Hello all. Yesterday when I shut my PC down (and started it), all was ok. Today when I started it, I first noticed the "Add new hardware" wizard that pops up when you install new hardware(1), and no, nothing was changed nor added! I told it to search the HD and it said it found nothing for the device. During this time, there was one of those "balloons" popping from the System Tray saying it found something....that was ALREADY INSTALLED! This is a screenshot of both in one. http://www.orpheuscomputing.com/tests/1.png
I have one device connected to the Promise **IDE** controller and that's my 2nd HD used for storage, it's IDE. I could NOT access it! When I clicked the desktop icon I have for it, it wasn't found! (The Promise SATA controller is not being used at this time, and I have a Plextor DVD burner connected to the NATIVE SATA controller and it was unaffected). (1)(I also noticed that during this boot, something didn't fully load. It's a program called "Power Strip" and it's a program that controls/tweaks video card and monitor settings. I have to use it because my LCD monitor has too much contrast and when the DVI connector is used for it you can't use the contrast settings! So I made a "profile" via batch file for that lower contrast setting. It's in the "Start Up" folder, so it loads when the Desktop loads, then AUTOMATICALLY SHUTS DOWN. The profile loaded, but it didn't shut down this time!) I then opened the Device Manager and to my surprise, the Promise controller was **STILL installed and showing up correctly** (underlined in red in the image below), yet there was a *NEW* entry for some *OTHER* Promise device! (That's the yellow ? mark area just above the red underlined area in the image below). http://www.orpheuscomputing.com/tests/2.png I then clicked "Show hidden devices" and saw these 3 yellow marked areas below: (that black rectangle insert at right is the other area I just pasted there so they would fit in one image. It was further down in that area below "AxPsHook11"). http://www.orpheuscomputing.com/tests/3.png I went to the "Event Viewer" to see if anything unusual was there and found this: http://www.orpheuscomputing.com/tests/4.png Now it says AxPsHook11 is a "Service", but nothing like it shows under XP's "Services"! (Of course clicking the link XP provides is totally useless as always). Befuddled about this, I restarted and all appeared to be well. It's not enough for it to go away, I'm of the "school" that wants to know HOW and WHY this happened. I later ran my anti-malware programs, as I normally do, unrelated to this. AdAware once again tagged "Spyware Nuker XT". It's always tagging it because they apparently stole the database from Lavasoft (creators of AdAware). However, this time instead of tagging a few registry entries Spyware Nuker creates, AdAware was tagging actual FILES of Spyware Nuker! Now observe what is stated in the log file for AdAware: Disk Scan Result for C:\WINDOWS\system\ ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; SpyWareNukerXT Object Recognized! Type : File Data : pshook11.sys TAC Rating : 3 Category : Misc Comment : Object : C:\WINDOWS\system32\drivers\ FileVersion : 5.2.3639.0 ProductVersion : 5.2.3639.0 ProductName : Anti-Virus Engine CompanyName : TrekBlue, LLC FileDescription : Process Hooks Driver InternalName : pshook.sys LegalCopyright : Copyright 2005 TrekBlue OriginalFilename : pshook.sys Performing conditional scans... ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; SpyWareNukerXT Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\controlset001\services\axpshook11 SpyWareNukerXT Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\controlset001\services\axpshook11 Value : ErrorControl SpyWareNukerXT Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\controlset001\services\axpshook11 Value : Start SpyWareNukerXT Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\controlset001\services\axpshook11 Value : ImagePath SpyWareNukerXT Object Recognized! Type : Regkey Data : TAC Rating : 3 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\currentcontrolset\services\axpshook11 SpyWareNukerXT Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\currentcontrolset\services\axpshook11 Value : ErrorControl SpyWareNukerXT Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\currentcontrolset\services\axpshook11 Value : Start SpyWareNukerXT Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\currentcontrolset\services\axpshook11 Value : ImagePath SpyWareNukerXT Object Recognized! Type : Folder TAC Rating : 3 Category : Data Miner Comment : SpyWareNukerXT Object : C:\Program Files\Spyware Nuker Hmm, look at all those "axpshook11" entries! Yes, obviously connected to this AxPsHook issue, but (and here's the questions) what the heck could that have to do with: 1. Power Strip not loading; 2. The new Promise hardware found; and 3. Not being able to access my storage HD???? NONE of this has EVER happened before! Today was the first time any of this has ever happened. As of now, I have not let AdAware remove those entries. There was an update to AdAware before I ran it, obviously this new data on Spyware Nuker was just included in the new update. I searched the registry for 'axpshook' and every entry I found was "axpshook11" and there was absolutely no identifiable data in the registry tags that told me anything about it. Some of the tags were "LEGACY_AXPSHOOK11", "Legacy" usually means some type of driver, and an older one at that. I can't say if that's the case here. So....any comments/answers/info on this? :-) -Clint God Bless Clint Hamilton, Owner http://OrpheusComputing.com ) http://ComputersCustomBuilt.com ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
