet3.nam.dow.com:80;http=inet3.nam.dow.com:80;https=inet3.nam.dow.com:443
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: MSVPS System - {7E745F86-6B67-45D3-922A-878167A9D258} - C:\WINDOWS\werbetnor.dll
O3 - Toolbar: The hdtip - {7E259026-2CBD-4F42-AB62-230C0D4ABDAD} - C:\WINDOWS\hdtip.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\Progra~1\Symantec\Symant~1\VPTray.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [RunWCW] C:\dowwapps\login\dwalogin.vbs
O4 - HKLM\..\Run: [DIRECT!] C:\Program Files\Courion Corporation\Identity Management Suite DIRECT!\direct.exe
O4 - HKLM\..\Run: [TLogonPath] "C:\Program Files\Timbuktu Pro\Tb2Logon.exe"
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [Synchronization Configuration] C:\Dowwapps\scripts\Config_Mobsync_Run.vbs
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
O4 - HKLM\..\RunOnce: [Synchronization Configuration] C:\dowwapps\scripts\config_mobsync_runonce.vbs
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [PhilipsLime] "C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe"
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O4 - Global Startup: clear Recent.lnk = C:\FM3 Projects\PAS\recent clear\clear Recent.bat
O4 - Global Startup: Connected TaskBar Icon.LNK = C:\Program Files\MIP\CBSysTray.exe
O4 - Global Startup: KillTim.lnk = C:\FM3 Projects\PAS\kill timbuktu\KillTim.bat
O4 - Global Startup: Microsoft Office Outlook 2003.lnk = ?
O4 - Global Startup: Mozilla Firefox.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O15 - Trusted Zone: *.epm.pas.com (HKCU)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\Software\..\Telephony: DomainName = dow.com
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = dow.com
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: SearchList = dow.com,intranet.dow.com,nam.dow.com,eur.dow.com,lam.dow.com,asa.dow.com,aus.dow.com,afr.dow.com,sct.ucarb.com
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: SearchList = dow.com,intranet.dow.com,nam.dow.com,eur.dow.com,lam.dow.com,asa.dow.com,aus.dow.com,afr.dow.com,sct.ucarb.com
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = dow.com
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: SearchList = dow.com,intranet.dow.com,nam.dow.com,eur.dow.com,lam.dow.com,asa.dow.com,aus.dow.com,afr.dow.com,sct.ucarb.com
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O21 - SSODL: gormet - {7E1CE008-4FA5-4A85-BB15-26C42BE9AF95} - C:\WINDOWS\gormet.dll
O21 - SSODL: pmkret - {8490BC22-8E26-4D8C-AFC3-7F19CC3C4D0D} - C:\WINDOWS\pmkret.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AFW Security Client Service (AfwSecCliSvc) - Aspen Technology, Inc. - C:\Program Files\AspenTech\BPE\AfwSecCliSvc.exe
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\MIP\AgentSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec\Symantec Antivirus\DefWatch.exe
O23 - Service: DWSService - The Dow Chemical Company - C:\dowwapps\DWSService\DWSService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE
O23 - Service: NobleNet Portmapper for TCP - Unknown owner - C:\Program Files\Common Files\AspenTech Shared\Portmapper\PORTSERV.EXE
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: OracleORAHOME90ClientCache - Unknown owner - C:\ORACLE\ORA90\bin\ONRSD.EXE
O23 - Service: HP OpenView Discovery Agent (prgnDiscAgent) - Unknown owner - C:\Program Files\HP OpenView\Discovery Agent\bin32\discagnt.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec\Symantec Antivirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec\Symantec Antivirus\Rtvscan.exe
O23 - Service: Tb2 Launch (Tb2Launch) - Netopia, Inc. - C:\Program Files\Timbuktu Pro\tb2launch.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\system32\TPHDEXLG.exe


--
End of file - 12424 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - DefaultIcon - C:\WINDOWS\Installer\{2505511B-B8E9-4FDF-953A-274563F2B03F}\Icon2505511B.exe,1
.txt - CrimsonEditor.txt - DefaultIcon - C:\Program Files\Crimson Editor\cedttype.ico
.txt - CrimsonEditor.txt - shell\open\command - C:\Program Files\Crimson Editor\cedt.exe "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Shockprf - c:\windows\system32\drivers\shockprf.sys <Not Verified; Lenovo; ThinkVantage Active Protection System>
R1 ShockMgr - c:\windows\system32\drivers\shockmgr.sys <Not Verified; Lenovo.; ThinkVantage Active Protection System>
R1 Smapint - c:\windows\system32\drivers\smapint.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
R1 Tb2Device (TB2 Remote Control Driver) - c:\windows\netopiarc\tb2device.sys
R1 Tb2MirrorSys (TB2 Remote Control Mirror Driver) - c:\windows\netopiarc\tb2mirrorsys.sys <Not Verified; Netopia, Inc.; Netopia Remote Control>
R1 TDSMAPI - c:\windows\system32\drivers\tdsmapi.sys
R1 TPHKDRV - c:\windows\system32\drivers\tphkdrv.sys <Not Verified; IBM Corporation; ThinkPad OnScreenDisplay>
R1 TPPWRIF - c:\windows\system32\drivers\tppwrif.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.10.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.10.0>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 smihlp (SMI helper driver) - c:\program files\thinkvantage fingerprint software\smihlp.sys <Not Verified; UPEK Inc.; ThinkVantage Fingerprint Software>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)
S3 catchme - c:\docume~1\ng26970\locals~1\temp\catchme.sys (file missing)
S3 Cpmt (Cisco Media Termination) - c:\windows\system32\drivers\cpmt.sys (file missing)
S3 PCTINDIS5 (PCTINDIS5 NDIS Protocol Driver) - c:\windows\system32\pctindis5.sys <Not Verified; PCTEL Inc.; PCTEL Rawether for Windows>
S3 SMNDIS5 (SMNDIS5 NDIS Protocol Driver) - c:\progra~1\verizo~1\vzacce~1\smndis5.sys (file missing)
S3 StMp3Rec (Player Recovery Device Control Driver) - c:\windows\system32\drivers\stmp3rec.sys <Not Verified; Microsoft Corporation; >
S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AfwSecCliSvc (AFW Security Client Service) - c:\program files\aspentech\bpe\afwsecclisvc.exe <Not Verified; Aspen Technology, Inc.; Aspen Framework>
R2 DWSService - c:\dowwapps\dwsservice\dwsservice.exe <Not Verified; The Dow Chemical Company; Dow Workstation>
R2 NetCfgSvr (Network Configuration Service) - c:\progra~1\at&tgl~1\netcfgsv.exe <Not Verified; AT&T; NetCfgSvr Module>
R2 NobleNet Portmapper for TCP - "c:\program files\common files\aspentech shared\portmapper\portserv.exe"
R2 prgnDiscAgent (HP OpenView Discovery Agent) - "c:\program files\hp openview\discovery agent\bin32\discagnt.exe"
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 Tb2Launch (Tb2 Launch) - "c:\program files\timbuktu pro\tb2launch.exe" <Not Verified; Netopia, Inc.; Timbuktu Pro for Windows>
R2 TPHDEXLGSVC (ThinkPad HDD APS Logging Service) - system32\tphdexlg.exe <Not Verified; Lenovo.; ThinkVantage Active Protection System>
R3 AgentSrv (Connected Agent Service) - c:\program files\mip\agentsrv.exe -asv <Not Verified; Connected Corporation; Connected DataProtector>

S3 OpcEnum - c:\windows\system32\opcenum.exe <Not Verified; OPC Foundation; OPC Server Enumerator 1.10>
S3 OracleORAHOME90ClientCache - c:\oracle\ora90\bin\onrsd.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-11-29 06:32:16 304 --a------ C:\WINDOWS\Tasks\PMTask.job
2007-11-28 23:45:07 254 --a------ C:\WINDOWS\Tasks\DWS Disk Defrag.job
2007-11-02 19:03:40 272 --a------ C:\WINDOWS\Tasks\DWS Disk Cleanup.job


-- Files created between 2007-10-29 and 2007-11-29 -----------------------------

2007-11-29 13:17:10 0 d-------- S:\Deckard
2007-11-29 13:11:42 0 d-------- C:\Program Files\SpywareBlaster
2007-11-29 01:33:14 0 d-------- C:\Program Files\Lavasoft
2007-11-29 01:33:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-29 01:32:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-29 01:19:34 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-28 12:23:25 0 d-------- C:\WINDOWS\ERUNT
2007-11-28 12:17:31 0 d-------- C:\Documents and Settings\TexasFM3\Application Data\Mozilla
2007-11-28 12:17:14 0 d-------- C:\Documents and Settings\TexasFM3\Application Data\Hummingbird
2007-11-28 12:17:12 0 dr------- C:\Documents and Settings\TexasFM3\My Documents
2007-11-28 12:17:11 0 dr-h----- C:\Documents and Settings\TexasFM3\Recent
2007-11-28 12:17:03 0 d---s---- C:\Documents and Settings\TexasFM3\UserData
2007-11-28 12:17:03 0 d--h----- C:\Documents and Settings\TexasFM3\Templates
2007-11-28 12:17:03 0 dr------- C:\Documents and Settings\TexasFM3\Start Menu
2007-11-28 12:17:03 0 dr-h----- C:\Documents and Settings\TexasFM3\SendTo
2007-11-28 12:17:03 0 d--h----- C:\Documents and Settings\TexasFM3\PrintHood
2007-11-28 12:17:03 1572864 --ah----- C:\Documents and Settings\TexasFM3\ntuser.dat
2007-11-28 12:17:03 0 d--h----- C:\Documents and Settings\TexasFM3\NetHood
2007-11-28 12:17:03 0 d--h----- C:\Documents and Settings\TexasFM3\Local Settings
2007-11-28 12:17:03 0 dr------- C:\Documents and Settings\TexasFM3\Favorites
2007-11-28 12:17:03 0 d-------- C:\Documents and Settings\TexasFM3\Desktop
2007-11-28 12:17:03 0 d--hs---- C:\Documents and Settings\TexasFM3\Cookies
2007-11-28 12:17:03 0 d-------- C:\Documents and Settings\TexasFM3\Application Data
2007-11-28 12:17:03 0 d-------- C:\Documents and Settings\TexasFM3\Application Data\Microsoft
2007-11-27 23:02:38 0 d-------- C:\Program Files\Enigma Software Group
2007-11-27 08:55:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Sync App Settings
2007-11-27 07:16:26 262144 --a------ C:\WINDOWS\werbetnor.dll <Not Verified; ; werbetnor>
2007-11-27 07:16:26 283648 --a------ C:\WINDOWS\pmkret.dll
2007-11-27 07:16:26 81920 --a------ C:\WINDOWS\monhop.exe
2007-11-27 07:16:26 192512 --a------ C:\WINDOWS\hdtip.dll <Not Verified; ; hdtip Module>
2007-11-27 07:16:26 229376 --a------ C:\WINDOWS\gormet.dll
2007-11-26 12:36:12 0 d-------- C:\WINDOWS\DowScanFiles
2007-11-19 14:44:07 0 d-------- C:\Documents and Settings\ng26970\WINDOWS
2007-11-13 12:12:07 1362 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2007-11-08 15:01:26 68096 --a------ C:\WINDOWS\system32\GuitarStudiodll.DLL <Not Verified; Nicolas Manel; Nicolas Manel GuitarStudioDLL>
2007-11-08 15:01:26 32256 --a------ C:\WINDOWS\system32\CmDlgFR.dll <Not Verified; Microsoft Corporation; CMDIALOG>
2007-11-08 15:01:26 100352 --a------ C:\WINDOWS\system32\CmCtlFR.dll <Not Verified; Microsoft Corporation; COMCTL>
2007-11-08 15:01:26 23552 --a------ C:\WINDOWS\system32\CmCt2FR.dll <Not Verified; Microsoft Corporation; Bibliothèque d'objets des contrôles communs Microsoft 2>
2007-11-08 15:01:25 0 d-------- C:\Program Files\Guitar Studio
2007-11-06 08:18:43 0 d-------- C:\Program Files\Spicer
2007-11-06 08:18:43 0 d-------- C:\Documents and Settings\ng26970\Application Data\InstallShield
2007-11-06 08:05:54 0 d-------- C:\Program Files\Documentum


-- Find3M Report ---------------------------------------------------------------

2007-11-29 12:21:20 0 d-------- C:\Program Files\Timbuktu Pro
2007-11-29 12:21:13 0 d-------- C:\Program Files\ThinkVantage Fingerprint Software
2007-11-29 12:21:00 0 d-------- C:\Program Files\Taskbar Shuffle
2007-11-29 12:20:50 0 d-------- C:\Program Files\Symantec
2007-11-29 12:16:55 0 d-------- C:\Program Files\MIP
2007-11-29 12:11:36 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-29 12:10:20 0 d-------- C:\Program Files\AT&T Global Network Client
2007-11-29 12:07:53 0 d-------- C:\Program Files\Acoustica MP3 To Wave Converter PLUS
2007-11-29 11:29:39 0 d-------- C:\Program Files\Microsoft Office Communicator
2007-11-29 11:29:23 0 d-------- C:\Program Files\ViewMail
2007-11-29 02:20:38 0 d-------- C:\Program Files\7-Zip
2007-11-29 01:32:15 0 d-------- C:\Program Files\Common Files
2007-11-27 07:18:27 0 d-------- C:\Documents and Settings\ng26970\Application Data\PSM
2007-11-26 12:33:40 0 d-------- C:\Documents and Settings\ng26970\Application Data\ERS
2007-11-19 16:24:58 0 d-------- C:\Documents and Settings\ng26970\Application Data\Adobe
2007-11-19 16:06:11 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-19 14:46:50 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-19 12:37:58 0 d-------- C:\Program Files\SureThing
2007-11-12 11:33:02 0 d-------- C:\Documents and Settings\ng26970\Application Data\AdobeUM
2007-11-06 09:10:37 0 d-------- C:\Documents and Settings\ng26970\Application Data\U3
2007-11-05 09:50:33 0 d-------- C:\Program Files\Java
2007-10-15 11:56:53 0 d-------- C:\Documents and Settings\ng26970\Application Data\OpenOffice.org2
2007-10-15 11:54:26 0 d-------- C:\Program Files\OpenOffice.org 2.3
2007-10-08 09:57:01 0 d-------- C:\Program Files\MSXML 6.0
2007-10-08 07:01:27 0 d-------- C:\Program Files\Lexmark


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E745F86-6B67-45D3-922A-878167A9D258}]
2007-11-27 05:17 262144 --a------ C:\WINDOWS\werbetnor.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 06:11]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 06:39]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 06:36]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 06:40]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 12:17]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 12:16]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 15:14]
"vptray"="C:\Progra~1\Symantec\Symant~1\VPTray.exe" [2006-06-14 23:40]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-05 15:15]
"TPTRAY"="C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE" [2006-04-23 23:53]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [2006-01-24 11:03]
"TP4EX"="tp4ex.exe" [2005-10-16 23:11 C:\WINDOWS\system32\TP4EX.exe]
"RunWCW"="C:\dowwapps\login\dwalogin.vbs" []
"DIRECT!"="C:\Program Files\Courion Corporation\Identity Management Suite DIRECT!\direct.exe" [2004-04-27 11:09]
"TLogonPath"="C:\Program Files\Timbuktu Pro\Tb2Logon.exe" [2005-11-16 12:10]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-12-06 23:12]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-12-06 23:12]
"TPKBDLED"="C:\WINDOWS\system32\TpScrLk.exe" [2002-10-08 08:28]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-24 00:22]
"TpShocks"="TpShocks.exe" [2005-11-07 11:14 C:\WINDOWS\system32\TpShocks.exe]
"Synchronization Configuration"="C:\Dowwapps\scripts\Config_Mobsync_Run.vbs" [2003-04-24 13:11]
"PSQLLauncher"="C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" [2006-03-24 10:27]
"PhilipsDM"="C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2006-07-13 17:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Taskbar Shuffle"="C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe" [2007-06-16 13:47]
"PhilipsLime"="C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe" [2005-09-08 15:10]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Synchronization Configuration"=C:\dowwapps\scripts\config_mobsync_runonce.vbs

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe"

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
clear Recent.lnk - C:\FM3 Projects\PAS\recent clear\clear Recent.bat [2007-05-04 07:00:42]
Connected TaskBar Icon.LNK - C:\Program Files\MIP\CBSysTray.exe [2007-01-08 16:26:14]
KillTim.lnk - C:\FM3 Projects\PAS\kill timbuktu\KillTim.bat [2007-11-19 13:11:35]
Microsoft Office Outlook 2003.lnk - C:\WINDOWS\Installer\{90120409-6000-11D3-8CFE-0150048383C9}\outicon.exe [2006-08-13 14:10:09]
Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe [2007-01-08 18:24:05]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"HideShutdownScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=1 (0x1)
"NoRemoteChangeNotify"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"=1 (0x1)
"MemCheckBoxInRunDlg"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"gormet"= {7E1CE008-4FA5-4A85-BB15-26C42BE9AF95} - C:\WINDOWS\gormet.dll [2007-11-27 05:16 229376]
"pmkret"= {8490BC22-8E26-4D8C-AFC3-7F19CC3C4D0D} - C:\WINDOWS\pmkret.dll [2007-11-27 05:16 283648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 2006-03-24 10:41 40448 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Timbuktu Pro]
C:\Program Files\Timbuktu Pro\Hook32.dll 2005-11-16 12:11 81920 C:\Program Files\Timbuktu Pro\HOOK32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 2005-07-05 21:45 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-11-30 18:16 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1060284298-861567501-682003330-420705\Scripts\Logoff\0\0]
"Script"=C:\Program Files\MIP\DWSBACKUP.vbs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{35DFFE62-9F48-4236-9249-9EAB5C7123C9}]
"C:\Program Files\Hummingbird\Connectivity\11.00\Accessories\HumSettings.exe" INSTALL=ALL



-- End of Deckard's System Scanner: finished at 2007-11-29 13:21:21 ------------
 

Attachments

Angelfire777

· Registered
Joined
·
4,590 Posts
#2 ·
Hi, welcome to TSF!

Sorry for the delay. If you still need help, please post a fresh main.txt log.
 
Save Share
1 - 2 of 2 Posts
Status
Not open for further replies.
About this Discussion
1 Reply
2 Participants
Last post:
Angelfire777
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top