Help save my laptop

This section is for XP operating system problems and requests for help.
User avatar
GrayArray
Contributor
Contributor
Posts: 45
Joined: Mon May 14, 2007 11:40 pm
Location: Maryland
Contact:

Help save my laptop

Post by GrayArray » Fri Jun 22, 2007 3:57 am

Okay, so I was trying to right-click on my desktop to create a new text document and my screen disappeared.  A couple seconds later the Dr. Watson Postmortem Debugger popped up.  I had to Ctrl-Alt-Del and run taskman to kill drwatson32.  That brought my desktop back.  If I try again, the same things happen, repeated numerous times, mostly on accident.

Things I've tried:
1.  Disk Cleanup
2.  Spyware search (Spybot S&D, Ad-Aware, SuperAnti-Spyware, and Windows Defender)
3.  Antivirus from boot (AVG and Avast)
4.  Disk Defragmentation (Windows Defrag and Contig)
5.  System Restore (from last time I knew for sure it worked)
6.  Killed all network connections, and it still happened
7.  Killed all unnecessary apps in taskman, and it still happened
8.  Rebooted multiple times
9.  Yelled at machine until I felt better...  DIDN'T HELP AT ALL!!!!!  :pissed_off:

Any other suggestions???  :glupek2:
:please:
John
Gray Array, Wireless Guy
Skilled in the art of Wifi Fu

Squeezebox
Administrator
Administrator
Posts: 1647
Joined: Sat Sep 24, 2005 9:51 pm
Location: UK

Re: Help save my laptop

Post by Squeezebox » Fri Jun 22, 2007 5:57 am

Hi John

Start with an easy question eh?  You could try sfc /scannow from the run box. You'll need an XP CD if anything is found.
Image

Essexboy
Administrator
Administrator
Posts: 903
Joined: Wed Sep 14, 2005 11:20 am
Location: Helston - Cornwall
Contact:

Re: Help save my laptop

Post by Essexboy » Fri Jun 22, 2007 6:24 pm

One further question - does it happen with a particular action or at any time and what programme does the debugger reference
VISTA
XPsp2
Avast (of course)
Image


http://spaces.msn.com/members/essexboymkn/

If ignorance is bliss  why aren't more people happy?

User avatar
GrayArray
Contributor
Contributor
Posts: 45
Joined: Mon May 14, 2007 11:40 pm
Location: Maryland
Contact:

Re: Help save my laptop

Post by GrayArray » Tue Jun 26, 2007 3:14 am

Sorry it took so long to reply, I will try the recommendation listed.  I was out of town on business for a few days.  I willpost my results tomorrow.

As for the cause of the error, it happens only on right-click in blank space on the desktop.  It references shell32.dll when I review the error logs.

As I said before, I will try the sfc /scannow tomorrow...  Need sleep...

Cheers, John
Gray Array, Wireless Guy
Skilled in the art of Wifi Fu

User avatar
GrayArray
Contributor
Contributor
Posts: 45
Joined: Mon May 14, 2007 11:40 pm
Location: Maryland
Contact:

Re: Help save my laptop

Post by GrayArray » Wed Jun 27, 2007 3:34 am

Dave,
    I ended up having to run sfc /scanonce to run at boot, and nothing was found.  The error still remains...  :nunu:

What to do now?  I will try HJT and Rk-Revealer and see what that comes up with.  It's really getting annoying now.  Thinking about just doing a re-install, I've already built a new XP with nLite and waiting to drop the bomb.

John
Gray Array, Wireless Guy
Skilled in the art of Wifi Fu

User avatar
GrayArray
Contributor
Contributor
Posts: 45
Joined: Mon May 14, 2007 11:40 pm
Location: Maryland
Contact:

Re: Help save my laptop

Post by GrayArray » Wed Jun 27, 2007 4:01 am

Okay, Output from HJT:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:36:11 PM, on 6/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Gray_Array\Desktop\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B73F6A48-4E28-4A9D-ACB1-567CF1ACB40D}: NameServer = 192.168.10.2
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - (no file)
----------------------------------------------------------------------------
Output from Rootkit revealer:
HKLM\SECURITY\Policy\Secrets\SAC* 2/25/2006 10:52 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 2/25/2006 10:52 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6\ProductName 4/25/2006 12:36 PM 58 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\DisplayName 4/25/2006 12:41 PM 58 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 11/21/2006 3:11 PM 0 bytes Access is denied.
HKLM\SYSTEM\ControlSet001\Services\vax347s\Config\jdgg40 4/25/2006 1:07 PM 0 bytes Hidden from Windows API.
C:\System Volume Information\_restore{801E456B-4296-4E1C-8413-4B35C6DA30F8}\RP458\A0070109.RDB 6/26/2007 11:41 PM 2.82 MB Visible in directory index, but not Windows API or MFT.


Welcome to any/all suggestions.  About to pick up an external HDD and backup my files and reinstall, seriously.  I may even get rid of windows altogether and go straight Ubuntu Linux.

John
Gray Array, Wireless Guy
Skilled in the art of Wifi Fu

Squeezebox
Administrator
Administrator
Posts: 1647
Joined: Sat Sep 24, 2005 9:51 pm
Location: UK

Re: Help save my laptop

Post by Squeezebox » Wed Jun 27, 2007 7:02 am

Hi John,

Essexboy is the expert, best to let him advise. My contributions are:

C:\WINDOWS\system32\Ati2evxx.exe  (ATI External Event Utility)
There are two instances of this. I think there should only be one, and it might be possible to remove it in msconfig. Try a Google search on the exe file, you will see what I mean.

All the 09 entries are 'questionable'.

Also, you could try replacing shell32.dll.
Image

Essexboy
Administrator
Administrator
Posts: 903
Joined: Wed Sep 14, 2005 11:20 am
Location: Helston - Cornwall
Contact:

Re: Help save my laptop

Post by Essexboy » Wed Jun 27, 2007 8:29 pm

Log looks clean, currently no further thought, but working on it 
VISTA
XPsp2
Avast (of course)
Image


http://spaces.msn.com/members/essexboymkn/

If ignorance is bliss  why aren't more people happy?

User avatar
GrayArray
Contributor
Contributor
Posts: 45
Joined: Mon May 14, 2007 11:40 pm
Location: Maryland
Contact:

Re: Help save my laptop

Post by GrayArray » Wed Jun 27, 2007 9:17 pm

I appreciate the help, really I do.  I also don't want to have to reinstall my machine, too many apps to find again.

Thanks a million fellas.

John

PS.  This is what part of the alphabet would look like if Q and R were eliminated.  :dancer:
Gray Array, Wireless Guy
Skilled in the art of Wifi Fu

windowsxp550
Administrator
Administrator
Posts: 851
Joined: Sun Apr 24, 2005 9:26 pm
Location: Twin Cities - Minnesota
Contact:

Re: Help save my laptop

Post by windowsxp550 » Wed Jun 27, 2007 10:56 pm

John,

One thing I noticed is that you have a bad AntiSpyware program. 

Super Spyware Remover practices in providing false positives in order to goad a purchase of their product.  A good trustworthy longstanding resource if you are looking for a listing of bad spyware programs (and good programs) is on the following site:

www.spywarewarrior.com/rogue_anti-spyware.htm

User avatar
GrayArray
Contributor
Contributor
Posts: 45
Joined: Mon May 14, 2007 11:40 pm
Location: Maryland
Contact:

Re: Help save my laptop

Post by GrayArray » Thu Jun 28, 2007 12:31 am

Not that I am extremely worried about spyware, but what would you recommend I use in it's place?  Sorry to put you on the spot, just wondering.

John
Gray Array, Wireless Guy
Skilled in the art of Wifi Fu

Squeezebox
Administrator
Administrator
Posts: 1647
Joined: Sat Sep 24, 2005 9:51 pm
Location: UK

Re: Help save my laptop

Post by Squeezebox » Thu Jun 28, 2007 6:19 am

Windows Defender (running in real time protection)
SpywareBlaster - to protect your browser(s).

For occasional scanning:
SuperAntiSpyware
SpyBot Search & Destroy

Don't use Adaware latest version

http://www.lockergnome.com:80/nexus/the ... gh-a-price
Image

User avatar
GrayArray
Contributor
Contributor
Posts: 45
Joined: Mon May 14, 2007 11:40 pm
Location: Maryland
Contact:

Re: Help save my laptop

Post by GrayArray » Thu Jun 28, 2007 10:51 pm

We came, we saw, we kicked it's a...  Well you get the point!

I found out where the problem was.  First step in debugging an issue of this type and I missed it!

ShellExView -> http://www.snapfiles.com/get/shellexview.html

I knew where the problem was/where it was blowing up, CONTEXT MENUS!  It just so happens that ShellExView has a field for "type" and "Context Menu" was there, so I started going through turning them off one by one until I found the culprit, or in this case 3 (It's a special case - I installed the MS Office 2007 Beta, and uninstalled it, but not everything came off!)

The main issue was a Class file called "SimpleShlExt Class" from a program named Media Resizer Pro.  I will be sending them an email regarding this issue, so maybe they can patch their software.  I appreciate the links and the assistance.  Keep up the great work.  :ybiggrin:

John
Last edited by GrayArray on Thu Jun 28, 2007 10:54 pm, edited 1 time in total.
Gray Array, Wireless Guy
Skilled in the art of Wifi Fu

User avatar
GrayArray
Contributor
Contributor
Posts: 45
Joined: Mon May 14, 2007 11:40 pm
Location: Maryland
Contact:

Re: Help save my laptop

Post by GrayArray » Thu Jun 28, 2007 11:02 pm

Okay, so heres the email that was sent to Media Resizer Pro peoples:

John to mediaresizer

To whom it may concern,
    I have been having an issue with my laptop since uninstalling your software.  Below is attached a transcript of the help I have received from the Windows Community (I'm GrayArray).  The issue seems to be that when you uninstall the SW not everything is removed, resulting in explorer crashes and Dr Watson not responding and dumping Logs!  I am emailing you to inform you in case the question comes from someone else other than myself.  Please read the post below to understand the issue I was having and everything that was done to fix it.  I haven't been able to right-click anything for over a week.

http://www.fixmyxp.com/component/option ... pic,1749.0

Sincerely,
    John Litchfield
--
I am not bothered by the fact that I am unknown. I am bothered when I do not know others. -Confucius

The End, Thanks again Guys!
Gray Array, Wireless Guy
Skilled in the art of Wifi Fu

User avatar
GrayArray
Contributor
Contributor
Posts: 45
Joined: Mon May 14, 2007 11:40 pm
Location: Maryland
Contact:

Re: Help save my laptop

Post by GrayArray » Fri Jun 29, 2007 12:54 am

It may seem minor to some, but customer service is where its at.  Within an hour of sending the email, I received a response from the Service Team.  A response without a solution is usually expected, one like "We're sorry you had this issue, we're getting to work on a solution right away!", Nope!  They actually provided the solution to the problem in the response.  I told them I would recommend their products based solely on CS, their website is:  http://www.sibental.com Look under the projects to find out what they have, I wasn't interested in the other prods, but my neighbor is.

Just thought I'd let you [all] know how things panned out.

John  :tiphat:
Gray Array, Wireless Guy
Skilled in the art of Wifi Fu

Post Reply