Right Click On Desktop Closes Explorer and Dr Watson Message

Status
Not open for further replies.
S

Seanchai

Posts: 11   +0
Rt Click On Desktop Causes Explorer To Close And Dr Watson Message

I installed a new video card (Radeon 9600 SE) replacing an old Nvidia card.
I'm using Windows XP

Now when I click on my desktop I get a window poping up saying "Windows explorer has encountered a problem and has to close"

After I close it then a window pops up saying Dr watson post mordem has encountered a problem and has to close. Then it locks. I have to do a Ctrl Alt Delete and open windows task manager to close drwtsn32.exe then it unlocks.



I ran hijack this and this is my log - Please help...

Logfile of HijackThis v1.99.1
Scan saved at 10:31:09 PM, on 2/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\EzVoice 2.0\ezvoice2.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\GEARSEC.EXE
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\explorer.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.humanitysteameugene.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ukdy8bez.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ukdy8bez.slt\prefs.js)
O2 - BHO: C:\WINNT\lbbho.dll - {448C21FF-9406-426B-9E51-1B237B830A4D} - C:\WINNT\lbbho.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - Startup: EzVoice 2.0.lnk = C:\Program Files\EzVoice 2.0\ezvoice2.exe
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ComcastHSI - {1691BA5B-6B2A-4A86-8B4E-5699E37E7528} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Support - {4F08E4D4-29EA-4888-A1D9-6A7BB39C3FBA} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: Help - {DC2E4D98-201C-4FAA-B581-A05572452D9D} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/ac...supportutil.CAB
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.digitalsurveillancecenter.com/a...sCamControl.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\System32\GEARSEC.EXE
O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe


Any help is very welcome and appreciated.
 
Did you remove all of your old nVidia drivers before you installed your new ATI ones? This can cause some serious problems.

BTW
:wave:Welcome to TechSpot:wave:
 
Boot in Safe Mode
Switch off System Restore
Press ctrl/alt/del and in Taskmanager try to STOP:
FS20.exe

Then try to UNinstall anything to do with:
C:\Program Files\Free Surfer\FS20.exe
C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsa vings_script0.htm

Next, run HJT on its own and let it 'fix':
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.humanitysteameugene.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
O2 - BHO: C:\WINNT\lbbho.dll - {448C21FF-9406-426B-9E51-1B237B830A4D} - C:\WINNT\lbbho.dll
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsa vings_script0.htm
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free Surfer\FS20.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: ComcastHSI - {1691BA5B-6B2A-4A86-8B4E-5699E37E7528} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Support - {4F08E4D4-29EA-4888-A1D9-6A7BB39C3FBA} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: Help - {DC2E4D98-201C-4FAA-B581-A05572452D9D} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: symsupportutil - https://www-secure.symantec.com/tec...supportutil.CAB
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.co...t/c381/chat.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.digitalsurveillancecente...sCamControl.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB

When done, delete the bold files. When a directory is also bold, delete everything in it, including that directory itself.

Boot normal. If OK, turn System Restore back on.
 
Close any open programs, put a check by these first 2 items and hit "Fix Checked" The links will explain what they are. Go and read them and pay attention to how they are downloaded on your system.Usually they are installed because you gave them permission, by agreeing to an EULA without reading it first. Always read the end user license agreement and never download a program that downloads 3rd party software or shares your info with their "partners" (partners usually being spammers who buy your e-mail address and other data, or companies that will track your surfing activity with spyware) No program is that good to have to accept that to get it.

O2 - BHO: C:\WINNT\lbbho.dll - {448C21FF-9406-426B-9E51-1B237B830A4D} - C:\WINNT\lbbho.dll
http://www.kephyr.com/spywarescanner/library/relatedlinks.lbbho/index.phtml
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsa vings_script0.htm
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453073593

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
This string belongs to SHDOCVW.DLL It is a legit system file. It shouldn’t be in the extra button category I don‘t think. I'm not 100% sure so I won't say to delete it. It has a known exploit used by some viruses like Bofra.A / MyDoom variant. Is your anti-virus updated?

Are you running Norton and Symantec at the same time? Two AV programs will cause conflicts.When you are using your PC, before you get these messages and explorer shuts down, hit Ctrl-Alt-Delete and go to the processes tab and see if anything in there is using a lot of memory. Go to this link and download and install Spyware Blaster and Spyware Guard. Blaster will prevent most spyware from installing on your computer. Spyware Guard will notify you before anyone adds a browser helper object, start-up item, or tries to write to the registry, with a pop-up that asks if you want the change
http://www.javacoolsoftware.com/spywareblaster.html
http://www.javacoolsoftware.com/sgdownload.html

I see you are using FreeSurfer. That's a good pop-up blocker. If you like IE and don't want to use Firefox, I would suggest you check out Deepnet Explorer. It's much more secure than IE. It blocks pop-ups and floaters, is tabbed, and has a phishing alarm and content filter. It has a built in news feed and p2p download program. I'm a die hard IE fan but switched to Deepnet permanently after about 5 minutes. You might want to check it out.
http://deepnetexplorer.com/tour/tour_1.asp

Edit: I forgot. You should turn off system restore in system properties. That will delete all your restore files and save points. Right click my computer hit properties, go to system restore tab. Check the box to turn them off. Then come back and uncheck the box when you are done with the removal.It will automatically make a new restore point. These programs are probably in there and will come right back if you ever need to use system restore. Also go to your program files and see if there are any you don't remember downloading. If there are, go to add/remove programs and delete them.
 
Thank you very much for your reply..

I did what you suggested, and it did not work. I have more information that might help. I uninstalled the ati software, (I decided on a different card). As soon as I uninstalled it the problem was gone, I could rt click on my desktop again. I then installed the new Nvidia card and it's drivers and the problem was back. Here is the new hijack this log file, I appreciate anymore help you might be willing to give me.


Logfile of HijackThis v1.99.1
Scan saved at 10:34:47 AM, on 2/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\EzVoice 2.0\ezvoice2.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\GEARSEC.EXE
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.humanitysteameugene.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ukdy8bez.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ukdy8bez.slt\prefs.js)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - Startup: EzVoice 2.0.lnk = C:\Program Files\EzVoice 2.0\ezvoice2.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.digitalsurveillancecenter.com/activex/AxisCamControl.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\System32\GEARSEC.EXE
O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
 
Hello welcome to Techspot

First download a program called nasty file remover from here.
http://www.majorgeeks.com/download3233.html
let this program run slect ATI it will find the ati drivers remove these..

Do the same for Nivida and reinstall the Nvidia drivers..

Last program to download and install is A-Squared after this is installed update it and let it do its thing if something is found it will remove it..

Download A-Squared from here

http://www.emsisoft.com/en/software/free/

Run THIS program with all windows closed!

The last thing Place HJT in its own folder C/HJT not in your docments and settings like it is now this is very important for back up. Also update your antivirus and spyware programs than after you do all the above repost oyur log here..
 
I downloaded nasty file remover and ran it. It came up with 7 files for ATI.
I selected delete files but it wont remove them, I tried over and over. These are the files it found, should I try to delete them manually?
File listing created using Nasty File Remover 0.7.2
Created on 02-27-2005 12:34:03
Copyright ©2003 by Rudy Alex Kohn [rudz@software.dk] - Freeware
Updates and info : http://rudz.frac.dk
------------------------------
Path : C:\WINNT\system32\
------------------------------
Files:

ati2cqag.dll 224 KB 5.2.3790.2 Central Memory Manager / Queue Server Module
ati2dvaa.dll 369 KB 5.1.2600.0 Ati Rage 128 Windowsnt Display Driver
ati2dvag.dll 197 KB 6.14.10.6462 Ati Radeon Windowsnt Display Driver
ati3d1ag.dll 850 KB 6.14.10.4071 Ati3d1ag.dll
ati3duag.dll 1.80 MB 6.14.10.0231 Ati3duag.dll
ativtmxx.dll 32 KB 6.14.10.6238 Ati Overlay Theater Mode Provider
ativvaxx.dll 504 KB 6.14.01.0009 Radeon Video Acceleration Universal Driver
 
Thanks again, I relly appreciate all the help I'm receiving, however...
I did everything that was suggested. After I uninstalled the Nvidia drivers and software the problem went away. After reinstalling the Nvidia drivers the problem re-appeared. I also ran asquared. Here is my current log file -

Logfile of HijackThis v1.99.1
Scan saved at 8:52:20 PM, on 2/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\a2\a2guard.exe
C:\Program Files\EzVoice 2.0\ezvoice2.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\GEARSEC.EXE
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\wdfmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\System32\alg.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.humanitysteameugene.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ukdy8bez.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ukdy8bez.slt\prefs.js)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - Startup: EzVoice 2.0.lnk = C:\Program Files\EzVoice 2.0\ezvoice2.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.digitalsurveillancecenter.com/activex/AxisCamControl.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\System32\GEARSEC.EXE
O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
 
A couple of questions. What nVidia card are you using? What drivers are you using for the card? What version of DirectX are you using? What type of video card is it? Is it AGP or PCI? In your bIOS you should have a setting something like "initial display first", or "primary graphics adapter". That has to be set to AGP or PCI, which ever you have. What is the mobo make and model? And last question. Have you tried resetting your BIOS to default or clearing the CMOS yet?
 
Hello Seanchai


First off you need to run Hijackthis from its own folder NOT WHERE IT IS AT NOW the folder should be C/HJT this is for back up purpose and very important.

Next Far as I can see log pretty clear nothing really poping up at me youmight think about paying a visit to www.blackviper.com to do away with some of those unneeded services..

Besides the obvious questions that were posted above have you done anything else to your computer like update anything or change anything..THere a few ways to take care fo this problem..

ONE is a registery hack

START/RUN regedit in box
YOu will be going to HKEY_Local_Machine
Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug
Name: Auto
Type: REG_DWORD
Value: 0 disable
Value: 1 enable

Make a Registery back up first

Here is the other way

check this out

http://windowsxp.mvps.org/slowrightclick.htm

let us know
 
I'm using a PNY GeForce 6600 Gt. I'm using the drivers that came with the card. I'm running DirectX 9 and it is an AGP card. I have not tried resetting my bios, I don't know how :)
 
Next time I'll delete double posts without merging them, even if they had replies.

One thread per question is enough here.
 
One other thing worth mentioning...

When I replaced the video card I rebooted the computer and my clock had reset to 12:00 a.m. almost as if the battery got unpluged, but it didn't.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
775
uber_beetle
uber_beetle
S
  • Locked
Inactive Am I infected?
Replies
8
Views
3K
Broni
Broni
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni

Latest posts

Back