TechSpot

Right Click On Desktop Closes Explorer and Dr Watson Message

By Seanchai
Feb 24, 2005
Topic Status:
Not open for further replies.
  1. Rt Click On Desktop Causes Explorer To Close And Dr Watson Message

    I installed a new video card (Radeon 9600 SE) replacing an old Nvidia card.
    I'm using Windows XP

    Now when I click on my desktop I get a window poping up saying "Windows explorer has encountered a problem and has to close"

    After I close it then a window pops up saying Dr watson post mordem has encountered a problem and has to close. Then it locks. I have to do a Ctrl Alt Delete and open windows task manager to close drwtsn32.exe then it unlocks.



    I ran hijack this and this is my log - Please help...

    Logfile of HijackThis v1.99.1
    Scan saved at 10:31:09 PM, on 2/23/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\EzVoice 2.0\ezvoice2.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\System32\GEARSEC.EXE
    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\WINNT\System32\NMSSvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINNT\System32\svchost.exe
    C:\WINNT\explorer.exe
    C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Owner\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.humanitysteameugene.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ukdy8bez.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ukdy8bez.slt\prefs.js)
    O2 - BHO: C:\WINNT\lbbho.dll - {448C21FF-9406-426B-9E51-1B237B830A4D} - C:\WINNT\lbbho.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
    O4 - Startup: EzVoice 2.0.lnk = C:\Program Files\EzVoice 2.0\ezvoice2.exe
    O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
    O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
    O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: ComcastHSI - {1691BA5B-6B2A-4A86-8B4E-5699E37E7528} - http://www.comcast.net (file missing) (HKCU)
    O9 - Extra button: Support - {4F08E4D4-29EA-4888-A1D9-6A7BB39C3FBA} - http://www.comcastsupport.com (file missing) (HKCU)
    O9 - Extra button: Help - {DC2E4D98-201C-4FAA-B581-A05572452D9D} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
    O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/ac...supportutil.CAB
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
    O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
    O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.digitalsurveillancecenter.com/a...sCamControl.cab
    O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
    O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\System32\GEARSEC.EXE
    O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe


    Any help is very welcome and appreciated.
  2. poertner_1274

    poertner_1274 secroF laicepS topShceT Posts: 4,745

    Did you remove all of your old nVidia drivers before you installed your new ATI ones? This can cause some serious problems.

    BTW
    :wave:Welcome to TechSpot:wave:
  3. Seanchai

    Seanchai TS Rookie Topic Starter

    Yes I have removed all other drivers first.
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    Boot in Safe Mode
    Switch off System Restore
    Press ctrl/alt/del and in Taskmanager try to STOP:

    FS20.exe

    Then try to UNinstall anything to do with:
    C:\Program Files\Free Surfer\FS20.exe
    C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsa vings_script0.htm

    Next, run HJT on its own and let it 'fix':
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.humanitysteameugene.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
    O2 - BHO: C:\WINNT\lbbho.dll - {448C21FF-9406-426B-9E51-1B237B830A4D} - C:\WINNT\lbbho.dll
    O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsa vings_script0.htm
    O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
    O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: ComcastHSI - {1691BA5B-6B2A-4A86-8B4E-5699E37E7528} - http://www.comcast.net (file missing) (HKCU)
    O9 - Extra button: Support - {4F08E4D4-29EA-4888-A1D9-6A7BB39C3FBA} - http://www.comcastsupport.com (file missing) (HKCU)
    O9 - Extra button: Help - {DC2E4D98-201C-4FAA-B581-A05572452D9D} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
    O16 - DPF: symsupportutil - https://www-secure.symantec.com/tec...supportutil.CAB
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.co...t/c381/chat.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
    O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
    O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.digitalsurveillancecente...sCamControl.cab
    O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB

    When done, delete the bold files. When a directory is also bold, delete everything in it, including that directory itself.

    Boot normal. If OK, turn System Restore back on.
  5. luvhuffer

    luvhuffer TechSpot Paladin Posts: 638

    Close any open programs, put a check by these first 2 items and hit "Fix Checked" The links will explain what they are. Go and read them and pay attention to how they are downloaded on your system.Usually they are installed because you gave them permission, by agreeing to an EULA without reading it first. Always read the end user license agreement and never download a program that downloads 3rd party software or shares your info with their "partners" (partners usually being spammers who buy your e-mail address and other data, or companies that will track your surfing activity with spyware) No program is that good to have to accept that to get it.

