Sign in to follow this  
lance1234

Ad-aware 2008 freezes during deepscan of registry

Recommended Posts

Hi my sons college laptop has been freezing up during deep scan of the registry. I only get a chance to work on it during his breaks.

I would like to get ad-aware working again before he goes back to school.

I've followed the advise of several of the online chats but nothing seems to work.

-Reloaded ad-aware several times

-Hard drive error check and defrag (3) times

added:

-Dr web cure it

-spywareBlaster

-spybot

-windows defender

-ran "Windows live onecare" all 3 tools a few times

-purchased the "1 click PC fix v3.5" Mod. Edit. I believe this is a malware program; http://www.emsisoft.com/en/malware/?Adware...ClickPCFix+v3.5

-added McAfee Security System from Comcast and ran all of it's tools several times

 

Attached is a hijack this log

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:46:27 PM, on 12/31/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

{Removed by LS CalamityJane - HJT log not needed for Ad-Aware program troubleshooting}

Moved thread back to Ad-Aware

 

Appreciate any help

Lance

 

Mod. Edit. Since I noticed the bolded item, I have moved this topic to the HJT forum, eventhough the original problem may not be malware related. Casey

hijackthis.log

Edited by LS CalamityJane

Share this post


Link to post
Share on other sites

Thank you, I regretted buying it almost immediatley.

Did only a little reseach do to a limitted amount of time. It is now removed and I will run my other scans again and see if that helps.

Lance

Share this post


Link to post
Share on other sites

I ran Dr Web, McAfee, Windows defender, Spybot and Ad-aware quick scan. none of the programs found anything.

Ad-aware deep scan has been foze now for 14hours 22 minutes.

Any ideas?

Share this post


Link to post
Share on other sites

Hi again,

 

It appears this was not malware related - but it's the program you had was malware.

 

To resolve the scan sticking issue, please try this:

 

Ad-Aware > Settings > Scanning > untick deep archive scanning

also try

Ad-Aware > Settings > Scanning > skip files larger than 20480 Kb

 

Casey

Share this post


Link to post
Share on other sites

Did as you suggested...still frezes during deep scan. Here's a new hijack scan.

Thanks for your time.

Lance

Edited by casey_boy

Share this post


Link to post
Share on other sites

hi,

 

The HJT logs are not needed, so I have removed your last one.

 

Could you try booting the computer up in safe mode and try running a scan, see if that completes.

 

Casey

Share this post


Link to post
Share on other sites

Hi, can you check exactly what it sticks on?

 

It's not inprocserver32 (or something similar) is it?

Share this post


Link to post
Share on other sites

Hi

I've tried after each attemtped fix to run ad-aware in safe mode. The program gives the following error:

 

Exception EAccessViolation in module

Ad-Aware.exe at 001DA25C.

Access violation at address 005DA25C in module

'Ad-Aware'. Read address 00000418.

 

In the beginnig I deleted the registry path that it was freezing at. Realized I didn't know enough to be doing that.

The one I deleted was: object: IMPROCSERVER32 current path: CLSID\{FE9E48A4-A014-11D`-855C-00A0C944138C}.

It looked like it was part of the XP service pack 3 down load. When that didn't fix the problem I uninstalled service pack 3 and then reinstalled it hoping I hadn't screwed anything up.

 

They all freeze in the CLSID section starting with F or CAFE. Ad-aware did run in safe mode on the 2nd try but still froze at: ImprocServer32 CLSID\{FEDCFFC1-BEC4-11D1-93B9-0060979C8AB8}\

 

Everthing is working fine except for Ad-aware. Just being cautious since there was so much spyware on this system when I started.

 

Note: I have pictures of the adaware screens when they failed saved in word and paint. Have not been able to upload or paste them.

 

Thanks for your time,

Lance

Share this post


Link to post
Share on other sites

Looks like you've got (had) two problems. The bad registry key has been known to cause a problem before. One possible culprit if flash player. You could try installing it and reinstalling it but I'm not sure how successful this tends to be.

 

The Access Violation fault is likely to be caused by DEP. Please follow attached instructions to add add an exception or turn it off.

How_to_turn_off_DEP__Windows_XP_.pdf

Share this post


Link to post
Share on other sites

@Lance1234

found the following in your log :

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe.

 

Plz disable TeaTimer - it's not compatible with AAW *

 

Regards

Raziel B)

 

Mod.Edit/add./Raziel

 

*disable TT via S&D main program -- there is NO NEED to fix it with Hjt !

Edited by Raziel v. Nosgoth

Share this post


Link to post
Share on other sites

Hi

After reading a few of the other forums I removed Spybot last night.

DEP is not accessible on this dell laptop "Inspiron E1505" it requires I go to the boot.ini file.

What do you recommend?

Still freezing

Lance

 

also, what am I doing wrong? saving images in several formats and tried cutting small sections. I still can't paste them in.

Edited by Lance1234

Share this post


Link to post
Share on other sites

To upload images please use the attachment system. Can you tell me exactly where you have a problem when accessing DEP settings?

 

A screenshot if possible, thanks :)

post-65358-1231249589.png

Share this post


Link to post
Share on other sites

OK, since last post I have run:

 

CCleaner, both cleaner and registry cleaner and I cleaned everything except fonts doing this in several phases.

I have run McAfee complete scan as well as there "maintain computer" and Windows defender.

I have removed all the other programs.

I have done another harddrive Error check.

 

Ad-aware still freezes at "InprocServer32 CLSID"

 

Thanks for your time,

Here's the screen shots

 

Lance :)

 

 

post-65685-1231275345.jpg

post-65685-1231275148.png

post-65685-1231275159.jpg

post-65685-1231275266.png

post-65685-1231275213.jpg

 

Just ran another Scan with Malwarebytes Anti-malware. Here's the log:

 

Malwarebytes' Anti-Malware 1.32

Database version: 1625

Windows 5.1.2600 Service Pack 3

 

1/6/2009 5:44:23 PM

mbam-log-2009-01-06 (17-44-23).txt

 

Scan type: Full Scan (C:\|D:\|E:\|I:\|)

Objects scanned: 175645

Time elapsed: 1 hour(s), 40 minute(s), 39 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

post-65685-1231275024.jpg

Edited by Lance1234

Share this post


Link to post
Share on other sites

Help please!!!

 

I down loaded Dr WEB and ran it again.

none of the programs are finding anything.

 

I figured out the DEP issue and turned it back on making As-aware an exception like you said to do.

attached is the before and after freeze screens.

Should I just uninstall Ad-aware?

 

I appreciate your help,

Lance

 

post-65685-1231378017.jpg

post-65685-1231378532.jpg

Share this post


Link to post
Share on other sites

Hi :D

install Revo uninstaller*

run Revo in moderate mode or higher

uninstall AAW 2008 free

 

navigate to Documents & Settings/All Users/Application Data ** and delete the entire Lavasoft folder (If present)

hit WIN + <R> - type 'cleanmgr' - tag temp. files/temp. internet files/recycle bin and fire it up

install Windows Installer CleanUp Utility *

run WICU and delete all AAW references if present

reboot

 

run an update of CCleaner

open CCl - push the registry button - let CCl search for reg.-faults - don't fix it - post the screenshots from the results.

 

Regards

Raziel :wub:

 

* Freeware,dl link in my sign.

** hidden files (1. Open Windows Explorer

2. Click on the ‘Tools’ menu item

3. Click on ‘Folder Options’ item

4. Click on ‘View’

5. Uncheck ‘Hide extensions for known file types’

6. Check Hidden files -- Show all

Share this post


Link to post
Share on other sites

Hi again,

Since my son leaves on Saturday to go back to college I am giving this my last best effort.

Since CCleaner had only a few Items I backed it up up and cleaned them.

I also ran:

DrWEB

Spy Bot

Windows defender

McAfee

Malwarebytes Anti Malware

and then Ccleaner again just to make sure I got everything

and then I did another hard drive error check on all hard drives.

Restarted a few times just to keep things more frustrating.

 

No errors or problems found.

 

So I downloaded Ad-aware 2008 free. Saved it to my desk top and closed everything.

I then installed It and ran update, turned off the wireless connection and crossed my fingers.

No luck it FROZE!!! Here's what it looked like.

 

Also I went ahead and attached a Hijack this log just in case you see something there.

With our time difference I figure I have one more shot any IDEAS?

 

By the way we're in Washington State, USA and just getting hammered by rain and floods.

 

Thanks again for all the help and education. :D

 

post-65685-1231470627.jpg

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:04:31 PM, on 1/8/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\Program Files\McAfee\VirusScan\McShield.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\dllhost.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\NetWaiting\netWaiting.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll

O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll

O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)

O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,[email protected]

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk (file missing)

O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1186285628171

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.wsu.edu/sp/mallcam/AxisCamControl.ocx

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe

O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

 

--

End of file - 14384 bytes

 

hijackthis01082009.log

Edited by Lance1234

Share this post


Link to post
Share on other sites

Plz run an update to the current defs. :D

 

 

Have you ever tried to run AAW in Windows safe mode (F8) ? If not, do it and use the appearing new admin

account.

Raziel :D

 

open your task manager during the aaw scan and make a screen shot when aaw stucks

is there another program that also has a high amount of mem.-usage and cpu - usage ??

 

plz check JAVA - is it up to date ?

check CANON drivers and run an update.

also update Acrobat Reader - current version is 9 ( not 7)

 

Updating Java:

 

* Download the latest version of Java Runtime Environment (JRE) 6 Update 11.

* Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 11".

* Click the "Download" button to the right.

* For Platform, select "Windows"

* For language, select your language

* Read the License agreement and then Check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement".

* Click Continue

* Click on the link to download Windows Offline Installation and save to your desktop.

* Close any programs you may have running - especially your web browser.

* Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.

* Check any item with Java Runtime Environment (JRE or J2SE) in the name.

- Examples of older versions in Add or Remove Programs:

o Java 2 Runtime Environment, SE v1.4.2

o J2SE Runtime Environment 5.0

o Javaâ„¢ 6 Update 5

* Click the Remove or Change/Remove button.

* Repeat as many times as necessary to remove each Java versions.

* Reboot your computer once all Java components are removed.

* Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.

Edited by Raziel v. Nosgoth
add. question

Share this post


Link to post
Share on other sites

Hi :)

 

I ran a program mention on another thread, I am in safemode and don't have the name in front of me.

(I'm back in normal operating mode, the program that fixed the problem was SDFIX But scan it before using it. a trojan named "catchme" was in it.

It did the Job and am able to run a full Ad-aware scan in regular mode. It found a few things that I'll post soon.

 

The last problem I would like to fix is that Ad-aware won't run in safe mode. It's the same problem I've had all along. I'll attach a screen shot. It's very frustrating to be so close to solving this and not being able to finish. I attempted to repair Adaware through the add/repair window and the screen is the problem.

 

Also the run error that started me trying to repair is in the 2nd screen shot it's the same error I've been getting.

 

I have about 12 hours left.

 

thanks again :)

Lance

 

 

post-65685-1231564274.jpg

 

post-65685-1231564796.jpg

Edited by Lance1234

Share this post


Link to post
Share on other sites

Hi

 

A few hours left...Caught the worm early, I think it's gone. Ran the GMER file and it found nothing.

 

Adobe 9 installed in the last couple of days.

 

SDfix solved the Adaware 2008 free freeze problem and it now runs through a full scan.

 

I'm not sure if the worm was in the program because I foolishly didn't prescan before installing.

 

My last problem is getting Ad-aware to run in safe mode.

 

Thanks again,

 

Lance

 

post-65685-1231606799.jpg

Share this post


Link to post
Share on other sites

!! catchme !!

just to clarify : catchme is a vital part of SDFIX and GMER.

Probably is the malware alert a false positive.

 

Boot up in safe mode - open your own account - and try to start AAW.

If it doesn't work download and install SuperAntiSpyware and run an additional scan in safe mode.

 

Regards

Raziel :)

Share this post


Link to post
Share on other sites

;) THANK YOU!!!

 

It's hard to weed out the garbage. There is sooo much of it out there.

 

I forwarded this to my son.

 

So SDfix is Good? It sure freed up Ad-aware so it would run.

 

I Revo unistalled Ad-aware and booted in safe mode to reinstall but the system said security settings wouldn't allow it.

 

I'll let you know if the Super Anti spyware does the trick.

 

Should I reinstall SDfix?

 

Just reviewed previous post...I was multi tasking and apparently in reference to the Catchme file just brain farted...Of course I downloaded it!!

I'm clad you were able to clarify it was a good file though. Thanks

 

Thanks again :D

Lance

Edited by Lance1234

Share this post


Link to post
Share on other sites

Hi :)

 

I'm going to consider this thread closed.

 

My son is back at college with his computer running well and all scans running clean.

 

I had him install Super Anti spyware and it removed the last few items I was worried about.

 

I haven't heard if Ad-aware is running in safe mode yet. I'll make that a new item if it doesn't work.

 

I believe that SDfix http://www.bleepingcomputer.com/files/sdfix.php is what finally solved the deep registery scan problem, though each step did flush out errors within the system.

 

The knowledge I've gained in my first forum has been invigorating. It's nice to find such good people willing to help.

 

Thank you Raziel, Casey and GoddersUK

 

Lance :)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this