Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Dr. Watson Postmortem debugger [RESOLVED]

Started by Shari , Feb 08 2006 04:47 PM

  • This topic is locked This topic is locked

#1
Shari
Posted 08 February 2006 - 04:47 PM

Shari

    Member

  • Member
  • PipPip
  • 75 posts
Okay, here's what's happening... I keep getting an error message that says "Dr. Watson Postmortem Debugger" and also I have the icon to "safely remove hardware" in my taskbar. The hardware listed is my newly installed printer and the USB mass storage device. I did some googling and read that this Watson thing may be a virus. I've run all the spyware, virus scans, etc, and below is my HiJackThis file. You were so helpful the first time I needed you, so I'm hoping you can help me again!

Thanks!
Shari

Logfile of HijackThis v1.99.1
Scan saved at 3:42:23 PM, on 2/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~4\Office\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-36.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127600540625
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {D42ED9FF-DF46-4AD9-A3FE-46BAF896466E} - http://www.sunbelt-s.../CounterSpy.CAB
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{94F40BC2-5F77-47DA-9061-4FF56BE9F588}: NameServer = 206.127.64.130,206.127.64.131
O17 - HKLM\System\CS1\Services\Tcpip\..\{94F40BC2-5F77-47DA-9061-4FF56BE9F588}: NameServer = 206.127.64.130,206.127.64.131
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  • 0

Advertisements

#2
Michelle
Posted 17 February 2006 - 11:13 AM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Hello Shari :tazz:

The "virus" that normally causes the Dr Watson error message does not appear to be present on your system. There are a couple things we can do to try to figure out what is causing it. I just need to ask a question.

When do you get the Dr Watson error message specifically? When you try to access a certain drive(s) or certain folder(s)?

We also need to check a file that I see in your log:

Please go here: Jotti Virus Scan

Click the "browse" button and locate this file:

C:\WINDOWS\system32\FreezeScreenSaver.exe

Click "Open", then click the "Submit" button. Copy the results and paste them here.

Open HijackThis.
Click on None of the above, just start the program
Click Config (bottom right)
Click Misc Tools
Click Open Uninstall Manager
Click Save List - Save it anywhere.
A notepad will pop-up after it's saved, please copy everything in that Notepad and paste it here.
  • 0

#3
Shari
Posted 17 February 2006 - 08:08 PM

Shari

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Thanks Michelle! With the Dr. Watson thing, I found the ConHook Trojan and removed it with Ewido security suite on 2/9 and haven't seen it since. So that must have done it... As for the rest, below are my results:

First from Jotti:
File: FreezeScreenSaver.exe
Status: OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 37b3ea106e913665f1f98d628e9088ce
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing

Now the Install manager list:
Ad-Aware SE Personal
Adobe Reader 7.0.7
American Greetings Scrapbooks and More!
Anark Client 1.0
APC PowerChute Personal Edition
ArcSoft Panorama Maker 3
ArcSoft Panorama Maker 3 (Shared Components)
ATI Control Panel
ATI Display Driver
AVG Free Edition
Broadcom Advanced Control Suite 2
CCScore
CK Digital Sampler
CK Water Fun All
CleanUp!
Conexant D850 56K V.9x DFVc Modem
CR2
Dell Digital Jukebox Driver
Dell Media Experience
Dell ResourceCD
Dell Solution Center
Dell Support 5.0.0 (766)
Digital Line Detect
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSEMAIL
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvcpt
ESSvpaht
ESSvpot
ewido security suite
exPressit S.E. 2.1
HijackThis 1.99.1
HLPIndex
HLPPDOCK
HLPSFO
Holiday Snowflakes Screen Saver 1.2
HP Document Viewer 5.3
HP Extended Capabilities 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.A
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
InterActual Player
Internet Explorer Default Page
Java 2 Runtime Environment, SE v1.4.2_03
KODAK EASYSHARE Gallery Upload ActiveX Control
Kodak EasyShare software
KSU
Learn2 Player (Uninstall Only)
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Digital Image Suite 2006
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Professional
Microsoft Web Publishing Wizard 1.52
Microsoft Windows Media Video 9 VCM
Milton Bradley Classic Board Games
Modem Helper
Mozilla Firefox (1.5.0.1)
Musicmatch® Jukebox
NetWaiting
Notifier
OfotoXMI
OTtBP
OTtBPSDK
Panda ActiveScan
Photo Editor Plus
PowerDVD 5.1
Quicken 2006
Quicken WillMaker Plus 2006
QuickTime
RealArcade
RealPlayer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB912919)
SFR
SFR2
SHASTA
Shockwave
SKIN0001
SKINXSDK
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
SpywareGuard v2.2
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Viewpoint Media Player
VPRINTOL
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WIRELESS
WordPerfect Office 12
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

And just for kicks, here's my new HiJack This log:
Logfile of HijackThis v1.99.1
Scan saved at 7:07:32 PM, on 2/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\PROGRA~1\MICROS~4\Office\OUTLOOK.EXE
C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-36.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127600540625
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {D42ED9FF-DF46-4AD9-A3FE-46BAF896466E} - http://www.sunbelt-s.../CounterSpy.CAB
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{94F40BC2-5F77-47DA-9061-4FF56BE9F588}: NameServer = 206.127.64.130,206.127.64.131
O17 - HKLM\System\CS1\Services\Tcpip\..\{94F40BC2-5F77-47DA-9061-4FF56BE9F588}: NameServer = 206.127.64.130,206.127.64.131
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Thanks for your help! You guys are awesome here!

Shari
  • 0

#4
Michelle
Posted 18 February 2006 - 01:36 AM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Hello shari :tazz:

Let's try this first:

Go to Start > Control Panel

Double-Click User Accounts
Choose Create a new Account
Type any name for the account then click Next
Choose Computer Administrator then click Create Account

Log off your current account.

Reboot your computer, then log-in to the new account you just created.

Do you get the Dr Watson error message on this new account?
  • 0

#5
Shari
Posted 18 February 2006 - 07:26 AM

Shari

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
I did all that and didn't get the Watson error message. What I did get was a message that said, "Client Services for Netware has disabled the Welcome screen and Fast User Switching. To restore these features, you must uninstal Client Services for Netware."

So how do I do that??? And how did it happen?

Thanks so much for your help!

Oh, and I still have that icon in my tray that says "Safely Remove Hardware."

One more thing (since I'm here), There are several icons on my desktop that I try to remove and it tells me I don't have authorization - make sure disk isn't full or write protected. Is there a way to override this and get rid of these icons.

Sorry if I'm getting off topic ~ I appreciate your help!
  • 0

#6
Michelle
Posted 18 February 2006 - 10:36 AM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Do you use Client Service for Netware or the Novell Client?

So how do I do that??? And how did it happen?

It's because the program is incompatible with the Welcome Screen and Fast User Switching.

There is nothing you can do about the safely remove hardware icon for your printer and USB device. I've got the icon for my printer and flash drive as well and it annoys me, but I just hide it.

And since you did not get the Dr Watson error message on the new account, then your current account is corrupted. So we need to move your personal data from the old one to the new one. It's really easy to do. I'll give you the instructions for that after we remove the icons and uninstall the Client if we need to.

If you use the Client there is no reason to uninstall it because you won't have multiple user accounts for much longer as we will remove the old account later. If you don't use the Client, we can uninstall it.

If you right-click on the icons and go to properties, click the "shortcut" tab. What is the path it lists under "target"?
  • 0

#7
Shari
Posted 18 February 2006 - 04:37 PM

Shari

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Hi... I do use Client Services for Netware to network with my work computer (I think).

Here are the icon target paths:

C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Broderbund\AG Scrapbooks\agsb.exe
C:\CKBrowser\CK.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hpodir07.exe" -DeviceID 1093479594
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

http://qw2006.quicke...6/icon_experian (this one says "none" as the target, but this is what the URL box says)

http://www.broderbund.com/ (same with this one...)

Thanks again!
Shari
  • 0

#8
Michelle
Posted 18 February 2006 - 06:50 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Since you do use the Client, then we won't uninstall it but the Welcome screen and Fast User Switching will stay disabled since the program will not work with it (which is why it disables it). But, this won't matter once we get rid of your old account.

I'm glad to see the icons are all for legitimate programs. :tazz: If you right-click and go to properties on these icons, under the general tab - at the bottom there will be a section called "Attributes" - are any of them marked as "Read-only"? If any are, uncheck it and click Apply, OK, then reboot and try deleting.

Have you tried deleting the icons while you're in Safe Mode? If the above doesn't work try deleting the icons in safe mode.

Also, do you use Outlook Express for your e-mails?
  • 0

#9
Shari
Posted 19 February 2006 - 09:53 AM

Shari

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Good morning ~ none of the icons are read only, and I did try and delete them in safe mode and it didn't work... Darn it!

I use Microsoft Outlook and not Outlook Express for emails...

Thanks! :tazz:
  • 0

#10
Michelle
Posted 19 February 2006 - 10:01 AM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Hello Shari :tazz:

It could be preventing you from deleting the icons because your current account is corrupted. Let's move your personal data from your old account to the new one and see if that remedies the problems.

Please follow all instructions exactly - I would advise printing them out:

1.) I need you to create a third Administrator account.

2.) Log-off your account and log-in to the third account.

3.) Go into Windows Explorer. You can get to Windows Explorer by going to Start > Run and typing: explorer
Once in Windows Explorer, go up to View > Explorer Bar and put a check next to "Folders".

4.) Then go up to Tools > Folder Options. Click the "View" tab and click "Show Hidden Files and Folders". UNcheck "Hide File Extensions for known file types" and UNcheck "Hide protected operating system files"

5.) Navigate to this folder:

C:\Documents and Settings\Old Username

* Old Username is not the actual name of that folder. The name of this folder is whatever name you have for the account with problems.

Once inside that folder, PRESS and HOLD the Ctrl key. Then use your mouse and LEFT-click ALL files and folders to highlight them EXCEPT the following:

Ntuser.dat
Ntuser.dat.log
Ntuser.ini

Do NOT highlight those 3 files.

Once all files and folders are highlighted (except the above three!) go up to "Edit > Copy"

Now, navigate to this folder:

C:\Documents and Settings\New Username

New Username is whatever the name of your second account (make sure it's NOT the 3rd account!)

Once inside that folder, go up to "Edit > Paste"

Now, log-off the third account and log-in into the second account and your data will be there now. :)

Since you use Outlook for your e-mails, please follow the instructions in this topic to move the e-mails to your new profile:

http://support.micro....com/kb/313055/

Please let me know how this goes :)
  • 0

Advertisements

#11
Shari
Posted 21 February 2006 - 09:25 AM

Shari

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Everything worked except the mail part. I use Microsoft Outlook not Outlook Express so the link you gave me doesn't apply. I tried to follow the steps in there but once it comes it importing mail, it is way different.

I'll wait to hear what to do next...

Thanks again!
Shari
  • 0

#12
Michelle
Posted 21 February 2006 - 12:12 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Hello Shari :tazz:

I've never used anything other than Outlook Express but I figure it would be about the same. Let me see if I can find the instructions for Outlook.
  • 0

#13
Michelle
Posted 21 February 2006 - 12:31 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Ok shari, let's try this and see how it goes:

From your old account - to export:
  • On the File menu, click Import And Export. If the menu item is not available, hover your pointer over the chevrons at the bottom of the menu, and then click Import and Export.
  • Click Export To File, and then click Next.
  • Click Personal Folder File (.pst) , and then click Next.
  • Click the folder that you want to export the .pst file to, and then click Next.
  • Click the Browse button, and then select the location to save the .pst file (I would save it on C:\ so that it will be easier to find from your other account).
  • In the File Name box, type a descriptive file name for the .pst file, and then click OK.
  • Click Finish.
Note You may have more than one Personal Folders service in your profile. If this is true, you must back up each set of .pst files separately.

From your new account - to import:
  • On the File menu, click Import And Export.
  • Click Import from another program or file, and then click Next.
  • Click Personal Folder File (.pst), and then click Next.
  • Type the path and the name of the .pst file that you want to import (the name and location that you saved from the other account), and then click Next.
  • Select the folder that you want to import, or select the top of the hierarchy to import everything, and then click Finish.
Here is the link for reference if you run into problems with this:
http://support.micro...om/?kbid=287070
  • 0

#14
Shari
Posted 21 February 2006 - 01:02 PM

Shari

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
:tazz: That worked... Thanks! Now, before we delete the other profiles, I have to ask... Will this change any of my networking with my work computer and kids computer?

I'll await further instructions... Thanks!

Shari
  • 0

#15
Michelle
Posted 21 February 2006 - 01:12 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Excellent :)

Deleting those profiles will not effect anything, it's exactly like your old account without the problems :tazz:

Before deleting the accounts, double-check to make sure you have your personal data (favorites, documents, etc) and all that on the new account.

From your new acount:
To delete them just go to Start > Control Panel > User accounts.
Click on the old user account, and click Delete this Account
On the next page it asks if you want to save the contents of My Documents and desktop - we've already done this but if you want to make sure you can choose "keep files" and it will make a folder on your desktop. You can go through it later and verify that everything is already in your account then you can delete that folder. I would do this just because I like to at least double-check everything lol
Then click "Delete Account".

Do the same for the other account, however you can just choose "delete files" because there is nothing on it.

Also, no problems deleting icons on the new account?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP