Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Ad-Aware 2007 bsod [RESOLVED]

Started by i2kdave , Jan 31 2008 07:33 PM

  • This topic is locked This topic is locked

#1
i2kdave
Posted 31 January 2008 - 07:33 PM

i2kdave

    New Member

  • Member
  • Pip
  • 3 posts
My computer blue screens shortly after I start a scan with Ad-Aware 2007. It seems to happen when Ad-Aware is scanning the registry. Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:00 PM, on 1/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us5.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us5.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.c...Now?lnkctr=mhWN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CatalystRegistration] "C:\Program Files\ATI\CatalystRegistration\dolce.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\ETcall.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BitPump] "C:\Program Files\AnalogX\BitPump\bitpump.exe" /VerifySettings
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Open with BitPump - C:\Program Files\AnalogX\BitPump\ieint.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: NST ToolTipFixer (TTFixerService) - NeoSmart Technologies - C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe

--
End of file - 7321 bytes


Thanks in advance for any help. :)
  • 0

Advertisements

#2
Essexboy
Posted 01 February 2008 - 12:37 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there initially nothing jumps out and bites me, so lets take a deeper look

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
i2kdave
Posted 01 February 2008 - 05:47 PM

i2kdave

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
here ya go:

Deckard's System Scanner v20071014.68
Run by Dave on 2008-02-01 18:42:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
11: 2008-02-01 23:42:55 UTC - RP11 - Deckard's System Scanner Restore Point
10: 2008-01-31 23:27:55 UTC - RP10 - Installed Ad-Aware 2007
9: 2008-01-30 00:20:35 UTC - RP9 - Installed DirectX
8: 2008-01-30 00:18:48 UTC - RP8 - Installed Crysis® SP Demo.
7: 2008-01-29 00:21:40 UTC - RP7 - System Checkpoint


-- First Restore Point --
1: 2008-01-23 04:01:08 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Dave.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:43:20 PM, on 2/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Dave\Desktop\dss.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Dave.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us5.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us5.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.c...Now?lnkctr=mhWN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CatalystRegistration] "C:\Program Files\ATI\CatalystRegistration\dolce.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\ETcall.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BitPump] "C:\Program Files\AnalogX\BitPump\bitpump.exe" /VerifySettings
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Open with BitPump - C:\Program Files\AnalogX\BitPump\ieint.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: NST ToolTipFixer (TTFixerService) - NeoSmart Technologies - C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe

--
End of file - 7548 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

S3 RivaTuner32 - c:\program files\rivatuner v2.06\rivatuner32.sys
S3 XBCD (XBCD Kernel Module) - c:\windows\system32\drivers\xbcd.sys <Not Verified; Redcl0ud; XBCD>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 TTFixerService (NST ToolTipFixer) - "c:\program files\neosmart technologies\tooltipfixer\tooltipfixer.exe" <Not Verified; NeoSmart Technologies; ToolTip Fixer>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-01-01 and 2008-02-01 -----------------------------

