[chidori67]

I believe my computer is infected with malware. Possibly trojan? When I try to open explorer window (to browse through files), the window just freezes. Shortly after, I get a 'Dr Watson postmortem debug error'. I searched on google for this error, and I found this:
http://www.thenerdne...opic.php?t=3086

Another site I visited mentioned the acebot trojan? Anyhow, I am desperate to get my good old computer back. Pls help me! Thank you so much and I appreciate your time and assistance!

By the way, I went through the instructions given in the order listed. Downloaded Cleanup!, then scanned using Ad-Aware, Spybot, ran online virus check from Panda and TrendMicro, then ran ewido and trojanhunter (these were all in normal XP mode). I got rid of 40+ problems total from these programs. Last step I did was boot into safe mode, then ran Ad-Aware, Spybot, ewido. No more problems found. But WHILE IN SAFE MODE, I was browsing files and I got the deadly Dr Watson error! I thought I got rid of all the problems...

Below are the hijackthis logs. There are 2 users on my comp, admin and 1 guest acct. I will post both logs below.

Admin

Logfile of HijackThis v1.99.1
Scan saved at 8:18:06 PM, on 7/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Pro\UrlLstCk.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\LogiTray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [THGuard] C:\Program Files\TrojanHunter 4.2\THGuard.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


Guest

Logfile of HijackThis v1.99.1
Scan saved at 8:21:07 PM, on 7/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Pro\UrlLstCk.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\LogiTray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [THGuard] C:\Program Files\TrojanHunter 4.2\THGuard.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


Thank you so much for your help... looking forward to your reply!

[Advertisements]

Welcome to Geeks to Go!

It may not be a malware issue, but I'll see what we can do

You must be logged in under the Admin account.
Go to Start > Control Panel.
Double-click on "user accounts"
Click "create a new account"
Type a name for the account, then click Next.
Choose "Computer Administator" then click create account.

Reboot your computer, then log-in to the new account. Do you still recieve the Dr Watson error message or can you access things normally?

I also need you to post a new HijackThis log from normal mode please (just from the Admin account)

[Michelle]

Welcome to Geeks to Go!

It may not be a malware issue, but I'll see what we can do

You must be logged in under the Admin account.
Go to Start > Control Panel.
Double-click on "user accounts"
Click "create a new account"
Type a name for the account, then click Next.
Choose "Computer Administator" then click create account.

Reboot your computer, then log-in to the new account. Do you still recieve the Dr Watson error message or can you access things normally?

I also need you to post a new HijackThis log from normal mode please (just from the Admin account)

[chidori67]

Hello bananafanafo!

When I was creating a new admin acct, I realized that the GUEST acct I referred to above actually had admin rights. Not sure if this will affect things...

I created a new admin acct called TEST. Before I ran hijackthis I was browsing my harddrive and the moment I switched from My Computer to my D drive (HD), I got the deadly Dr Watson postmortem error!

Pls see below for TEST acct hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 7:11:26 AM, on 8/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\knlwrap.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\iKernel.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\iKernel.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Pro\UrlLstCk.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\LogiTray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122870064390
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thank you so much!

[Michelle]

Fortunately the Dr Watson error message is not related to malware, however, it would be easier if it were. Since you created a new account and still have the same problems then there is something wrong in your system rather than on just your computer profile.

Have you saved anything on your D: drive such as movies, pictures, music, or anything else?

[chidori67]

Thanks for the quick response.

In D root dir, I have multiple .avi and .mp3 files saved. Both C and D drive holds tons of video files, mp3s and pics.

What I don't get is that the Dr Watson postmortem error is random. Sometimes if I just browse through files, but don't attempt to open any file, it doesn't crash. After a few browsing and clicking, then it crashes.

But at times, (for instance, this morning in the TEST ACCT) simply browsing freezes computer. I've noticed windows explorer crashing on several occasions: renaming .avi file and opening an .avi file (usually more than 700mb).

Am I at the point where I need to re-install windows xp to get my computer back to normal? I HOPE NOT! Thank you so much...

[Michelle]

That's probably where the problem lies. What codecs do you have installed for your videos?

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

[chidori67]

Hello bananafanafo,

Finally got off work! Pls find uninstall list below:
(I'm wondering why some of them have duplicate entires... weird!)

(by the way, I want to remove LEAP 5.1.0.330 but my bro deleted the entire folder, so we didn't use standard uninstall.exe that came with software. Can hijackthis help me delete this entry from windows add/remove program list? every time I try to remove this program from the add/remove prog list, windows complains that it can't find uninstall.exe [bec. we deleted it!])

ACDSee 5.0 PowerPack
Ad-Aware SE Professional
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0.1 Professional
Advanced Disk Catalog
AOL Instant Messenger
Better File Rename
BitComet 0.56
Canon Camera Window for ZoomBrowser EX
Canon i475D
Canon Photo Viewer
Canon PhotoRecord
Canon Utilities File Viewer Utility 1.2
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.7
Canon Utilities ZoomBrowser EX
CC_ccProxyMSI
CC_ccStart
ccCommon
CleanUp!
Dell ResourceCD
ewido security suite
FlashFXP v3.15 (Build 1054) Scene Edition
FlashGet(JetCar)
GSpot Codec Information Appliance
HijackThis 1.99.1
Intel® Extreme Graphics Driver
Intel® PRO Network Adapters and Drivers
Java 2 Runtime Environment, SE v1.4.2_03
K-Lite Codec Pack 2.50 Standard
Lame ACM MP3 Codec
LEAP 5.1.0.330 Uninstall
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Logitech MouseWare 9.76
Logitech QuickCam
Merriam-Webster 3.0
Microsoft Office XP Professional with FrontPage
Microsoft Windows Media Video 9 VCM
mIRC
Mozilla Firefox (1.0)
MP3TagEditor
MSN Messenger 6.1
MSRedist
Nero 6 Ultra Edition
NETGEAR WG111 Software
NewsBin Pro 4.2
NJStar Communicator
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus
Norton AntiVirus Parent MSI
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security Professional
Norton Internet Security Professional
Norton Internet Security Professional (Symantec Corporation)
Norton SystemWorks 2004 Professional
Norton SystemWorks 2004 Professional (Symantec Corporation)
Norton Utilities
Norton WMI Update
NSW_DRM_COLLECTION
QuickPar 0.9
QuickSFV (Remove only)
Real Alternative 1.42
Remove DivX Pro Codec
Skype 1.1
SoulSeek Client 156c
SoundMAX
Spybot - Search & Destroy 1.4
SpywareBlaster v3.3
Symantec Network Driver Update
Symantec Script Blocking Installer
Symnet Redirector Updater
TextPad 4.6
TMPGEnc Plus 2.5
TorrentStorm
TrojanHunter 4.2
Update for Windows XP (KB898461)
VobSub v2.23 (Remove Only)
WebCam for MSN Messenger
Winamp (remove only)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB885884
Windows XP Service Pack 2
WinMX
WinRAR archiver
WinZip
XviD MPEG-4 Video Codec

Thanks a lot!

[Michelle]

by the way, I want to remove LEAP 5.1.0.330 but my bro deleted the entire folder, so we didn't use standard uninstall.exe that came with software. Can hijackthis help me delete this entry from windows add/remove program list?

Yes I will tell you how shortly.

I see what might be causing the Dr watson problems on your computer. I see at least 5 separate codecs...

Do you want to try uninstalling these codecs to see if the Dr Watson error message goes away? There is no guarantee it will work, but I'm sure you would be happy if it does

[chidori67]

hi, thanks for the quick reply.

i was doing some QA on how to get the dr watson error. i was browsing through several dir and sub-dirs. opened txt files, mp3, doc, pdf, jpgs. I opened a pdf and while adobe acrobat was loading, i opened acdsee to broswse pics. i can't get the error!

then i tried renaming .avi file. got the error right away. it could very well be conflicting video codecs!

does windows actually try to load or even attempt to play a video file for a rename instruction?

now i'll go remove my codecs... can i keep the lame mp3 codec? i'll delete the video codecs first... spare the audio for now

thanks,
Jennifer

[Michelle]

Feel free to leave the audio codec for now because I believe it is the video codecs causing the problem

[chidori67]

hello! after i un-installed the video codecs (incl k-lite codec pack, divx pro codec and xvid codec), i tried browsing around and renaming .avi files. explorer doesn't crash anymore! i would still like to test for a longer period though.

while scanning for malware yesterday, norton antivirus popped up a warning about bloodhound.exploit6 (pls see attachment). i researched on google and someone said that the panda activescan can get rid of it. i ran panda activescan afterwards and it didn't find this virus. but it still bugs me... is it norton false alarm? i ran all the suggested scans yesterday. could it be possible that this fell through the crack? OR, is it safe to assume that running all the scans yesterday SHOULD HAVE gotten rid of this bug (if it ever existed in my comp)?

thanks again for your help!

Attached Thumbnails

• 

[Michelle]

I'm glad to hear that

The Bloodhound.exploit.6 warning just means that there is a possible vulnerability in Internet Explorer that could allow an attacker to exploit it. It is not an actual virus on your computer. You have Service Pack 2 so your Internet Explorer has been patched for this vulnerability.

Let's clear out your Temporary Internet Files:

download and install CleanUp! but do not run it yet.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

• Empty Recycle Bins
• Delete Cookies
• Delete Prefetch files
• Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, if it does go ahead and reboot.

You might check to make sure you have all available security updates from Microsoft as well. Go to http://www.microsoft.com click on "Windows Update" on the left then click "Express Install".

[chidori67]

i ran cleanup! on both my acct and the other admin acct.
also visited windows update.
deleted the test acct created this morning.
so far so good!

i currently have spybot, ad-aware se, and spywareblaster installed. what other free spyware and/or trojan scanner should I install? pls advise. thanks so much and have a good morning!

[Michelle]

You're welcome!

Oh I almost forgot to remove LEAP:

Open HiJackThis. Click "Open the Misc Tools Section", click "Open Uninstall Manager". Scroll down the list for LEAP 5.1.0.330 Uninstall. Click to highlight it then click "Delete this entry". And it will now be gone

Spyware Blaster is at version 3.4 so you might update that one
http://www.javacools...areblaster.html

Your java needs to be updated because it's an old version and more vulnerable:

Click Start > Control Panel.

Double-click the Java icon (coffee cup) in the control panel. It will say "Java Plug-in" under the icon - find the update button or tab in that Java control panel. Update your Java, and reboot.

Here are some other prevention programs:

• Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
• MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
• Google Toolbar <= Stop pop up windows, which is important!

Other necessary Programs:

• Firewall<= A firewall is definitely a must have. Three good free versions are Sygate, Kerio, and ZoneAlarm.

*NOTE* Since you have Service Pack 2, if you choose to use one of these you will need to disable the XP firewall that comes with Service Pack 2.

[chidori67]

hello bananafanafo!

- removed LEAP, thanks!
- installed prevention programs, thanks again!
- could not update java , pls see attached pic. i'm not sure what changes i need to make in the connections tab in IE properties. i currently have 'never dial a connection' selected. as for the Connections -> LAN settings properties, nothing is checked right now.

thank you for the continued support!

best regards,
Jennifer

Attached Thumbnails

•