    O2 - BHO: C:\WINNT\lbbho.dll - {448C21FF-9406-426B-9E51-1B237B830A4D} - C:\WINNT\lbbho.dll
    http://www.kephyr.com/spywarescanner/library/relatedlinks.lbbho/index.phtml
    O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsa vings_script0.htm
    http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453073593

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    This string belongs to SHDOCVW.DLL It is a legit system file. It shouldn’t be in the extra button category I don‘t think. I'm not 100% sure so I won't say to delete it. It has a known exploit used by some viruses like Bofra.A / MyDoom variant. Is your anti-virus updated?

    Are you running Norton and Symantec at the same time? Two AV programs will cause conflicts.When you are using your PC, before you get these messages and explorer shuts down, hit Ctrl-Alt-Delete and go to the processes tab and see if anything in there is using a lot of memory. Go to this link and download and install Spyware Blaster and Spyware Guard. Blaster will prevent most spyware from installing on your computer. Spyware Guard will notify you before anyone adds a browser helper object, start-up item, or tries to write to the registry, with a pop-up that asks if you want the change
    http://www.javacoolsoftware.com/spywareblaster.html
    http://www.javacoolsoftware.com/sgdownload.html

    I see you are using FreeSurfer. That's a good pop-up blocker. If you like IE and don't want to use Firefox, I would suggest you check out Deepnet Explorer. It's much more secure than IE. It blocks pop-ups and floaters, is tabbed, and has a phishing alarm and content filter. It has a built in news feed and p2p download program. I'm a die hard IE fan but switched to Deepnet permanently after about 5 minutes. You might want to check it out.
    http://deepnetexplorer.com/tour/tour_1.asp

    Edit: I forgot. You should turn off system restore in system properties. That will delete all your restore files and save points. Right click my computer hit properties, go to system restore tab. Check the box to turn them off. Then come back and uncheck the box when you are done with the removal.It will automatically make a new restore point. These programs are probably in there and will come right back if you ever need to use system restore. Also go to your program files and see if there are any you don't remember downloading. If there are, go to add/remove programs and delete them.
  6. Seanchai

    Seanchai TS Rookie Topic Starter

    Thank you very much for your reply..

    I did what you suggested, and it did not work. I have more information that might help. I uninstalled the ati software, (I decided on a different card). As soon as I uninstalled it the problem was gone, I could rt click on my desktop again. I then installed the new Nvidia card and it's drivers and the problem was back. Here is the new hijack this log file, I appreciate anymore help you might be willing to give me.


    Logfile of HijackThis v1.99.1
    Scan saved at 10:34:47 AM, on 2/27/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\EzVoice 2.0\ezvoice2.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\System32\GEARSEC.EXE
    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINNT\system32\nvsvc32.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\explorer.exe
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Owner\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.humanitysteameugene.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ukdy8bez.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ukdy8bez.slt\prefs.js)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - Startup: EzVoice 2.0.lnk = C:\Program Files\EzVoice 2.0\ezvoice2.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
    O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe
    O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
    O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.digitalsurveillancecenter.com/activex/AxisCamControl.cab
    O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
    O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\System32\GEARSEC.EXE
    O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
  7. tbrunt3

    tbrunt3 TS Rookie Posts: 495

    Hello welcome to Techspot

    First download a program called nasty file remover from here.
    http://www.majorgeeks.com/download3233.html
    let this program run slect ATI it will find the ati drivers remove these..

    Do the same for Nivida and reinstall the Nvidia drivers..

    Last program to download and install is A-Squared after this is installed update it and let it do its thing if something is found it will remove it..

    Download A-Squared from here

    http://www.emsisoft.com/en/software/free/

    Run THIS program with all windows closed!

    The last thing Place HJT in its own folder C/HJT not in your docments and settings like it is now this is very important for back up. Also update your antivirus and spyware programs than after you do all the above repost oyur log here..
  8. Seanchai

    Seanchai TS Rookie Topic Starter

    I downloaded nasty file remover and ran it. It came up with 7 files for ATI.
    I selected delete files but it wont remove them, I tried over and over. These are the files it found, should I try to delete them manually?
    File listing created using Nasty File Remover 0.7.2
    Created on 02-27-2005 12:34:03
    Copyright ©2003 by Rudy Alex Kohn [rudz@software.dk] - Freeware
    Updates and info : http://rudz.frac.dk
    ------------------------------
    Path : C:\WINNT\system32\
    ------------------------------
    Files:

    ati2cqag.dll 224 KB 5.2.3790.2 Central Memory Manager / Queue Server Module
    ati2dvaa.dll 369 KB 5.1.2600.0 Ati Rage 128 Windowsnt Display Driver
    ati2dvag.dll 197 KB 6.14.10.6462 Ati Radeon Windowsnt Display Driver
    ati3d1ag.dll 850 KB 6.14.10.4071 Ati3d1ag.dll
    ati3duag.dll 1.80 MB 6.14.10.0231 Ati3duag.dll
    ativtmxx.dll 32 KB 6.14.10.6238 Ati Overlay Theater Mode Provider
    ativvaxx.dll 504 KB 6.14.01.0009 Radeon Video Acceleration Universal Driver
  9. tbrunt3

    tbrunt3 TS Rookie Posts: 495

    Yes remove manual if you are going to use a Nivida card...
  10. luvhuffer

    luvhuffer TechSpot Paladin Posts: 638

  11. Seanchai

    Seanchai TS Rookie Topic Starter

    Thanks again, I relly appreciate all the help I'm receiving, however...
    I did everything that was suggested. After I uninstalled the Nvidia drivers and software the problem went away. After reinstalling the Nvidia drivers the problem re-appeared. I also ran asquared. Here is my current log file -

    Logfile of HijackThis v1.99.1
    Scan saved at 8:52:20 PM, on 2/27/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\csrss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINNT\system32\RUNDLL32.EXE
    C:\Program Files\a2\a2guard.exe
    C:\Program Files\EzVoice 2.0\ezvoice2.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\System32\GEARSEC.EXE
    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINNT\system32\nvsvc32.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\wdfmgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINNT\System32\alg.exe
    C:\WINNT\explorer.exe
    C:\WINNT\system32\wuauclt.exe
    C:\Documents and Settings\Owner\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.humanitysteameugene.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ukdy8bez.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ukdy8bez.slt\prefs.js)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
    O4 - Startup: EzVoice 2.0.lnk = C:\Program Files\EzVoice 2.0\ezvoice2.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
    O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe
    O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
    O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.digitalsurveillancecenter.com/activex/AxisCamControl.cab
    O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
    O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\System32\GEARSEC.EXE
    O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
     
  12. luvhuffer

    luvhuffer TechSpot Paladin Posts: 638

    A couple of questions. What nVidia card are you using? What drivers are you using for the card? What version of DirectX are you using? What type of video card is it? Is it AGP or PCI? In your bIOS you should have a setting something like "initial display first", or "primary graphics adapter". That has to be set to AGP or PCI, which ever you have. What is the mobo make and model? And last question. Have you tried resetting your BIOS to default or clearing the CMOS yet?
  13. tbrunt3

    tbrunt3 TS Rookie Posts: 495

    Hello Seanchai


    First off you need to run Hijackthis from its own folder NOT WHERE IT IS AT NOW the folder should be C/HJT this is for back up purpose and very important.

    Next Far as I can see log pretty clear nothing really poping up at me youmight think about paying a visit to www.blackviper.com to do away with some of those unneeded services..

    Besides the obvious questions that were posted above have you done anything else to your computer like update anything or change anything..THere a few ways to take care fo this problem..

    ONE is a registery hack

    START/RUN regedit in box
    YOu will be going to HKEY_Local_Machine
    Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug
    Name: Auto
    Type: REG_DWORD
    Value: 0 disable
    Value: 1 enable

    Make a Registery back up first

    Here is the other way

    check this out

    http://windowsxp.mvps.org/slowrightclick.htm

    let us know
  14. Seanchai

    Seanchai TS Rookie Topic Starter

    I'm using a PNY GeForce 6600 Gt. I'm using the drivers that came with the card. I'm running DirectX 9 and it is an AGP card. I have not tried resetting my bios, I don't know how :)
  15. Mictlantecuhtli

    Mictlantecuhtli TS Evangelist Posts: 4,916   +9

    Next time I'll delete double posts without merging them, even if they had replies.

    One thread per question is enough here.
  16. Seanchai

    Seanchai TS Rookie Topic Starter

    Well, I tried shellex view with no luck, boy this is frustrating :hotbounce
  17. Seanchai

    Seanchai TS Rookie Topic Starter

    One other thing worth mentioning...

    When I replaced the video card I rebooted the computer and my clock had reset to 12:00 a.m. almost as if the battery got unpluged, but it didn't.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.