2008-02-01 06:19:54 0 dr-h----- C:\Documents and Settings\Dave\Recent
2008-01-31 23:10:09 0 d-------- C:\Documents and Settings\Dave\Application Data\Grisoft
2008-01-31 20:32:55 0 d-------- C:\Program Files\Trend Micro
2008-01-31 18:27:56 0 d-------- C:\Program Files\Lavasoft
2008-01-31 18:27:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-31 18:27:36 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-29 19:18:49 0 d-------- C:\Program Files\Electronic Arts
2008-01-24 18:56:50 0 d-------- C:\Program Files\NeoSmart Technologies
2008-01-23 19:09:49 49152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-01-23 19:09:34 520192 --a------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-01-23 19:01:59 0 d-------- C:\Documents and Settings\Dave\Application Data\CyberLink
2008-01-23 19:00:54 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-01-23 19:00:31 0 d-------- C:\Program Files\CyberLink
2008-01-22 20:47:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-22 19:44:53 0 d-------- C:\Documents and Settings\Dave\Application Data\OpenOffice.org2
2008-01-22 19:40:50 0 d-------- C:\Program Files\OpenOffice.org 2.3
2008-01-22 19:35:38 0 d-------- C:\Documents and Settings\Dave\Application Data\.purple
2008-01-22 19:35:27 0 d-------- C:\Program Files\Pidgin
2008-01-22 19:35:22 0 d-------- C:\Program Files\Common Files\GTK
2008-01-22 18:53:20 0 d-------- C:\Documents and Settings\All Users\Application Data\{732094A9-8D45-41EB-B8CC-4EBAADD7808E}
2008-01-22 18:53:14 0 d-------- C:\Program Files\BurnAware Free Edition
2008-01-21 19:56:53 0 d-------- C:\Program Files\AnalogX
2008-01-20 22:28:15 0 d-------- C:\Program Files\XBCD
2008-01-18 19:57:51 0 d-------- C:\Documents and Settings\Dave\Application Data\dvdcss
2008-01-14 20:30:20 0 d-------- C:\Program Files\Lavalys
2008-01-14 19:40:39 0 d-------- C:\Program Files\Netflix
2008-01-14 18:50:43 0 d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-01-14 18:50:23 0 d-------- C:\Documents and Settings\Dave\Application Data\Logitech
2008-01-14 18:49:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-01-14 18:49:00 0 d-------- C:\Program Files\Common Files\Logishrd
2008-01-14 18:48:58 0 d-------- C:\Program Files\Logitech
2008-01-13 11:18:39 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-01-13 11:18:39 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-01-13 11:18:39 0 d-------- C:\Program Files\OpenAL
2008-01-13 10:56:39 0 d-------- C:\Documents and Settings\Dave\Application Data\Bioshock
2008-01-13 10:55:17 0 dr-h----- C:\Documents and Settings\Dave\Application Data\SecuROM
2008-01-12 21:39:25 0 d-------- C:\Program Files\2K Games
2008-01-12 20:07:30 0 d-------- C:\Program Files\S-G Software
2008-01-12 19:59:16 0 d-------- C:\Program Files\Common Files\Stardock
2008-01-12 19:59:15 0 d-------- C:\Program Files\Stardock
2008-01-12 19:45:02 0 d-------- C:\Program Files\Anacapri the Dream
2008-01-10 19:46:48 0 d-------- C:\Program Files\Sierra
2008-01-10 19:34:57 0 d-------- C:\Program Files\Fox
2008-01-10 19:33:42 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2008-01-10 19:33:42 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2008-01-10 19:33:42 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2008-01-10 17:30:22 0 d-------- C:\WINDOWS\Sun
2008-01-10 17:30:22 0 d-------- C:\Documents and Settings\Dave\Application Data\Sun
2008-01-10 17:29:54 0 d-------- C:\Program Files\Java
2008-01-10 17:29:40 0 d-------- C:\Program Files\Common Files\Java
2008-01-10 16:41:03 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-01-10 16:37:24 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-01-10 16:37:11 0 d-------- C:\Program Files\ATI Technologies
2008-01-10 16:14:06 0 d-------- C:\Program Files\Driver Cleaner Pro
2008-01-09 19:04:21 0 d-------- C:\WINDOWS\system32\Futuremark
2008-01-09 19:04:21 3972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2008-01-09 19:04:17 0 d-------- C:\Program Files\Futuremark
2008-01-09 19:04:06 0 d-------- C:\WINDOWS\system32\windows media
2008-01-09 19:04:03 0 d-------- C:\WINDOWS\RegisteredPackages
2008-01-09 19:04:02 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-01-09 19:04:01 0 d-------- C:\Program Files\Windows Media Components
2008-01-09 18:43:02 0 d-------- C:\Program Files\AquaMark3
2008-01-09 18:23:56 0 d-------- C:\Program Files\SpeedFan
2008-01-08 21:00:26 0 d-------- C:\Program Files\Prime95
2008-01-08 20:59:45 0 d-------- C:\Documents and Settings\Dave\Application Data\Earthsim
2008-01-08 18:40:34 10616900 --a------ C:\WINDOWS\system32\Goldfish2.scr
2008-01-08 18:40:33 2932736 --a------ C:\WINDOWS\system32\MA2_6.scr
2008-01-08 18:40:33 0 d-------- C:\Program Files\Prolific Publishing, Inc
2008-01-07 21:08:30 0 d-------- C:\Program Files\OCCT
2008-01-07 19:43:55 0 d-------- C:\bios update


