Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Another drwtsn32.exe with right mouse click probs


  • Please log in to reply

#1
debrajm78

debrajm78

    New Member

  • Member
  • Pip
  • 3 posts
I have read through the introduction, and am familiar with computers. On my desktop I have ad-aware se, avg, spyware blaster, windows beta spyware (aka giant), spybot S&D, and clean disk security as well as HiJackThis. Previously I have ran the ad-aware, spybot, windows spyware, and downloaded all windows updates and nothing is coming up as being wrong even in safe mode.

The problem is that when I try and use the right mouse buttom it comes up with the dr watson post mortem debugger error along and also has to restart explorer.

The computer in general is being much slower then normal when online. Other computers on the network have not slowed down with their internet (in general I am leaving the desktop off the house network unless I need to come on here to post HJT or download any additional programs that you suggest to be on the safe side)

One last note, the error with Drwtsn and with the right mouse click happen in safe mode as well as in regular mode.


Here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 10:28:30 AM, on 5/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Robert Beckett\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_2_3_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_2_3_0.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [WUSB54Gv2] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} (ImgSizer Control) -
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{54E65515-390C-4EB5-85DE-3C1F79480149}: NameServer = 192.168.1.1,192.168.1.2
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WUSB54Gv2SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv2.exe (file missing)

Edited by debrajm78, 12 May 2005 - 08:57 AM.

  • 0

Advertisements


#2
debrajm78

debrajm78

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Since I first posted this I have continued to search online via my laptop and read more about drwtsn32 - little sucess at finding out much it seems

I dont have a new HJT log for you yet - but have only done one thing on the desktop since this morning..

I downloaded cwshredder and it did not find anything..

In the process of running ewido - as of now at about 50% done it has found no problems



Please help me this is aggravating..
  • 0

#3
debrajm78

debrajm78

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Finished ewido with no errors, re-ran ad-aware, avg, spybot, microsoft anti-spyware, clean disk security - no errors are coming up

The computer still has a problem when in either safe mode or regular mode that when I right click it gets the explorer error and the dr watson postmortem debugger message.


Since no techs have yet to take a look at this post I will hold off posting an updated HJT log until one has

PLEASE PLEASE PLEASE help I am really confused here and even reading others posts and what those people are being told I am not seeing as directly related to my issue. As a note with regards to running SP2, its been on my computer for months now with no issues so this is in my belief not something that happened when I was installing sp2.

thanks

-------------------------------------------------------
Ok.. Update since last reply

Decided to run all the stuff again in safe mode didnt come up with anything

:tazz:
[B]deleted on HJT:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =


After doing that ran all the scans mentioned above again. Also ran a degfrag and preparing to do a chkdsk that will run at reboot.

I still cant kick this thing and its getting aggravating - most likely I will post a new HJT log tonight when I get back from my nieces graduation - I will just add it to this message since I had forgot that the few to none replies are first to get serviced.

thanks... will check in later today

-------------------------------------------------------------------------------------
Ok.. next day 5/15/05 - in the am

Still cant figure this thing out here is my most recent HJT log - help would be greatly greatly appreciated at this point


Logfile of HijackThis v1.99.1
Scan saved at 11:30:32 AM, on 5/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Robert Beckett\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_2_3_0.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_2_3_0.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [WUSB54Gv2] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} (ImgSizer Control) -
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{54E65515-390C-4EB5-85DE-3C1F79480149}: NameServer = 192.168.1.1,192.168.1.2
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe




Just so you know my microsoft updates - noticed on another forum something about a possible windows security update that had problems

Windows Malicious Software Removal Tool - May 2005 (KB890830) Successful Thursday, May 12, 2005 Windows Update website
Windows Malicious Software Removal Tool - May 2005 (KB890830) Failed Wednesday, May 11, 2005 Automatic Updates
Security Update for Windows XP (KB893066) Successful Saturday, April 16, 2005 Automatic Updates
Windows Malicious Software Removal Tool - April 2005 (KB890830) Successful Saturday, April 16, 2005 Automatic Updates
Cumulative Security Update for Internet Explorer for Windows XP Service Pack 2 (KB890923) Successful Saturday, April 16, 2005 Automatic Updates
Security Update for Windows XP (KB893086) Successful Saturday, April 16, 2005 Automatic Updates
Security Update for Windows XP (KB890859) Successful Saturday, April 16, 2005 Automatic Updates
Microsoft Windows Installer 3.1 Successful Saturday, April 16, 2005 Automatic Updates
Windows Malicious Software Removal Tool - April 2005 (KB890830) Failed Friday, April 15, 2005 Automatic Updates
Windows Malicious Software Removal Tool - March 2005 (KB890830) Successful Monday, April 11, 2005 Windows Update website




Further as a note, roughtly a week ago is when I used my computer then turned it off and only started it back up a couple days ago (the day before my post). It takes ahile if I click on my computer to show the contents and if I do a right mouse click at most anytime is when the Dr. watson error is still appearing. I have to the best of my ability tried to clean this computer. I refuse to uninstall sp2 because it has been installed for a long enough time that I dont believe its the issue really. Next, I have went and uninstalled any programs that I do not use regularly or do not need (not becuase of this issue perse but to rule it out and perhaps make finding this "stealth" thing whatever it is easier... I really am hoping to get some help here soon. I have continud to read other forums but unless me and the anti-etc programs are not seeing it I have not found the about:blank, the sbci files mentioned in the other post, the quickbar, or a couple others. Again, PLEASE PLEASE PLEASE HELP







5/29/3005
HELP any suggestions are great

Edited by debrajm78, 30 May 2005 - 12:22 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP