 Hardware/device Failure?, Dr. Watson Postmortem Debugger encounters problem... |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.| Important Announcement: We have two terrific contests running on the site that I wanted all our members and guests to know about. The first contest is the HP Magic Giveaway, which is underway as of November 28th. More information can be found at this topic, which will be updated very soon with further information. The second contests, is for the chance to win two Seagate FreeAgent external hard drives. More information about this contest can be found here. These are both amazing contests and I suggest everyone submit an entry for them. - BleepingComputer Management |
  |
  Sep 11 2006, 08:49 PM
Post
#1
|
|
|
Member  Group: Members Posts: 24 Joined: 2-September 06 Member No.: 83,443  |
Windows explorer encounters a problem, needs to close, and then Dr Watson Postmortem debugger pops up saying it has encountered a problem too! The only way to recover from this visit from Dr. Watson, is to reboot, cause everything just freezes up as soon as he arrives! I did a system restore recently because this guy won't leave me alone (Dr.Watson)...but to no avail...he won't go away? Just keeps popping up. I have followed ALL of the directions in the preparation guide and wo here I present to you, my Hijackthis log: Logfile of HijackThis v1.99.1 Scan saved at 12:30:23 AM, on 03/09/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Stardock\SDMCP.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\lg_fwupdate\fwupdate.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\CursorXP\CursorXP.exe C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe C:\Program Files\Yahoo!\Messenger\ypager.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\NetAssistant\bin\mpbtn.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Suzy's\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://updates.installshield.com/GetUpdate...09889DC708FDEAC O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe" O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v49/bjattack/bjattack.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1128879976767 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1131721714390 O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v46/wof/wof.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe |
 |
 
|
|
Sep 12 2006, 06:09 AM
Post
#2
|
|
 SPAM Magnet Group: Global Moderator Posts: 13,894 Joined: 6-May 04 From: SW Louisiana Member No.: 363 |
What were the exact error messages you received?
Did you have the option to send an error report to Microsoft? If you did, was there any information supplied about the problem, and what was the information? -------------------- I love being married.
It's so great to find that one special person you want to annoy, for the rest of your life. |
|
|
|
|
Sep 12 2006, 07:17 AM
Post
#3
|
|
|
Member Group: Members Posts: 24 Joined: 2-September 06 Member No.: 83,443 |
The error message what "Windows Explorer has encountered a problem and needs to close". Given the option to send the error report, I have done so repeatedly. Following the 'more information' link given, I was told it was Xvid.dll and that there was no solution to this problem, Microsoft suggested I contact Xvid.org to find a solution; Or, remove it through the control panel. ( I would try this, but it isn't listed in the control panel)
Immediately after sending the error report to Microsoft, Dr Watson Postmortem debugger would pop up, telling me "Run a DLL as an App has encountered a problem and needs to close. We are sorry for the inconvenience." I jumped the gun a little here tho, and took it upon myself to delete the Xvid.dll file from Windows myself - I don't recall it being a file that belongs in the system folder....or system32 folder (can't remember which one it was in now) But that file is gone. I hope this information is clear enough, I haven't had the error now in a day or two...so I'm hoping I've fixed it for now? But I didn't want to think that deleting one file would solve the problem...it's never that easy. And I have no clue if these two errors are even related...or completely seperate problems? I've since discovered a third problem but I am new here and I'm not sure if I should post elsewhere for this part: In Windows Security Center, My Firewall, Updates and Virus protection are all on with green lights (This is great...keeps me happy...lol) BUT, I am not able to change any settings in the automatic updates. It IS turned on, which I want, but I don't have the option to turn this off?? I don't recall a restriction such as this...but it won't let me click to turn them off! It is set to automatic and that's it. Again, I thank you, your response was very quick! |
|
|
|
|
Sep 12 2006, 09:05 PM
Post
#4
|
|
|
Forum Addict Group: BC Advisor Posts: 2,609 Joined: 6-November 05 From: Avondale, Arizona USA Member No.: 39,726 |
I may be wrong on this, but some of your symptoms remind me of a rootkit, also you have some very interesting items in your HJT log
I will recommend running only one antivirus, your CA internet security suite includes antivirus, antispyware and a firewall, running more than one antivirus can cause conflicts, this may also be related to your windows security center problem. C:\Program Files\Common Files\Stardock\SDMCP.exe C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe C:\Program Files\CursorXP\CursorXP.exe If you know what these are, please let us know try running Superantispyware and let us know what the results are. here is a link http://www.superantispyware.com/ This post has been edited by oldf@rt: Sep 12 2006, 09:11 PM -------------------- The name says it all -- 59 and holding permanently
**WARNING** Links I provide might cause brain damage |
|
|
|
|
Sep 12 2006, 11:30 PM
Post
#5
|
|
|
Member Group: Members Posts: 24 Joined: 2-September 06 Member No.: 83,443 |
OldFart: I ran Superantispyware...did a full scan. The result was 130 Adware.tracking cookies. That's all. I removed them as suggested.
And thank you for the Anti virus info, I will take care of that promptly! I'm going to uninstall AVG and stick with the suite since it has everything. Will let you know if this fixes my Security Center problem. The running processes... SDMCP.EXE is --- Stardock Desktop Personalizer: Windowblinds and tools to alter the appearance of the desktop. CursorXP.exe is --- Stardock Cursor XP: allows the basic 'mouse' pointer to be transformed to my liking lol MotiveSB.exe is --- NETASSISTANT: This is from my ISP: Sympatico/Bell Canada Rootkit...that sounds very scary?? |
|
|
|
|
Sep 13 2006, 12:24 AM
Post
#6
|
|
|
Forum Addict Group: Members Posts: 3,349 Joined: 14-April 06 Member No.: 64,042 |
Windows Update settings are found here:
http://update.microsoft.com/windowsupdate/...t.aspx?ln=en-us On the right hand side of the page click on "Pick a time to install updates." At the bottom of Popup click on "More options" and you will see your options for updating times, etc. |
|
|
|
|
Sep 13 2006, 08:59 AM
Post
#7
|
|
|
Forum Addict Group: BC Advisor Posts: 2,609 Joined: 6-November 05 From: Avondale, Arizona USA Member No.: 39,726 |
Poetchic,
Thank-you I have never seen those files before, Like I said "reminds me" check this link http://www.bleepingcomputer.com/tutorials/tutorial124.html If your windowsupdate issue is not solved let us know. -------------------- The name says it all -- 59 and holding permanently
**WARNING** Links I provide might cause brain damage |
|
|
|
|
Sep 13 2006, 09:40 AM
Post
#8
|
|
|
Member Group: Members Posts: 24 Joined: 2-September 06 Member No.: 83,443 |
Thank you Old Fart, I did read the tutorial on F-Secure Blacklight, I'm going to go ahead and give that a try, but I won't know which files can/should be deleted. So I will post in the proper forum should anything be revealed during the scan, and will go from there.
Update on My Security Center Problem: I did uninstall AVG and rebooted. Immediately I received 5 new windows updates (automatically), I installed those. I followed the link that Buddy215 provided, but there are no options anywhere for me to 'pick a time to install', but in my security center, it is grayed out, and says they are set to automatically check for updates at 5pm daily. It STILL isn't letting me make any changes. I am now receiving the updates...so this 'problem' isn't that big of a deal I guess, I was more concerned as to whether or not this is 'normal' or if it is something that should raise flags to tell me something really is wrong. |
|
|
|
|
Sep 13 2006, 09:59 AM
Post
#9
|
|
|
Forum Addict Group: Members Posts: 3,349 Joined: 14-April 06 Member No.: 64,042 |
If you couldn't access the controls on the other link there is a different route you can take.
Start/ Control Panel/ double click on "Automatic Updates" |
|
|
|
|
Sep 13 2006, 10:09 AM
Post
#10
|
|
|
Member Group: Members Posts: 24 Joined: 2-September 06 Member No.: 83,443 |
Buddy, I went to Control Panel, double clicked it....the settings window that opens, is the one where I cannot make any changes!!! I can click on all the other options, but the Automatic option remains selected. So, I cannot turn them off, I can not be 'notified' first...nothing at all.
|
|
|
|
|
Sep 13 2006, 10:12 AM
Post
#11
|
|
|
Member Group: Members Posts: 24 Joined: 2-September 06 Member No.: 83,443 |
I forgot to mention: I did the scan with F-Secure Blacklight, The scan was clean, and found nothing. What a relief!! Ty Oldfart.
|
|
|
|
|
Sep 13 2006, 11:34 AM
Post
#12
|
|
|
Forum Addict Group: Members Posts: 3,349 Joined: 14-April 06 Member No.: 64,042 |
Did you click on the button next to "Automatic (Recommended)"? That should remove the little green dot. Then you can change the settings. If that doesn't work, I give up.
|
|
|
|
|
Sep 13 2006, 09:47 PM
Post
#13
|
|
|
Forum Addict Group: BC Advisor Posts: 2,609 Joined: 6-November 05 From: Avondale, Arizona USA Member No.: 39,726 |
Poetchic,
What version of windows xp are you running (Pro, TabletPC, Media Center or Home) ? Update settings have to do with group policy on all versions except home, if your computer set to be a domain member. Please let me know. Thanks OF -------------------- The name says it all -- 59 and holding permanently
**WARNING** Links I provide might cause brain damage |
|
|
|
 Sep 13 2006, 10:51 PM
Post
#14
|
|
|
Member Group: Members Posts: 24 Joined: 2-September 06 Member No.: 83,443 |
Microsoft Windows XP
Home Edition Version 2002 Service Pack 2 New problem found!! I stumbled across Ewido Anti Spyware. I know there are so many programs to run nowadays..but I figured one more couldn't hurt. Downloaded it, updated, then booted to safe mode and ran a scan. Found: Backdoor.Zapchast High Risk 1 trace detected in the following location: C:\Windows\system\DRIVER\ntauth.dll I quarantined the file from safe mode, and rebooted as normal. Shall I post this in another forum now that I have found a virus? Thanks OldFart! |
|
|
|
|
Sep 13 2006, 11:32 PM
Post
#15
|
|
|
Forum Addict Group: BC Advisor Posts: 2,609 Joined: 6-November 05 From: Avondale, Arizona USA Member No.: 39,726 |
Congratulations you just found what is preventing you from changing your auto update settings.
1. Make sure that Ewido is completely up to date, if it is not, rescan after all updating is complete 2. Do you have an original XP Home SP 2 Disk? 3. If so, delete/empty the quarantine in Ewido. 4. Turn off system restore, (Start, rclick on my computer, properties, system restore check the turn off box, apply, ok) 5. restart in safe mode. 6. once in safe mode, rescan with ewido, and have all the files it finds deleted. 7. go to start, run, type in sfc /scannow, and follow the prompts do not, I repeat do not do this if you dont have the original XP Home SP2 Disk. 8. DOnt forget to turn systemrestore back on, after you have done what you can. OF This post has been edited by oldf@rt: Sep 13 2006, 11:36 PM -------------------- The name says it all -- 59 and holding permanently
**WARNING** Links I provide might cause brain damage |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 4th December 2008 - 05:07 PM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.