-- Find3M Report ---------------------------------------------------------------

2008-01-31 18:27:36 0 d-------- C:\Program Files\Common Files
2008-01-23 19:09:36 0 d-------- C:\Program Files\Realtek
2008-01-23 19:09:36 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-22 19:07:28 21 --a------ C:\Documents and Settings\Dave\Application Data\burnaware.ini
2008-01-10 17:30:19 1279 --a------ C:\WINDOWS\mozver.dat
2008-01-09 18:35:10 0 d-------- C:\Program Files\Gigabyte
2007-12-30 12:51:25 0 d-------- C:\Documents and Settings\Dave\Application Data\Adobe
2007-12-30 09:24:10 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-29 11:14:03 69385 --a------ C:\WINDOWS\hpoins05.dat
2007-12-29 11:13:12 0 d-------- C:\Program Files\Common Files\HP
2007-12-29 11:13:11 0 d-------- C:\Program Files\HP
2007-12-29 11:12:48 0 d-------- C:\Program Files\Hewlett-Packard
2007-12-29 11:11:53 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-12-29 09:42:08 0 d-------- C:\Program Files\Common Files\InstallShield
2007-12-28 20:32:02 0 d-------- C:\Program Files\Activision
2007-12-28 17:14:00 0 d-------- C:\Program Files\MozBackup
2007-12-28 16:45:25 0 d-------- C:\Program Files\RivaTuner v2.06
2007-12-28 15:53:03 0 d-------- C:\Program Files\7-Zip
2007-12-28 15:50:21 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-28 15:50:19 0 d-------- C:\Documents and Settings\Dave\Application Data\Mozilla
2007-12-12 21:24:54 0 d-------- C:\Program Files\Ubisoft
2007-12-12 20:51:30 0 d-------- C:\Documents and Settings\Dave\Application Data\ATI
2007-12-12 20:35:00 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-12 20:22:51 0 d-------- C:\Program Files\MSXML 6.0
2007-12-12 20:22:46 0 d-------- C:\Program Files\MSXML 4.0
2007-12-12 20:11:45 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-12 20:09:40 0 d-------- C:\Documents and Settings\Dave\Application Data\Macromedia
2007-12-12 20:08:58 0 d-------- C:\Documents and Settings\Dave\Application Data\AVG7
2007-12-12 20:03:51 0 d-------- C:\Documents and Settings\Dave\Application Data\InstallShield
2007-12-12 20:01:42 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2007-12-12 19:59:24 0 d-------- C:\Program Files\Intel
2007-12-12 19:46:34 0 -rahs---- C:\MSDOS.SYS
2007-12-12 19:46:34 0 -rahs---- C:\IO.SYS
2007-12-12 19:46:34 0 --a------ C:\CONFIG.SYS
2007-12-12 19:46:34 0 --a------ C:\AUTOEXEC.BAT
2007-12-12 19:45:41 0 d--h----- C:\Program Files\WindowsUpdate
2007-12-12 19:44:53 0 d-------- C:\Program Files\Common Files\MSSoap
2007-12-12 19:43:56 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-12-12 19:43:28 0 d-------- C:\Program Files\Windows Media Connect 2
2007-12-12 19:43:03 0 d-------- C:\Program Files\Windows NT
2007-12-12 14:38:44 0 d-------- C:\Program Files\Common Files\ODBC
2007-12-12 14:38:23 62 --ahs---- C:\Documents and Settings\Dave\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/29/2007 09:28 AM]
"CatalystRegistration"="C:\Program Files\ATI\CatalystRegistration\dolce.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [09/13/2004 03:49 PM]
"EasyTuneV"="C:\Program Files\Gigabyte\ET5\ETcall.exe" [08/14/2007 02:10 PM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 12:35 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [09/21/2007 03:10 AM C:\WINDOWS\KHALMNPR.Exe]
"BitPump"="C:\Program Files\AnalogX\BitPump\bitpump.exe" [01/21/2008 07:56 PM]
"BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [11/16/2007 07:20 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [10/28/2007 09:35 AM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [10/11/2007 12:06 PM]
"RTHDCPL"="RTHDCPL.EXE" [01/09/2008 03:25 PM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 06:43 PM C:\WINDOWS\Alcmtr.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 08:56 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
"ShowDeskFix"=regsvr32 /s /n /i:u shell32

C:\Documents and Settings\Dave\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [1/12/2008 7:59:16 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [1/14/2008 6:49:03 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoResolveSearch"=1 (0x1)
"ClearRecentDocsOnExit"=1 (0x1)
"NoStartBanner"=1 (0x1)
"NoSMConfigurePrograms"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoResolveSearch"=1 (0x1)
"ClearRecentDocsOnExit"=1 (0x1)
"NoStartBanner"=1 (0x1)
"NoSMConfigurePrograms"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 11/15/2007 10:10 AM 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService WebClient LmHosts upnphost SSDPSRV

*Newly Created Service* - AVGASCLN



-- End of Deckard's System Scanner: finished at 2008-02-01 18:44:48 ------------




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® Dual CPU E2140 @ 1.60GHz
CPU 1: Intel® Pentium® Dual CPU E2140 @ 1.60GHz
Percentage of Memory in Use: 23%
Physical Memory (total/avail): 2046.42 MiB / 1574.7 MiB
Pagefile Memory (total/avail): 3429.48 MiB / 2999.85 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.23 MiB

C: is Fixed (NTFS) - 149.04 GiB total, 103.53 GiB free.
D: is CDROM (UDF)
E: is Fixed (NTFS) - 39.06 GiB total, 17.57 GiB free.

\\.\PHYSICALDRIVE1 - WDC WD1600AAJS-98PSA0 - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.04 GiB - C:

\\.\PHYSICALDRIVE0 - WDC WD800JB-00JJC0 - 74.53 GiB - 1 partition
\PARTITION0 - Installable File System - 39.06 GiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

Unable to create WMI object.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Dave\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HILL1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Dave
LOGONSERVER=\\HILL1
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Dave\LOCALS~1\Temp
TMP=C:\DOCUME~1\Dave\LOCALS~1\Temp
USERDOMAIN=HILL1
USERNAME=Dave
USERPROFILE=C:\Documents and Settings\Dave
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Dave (admin)


-- Add/Remove Programs ---------------------------------------------------------

@BIOS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}\setup.exe" -l0x9 -removeonly
3D Windows XP Screen Saver --> rundll32.exe setupapi.dll,InstallHinfSection UninstallInstall 132 C:\WINDOWS\system32\3D Windows XP.inf
3DMark06 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\setup.exe" -l0x9 -removeonly
7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Aliens vs. Predator 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EF79591-BF16-4CF8-8FF0-D8AD968228B1}\SETUP.EXE"
Anacapri the Dream 1.0 --> C:\Program Files\Uninstall.exe
Anacapri Updates --> MsiExec.exe /I{CD16A5BF-6753-48CA-814A-790665896C29}
AnalogX BitPump --> C:\Program Files\AnalogX\BitPump\bitpumpu.exe
AquaMark3 --> C:\PROGRA~1\AQUAMA~1\UNWISE.EXE C:\PROGRA~1\AQUAMA~1\INSTALL.LOG
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BioShock --> C:\Program Files\InstallShield Installation Information\{E280923D-C5D9-4728-8C79-AC9A0DC75875}\Setup.exe -runfromtemp -l0x0009 -removeonly
BurnAware Free Edition --> "C:\Documents and Settings\All Users\Application Data\{732094A9-8D45-41EB-B8CC-4EBAADD7808E}\burnaware_free.exe" REMOVE=TRUE MODIFY=FALSE
Call of Duty® 4 - Modern Warfare™ --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.4 Patch --> C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Catalyst Registration --> MsiExec.exe /X{5E2691D1-9EDF-43E8-9CF2-E3DF6A17706E}
CDDRV_Installer --> MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Crysis® SP Demo --> MsiExec.exe /I{92AF2F5A-4407-4A03-A80A-5A2582264746}
DH Driver Cleaner Professional Edition --> C:\Program Files\Driver Cleaner Pro\Uninstall.exe
EasyTune5 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Gigabyte\ET5\Uninst.isu" -c"C:\Program Files\Gigabyte\ET5\uninstdrv.dll"
EVEREST Home Edition v2.20 --> "C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Far Cry --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}
FEARCombat --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75E607CF-7BAE-4B88-84B3-97F3DF44BA28}\setup.exe" -l0x9 /zU -removeonly
GTK+ Runtime 2.12.1 rev b (remove only) --> C:\Program Files\Common Files\GTK\2.0\uninst.exe
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Image Zone 4.7 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Express --> MsiExec.exe /X{8F7A4D82-B168-4F89-99C2-B9873EC877AF}
HP PSC & OfficeJet 4.7 --> "C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update --> MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
KhalInstallWrapper --> MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MozBackup 1.4.7 --> "C:\Program Files\MozBackup\unins000.exe"
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
ObjectDock --> C:\PROGRA~1\Stardock\OBJECT~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\INSTALL.LOG
OCCT Perestroika 1.1.1b --> "C:\Program Files\OCCT\unins000.exe"
OpenAL --> "C:\Program Files\OpenAL\oalinst.exe" /U
OpenOffice.org 2.3 --> MsiExec.exe /I{2F29D6D2-824E-4FEF-8AED-7013F39F642A}
PCMark05 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C104E56-A441-429D-A609-D8A46EB92EA1}\setup.exe" -l0x9 -removeonly
Pidgin --> C:\Program Files\Pidgin\pidgin-uninst.exe
PowerDVD Ultra --> "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -l0x000409 /z-uninstall
Prime95 --> "C:\Program Files\Prime95\Uninstall.exe" "C:\Program Files\Prime95\install.log"
REALTEK GbE & FE Ethernet PCI-E NIC Driver --> C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RivaTuner v2.06 --> "C:\Program Files\RivaTuner v2.06\uninstall.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SereneScreen Marine Aquarium 2.6 --> "C:\Program Files\Prolific Publishing, Inc\Marine Aquarium 2.6 & Goldfish Aquarium 2 Bundle\unins000.exe"
SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SYSTEM_INFO B07.0905.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC4914EF-6618-4949-A1CF-BD4917A00221}\setup.exe" -l0x9 -removeonly
ToolTipFixer 1.0.1 --> C:\Program Files\NeoSmart Technologies\ToolTipFixer\uninstall.exe
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
XBCD 1.07 --> C:\Program Files\XBCD\uninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type745 / Warning
Event Submitted/Written: 01/23/2008 08:55:59 PM
Event ID/Source: 40 / WinMgmt
Event Description:
WMI ADAP was unable to create the object Win32_PerfRawData_ASPNET_2050727_ASPNETAppsv2050727 for Performance Library ASP.NET_2.0.50727 because error 0x80041001 was returned

Event Record #/Type744 / Warning
Event Submitted/Written: 01/23/2008 08:55:59 PM
Event ID/Source: 35 / WinMgmt
Event Description:
WMI ADAP was unable to load the ASP.NET_2.0.50727 performance library because it returned invalid data: 0x0

Event Record #/Type743 / Warning
Event Submitted/Written: 01/23/2008 08:55:58 PM
Event ID/Source: 40 / WinMgmt
Event Description:
WMI ADAP was unable to create the object Win32_PerfRawData_ASPNET_ASPNETApplications for Performance Library ASP.NET because error 0x80041001 was returned

Event Record #/Type742 / Warning
Event Submitted/Written: 01/23/2008 08:55:58 PM
Event ID/Source: 35 / WinMgmt
Event Description:
WMI ADAP was unable to load the ASP.NET performance library because it returned invalid data: 0x0

Event Record #/Type724 / Warning
Event Submitted/Written: 01/23/2008 08:54:38 PM
Event ID/Source: 1020 / ASP.NET 2.0.50727.0
Event Description:
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2150 / Error
Event Submitted/Written: 02/01/2008 06:43:23 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Ad-Aware 2007 Service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type2137 / Error
Event Submitted/Written: 02/01/2008 06:40:07 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The NST ToolTipFixer service failed to start due to the following error:
%%1053

Event Record #/Type2136 / Error
Event Submitted/Written: 02/01/2008 06:40:07 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the NST ToolTipFixer service to connect.

Event Record #/Type2115 / Error
Event Submitted/Written: 01/31/2008 08:23:24 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer HILL2
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0C885828-D4DB-40AB-991.
The master browser is stopping or an election is being forced.

Event Record #/Type2099 / Error
Event Submitted/Written: 01/31/2008 08:01:19 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.100 for the Network Card with network address 001D7D9C9A8C has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).



-- End of Deckard's System Scanner: finished at 2008-02-01 18:44:48 ------------
  • 0

#4
Essexboy
Posted 02 February 2008 - 05:16 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm still nothing apparent. Let's try another spyware scanner to see what happens

Download and then run SuperAntispyware
  • On the first page select Check for Updates
  • On completion select SCAN YOUR COMPUTER
  • On the next page select COMPLETE SCAN and tick ALL your drives
  • The next stage will take a while as your entire drive(s), memory and registry are scanned
  • When it has completed click NEXT
  • The next screen shows the problems found click OK
  • On the next screen place a tick against all items and select NEXT
  • Now to get the log Go to the PREFERENCES button on the right bottom
  • Select the STATISTICS/LOG tab
  • Highlight the scan just completed and click VIEW LOG
  • This will open a notepad text file copy and paste this to your next reply

  • 0

#5
i2kdave
Posted 02 February 2008 - 09:40 AM

i2kdave

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
All it found was tracking cookies, I'm beginning to think the problem here is Ad-Aware. Here's the log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/02/2008 at 09:59 AM

Application Version : 3.9.1008

Core Rules Database Version : 3394
Trace Rules Database Version: 1386

Scan type : Complete Scan
Total Scan Time : 00:12:45

Memory items scanned : 510
Memory threats detected : 0
Registry items scanned : 4142
Registry threats detected : 0
File items scanned : 17706
File threats detected : 5

Adware.Tracking Cookie
C:\Documents and Settings\Dave\Cookies\[email protected][1].txt
C:\Documents and Settings\Dave\Cookies\dave@atdmt[2].txt
C:\Documents and Settings\Dave\Cookies\[email protected][2].txt
C:\Documents and Settings\Dave\Cookies\dave@2o7[2].txt
C:\Documents and Settings\Dave\Cookies\dave@tacoda[2].txt
  • 0

#6
Essexboy
Posted 02 February 2008 - 10:52 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

All it found was tracking cookies, I'm beginning to think the problem here is Ad-Aware. Here's the log:

It does look like it, have you tried uninstalling and the re-installing ? But as far as I can see your log appears clear

Now the best part of the day ----- Your log now appears clean :)

You may now delete the programmes I had you download


Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:
  • SpywareBlaster to help prevent spyware from installing in the first place.
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe :)
  • 0

#7
Essexboy
Posted 03 February 2008 - 06:07 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP