Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Dr.Watson Postmortem Debugger

Started by frankmartin , Feb 27 2005 06:37 AM

  • This topic is locked This topic is locked

#1
frankmartin
Posted 27 February 2005 - 06:37 AM

frankmartin

    New Member

  • Member
  • Pip
  • 1 posts
My computer appears to have acquired Dr. Watson Postmortem Debugger which will not allow accces to Explorer, My Computer, or Control Panel. I am usually able to access them in safe mode. Once I atempt to run these programs, the machine freezes and requires rebooting.

I have run all Norton Utilites maintainence programs, Microsoft Anti Spyware, Spybot, CWShredder, and TrendMicro Housecall.

My Hijack This log is:Logfile of HijackThis v1.99.1
Scan saved at 9:40:57 PM, on 2/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\dfcsf.dll/sp.html#33111
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dfcsf.dll/sp.html#33111
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {FD657148-CFF7-B0FA-3DF2-27DD4B37658F} - C:\WINDOWS\system32\d3sw.dll
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [sdkzf32.exe] C:\WINDOWS\system32\sdkzf32.exe
O4 - HKLM\..\Run: [gpwwhKp] C:\documents and settings\owner\local settings\temp\gpwwhKp.exe
O4 - HKLM\..\Run: [iaU8d] C:\documents and settings\owner\local settings\temp\iaU8d.exe
O4 - HKLM\..\Run: [Oe9] C:\documents and settings\owner\local settings\temp\Oe9.exe
O4 - HKLM\..\Run: [Z8Vz] C:\documents and settings\owner\local settings\temp\Z8Vz.exe
O4 - HKLM\..\Run: [W2w] C:\documents and settings\owner\local settings\temp\W2w.exe
O4 - HKLM\..\Run: [gpwwhKp.exe] C:\documents and settings\owner\local settings\temp\gpwwhKp.exe
O4 - HKLM\..\Run: [iaU8d.exe] C:\documents and settings\owner\local settings\temp\iaU8d.exe
O4 - HKLM\..\Run: [Oe9.exe] C:\documents and settings\owner\local settings\temp\Oe9.exe
O4 - HKLM\..\Run: [Z8Vz.exe] C:\documents and settings\owner\local settings\temp\Z8Vz.exe
O4 - HKLM\..\Run: [W2w.exe] C:\documents and settings\owner\local settings\temp\W2w.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Hctfon] C:\WINDOWS\system32\j?vaw.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Owner\Application Data\eetu.exe
O4 - Startup: Autodesk Press Vendor.lnk = C:\PORTACAD\VENDRUN.EXE
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0d\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe
O4 - Global Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O4 - Global Startup: Lotus SmartCenter.lnk = C:\lotus\smartctr\smartctr.exe
O4 - Global Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: Yahoo! Graffiti - http://download.game...ts/y/grt5_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamp...04/sdcregie.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O19 - User stylesheet: (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Workstation NetLogon Service (
%AF夶À¨) - Unknown owner - C:\WINDOWS\crim.exe




My AboutBuster log is:

Scanned at: 4:47:07 PM on: 2/26/2005


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 19


Removed Data Streams:
C:\WINDOWS\acroread.ini:vmstk
C:\WINDOWS\aeirem.ini:bctsx
C:\WINDOWS\aeirmpca.exe:fndzm
C:\WINDOWS\atid.ini:rztnz
C:\WINDOWS\BCMSMMSG.exe:ihzxd
C:\WINDOWS\chipset.log:xjixy
C:\WINDOWS\Ckrfresh.exe:ojkgt
C:\WINDOWS\comsetup.log:cmrfl
C:\WINDOWS\dahotfix.log:unksn
C:\WINDOWS\DtcInstall.log:nkwth
C:\WINDOWS\duvte.dat:anxxl
C:\WINDOWS\explorer.exe:jkaaz
C:\WINDOWS\explorer.scf:topco
C:\WINDOWS\FaxSetup.log:kmyon
C:\WINDOWS\gmkka.dll:emhjj
C:\WINDOWS\hpomdl01.dat:gbljm
C:\WINDOWS\IsUninst.exe:abywg
C:\WINDOWS\KB823559.log:kjgdp
C:\WINDOWS\KB824105.log:atdly
C:\WINDOWS\KB842773.log:jmcva
C:\WINDOWS\kguoe.log:pwtpt
C:\WINDOWS\lodbf13.ini:lnbky
C:\WINDOWS\msgsocm.log:eliui
C:\WINDOWS\mshp.dll:evjva
C:\WINDOWS\nsreg.dat:gzqrf
C:\WINDOWS\ocgen.log:ixbza
C:\WINDOWS\PowerReg.dat:vsrhn
C:\WINDOWS\Q323255.log:gjlgj
C:\WINDOWS\Q331953.log:nlxyg
C:\WINDOWS\Q810565.log:clhez
C:\WINDOWS\Q811493.log:fmidi
C:\WINDOWS\Q811630.log:xowmz
C:\WINDOWS\Q817287.log:pohsb
C:\WINDOWS\qnhto.dll:ipafv
C:\WINDOWS\SchedLgU.Txt:vgmkk
C:\WINDOWS\SETUP32.INI:wjsfr
C:\WINDOWS\setupapi.log:edlah
C:\WINDOWS\slyer.dll:uoccg
C:\WINDOWS\svcpack.log:mouha
C:\WINDOWS\SYMINST.LOG:wbgov
C:\WINDOWS\system.ini:fpnuc
C:\WINDOWS\TASKMAN.EXE:sgkqu
C:\WINDOWS\TLC.ico:kvfll
C:\WINDOWS\upth.ini:wyonk
C:\WINDOWS\win.ini:duvte
C:\WINDOWS\WindowsUpdate.log:nvgzh
C:\WINDOWS\xpsp1hfm.log:yeise
C:\WINDOWS\yonkn.dll:nqiuh
C:\WINDOWS\zyiix.dat:ifbxg
C:\WINDOWS\_default.pif:gqahc


Removed 4 Random Key Entries
Removed! : C:\WINDOWS\cnhqe.dll
Removed! : C:\WINDOWS\duvte.dat
Removed! : C:\WINDOWS\gcqvr.dll
Removed! : C:\WINDOWS\gmkka.dll
Removed! : C:\WINDOWS\ijtgr.dat
Removed! : C:\WINDOWS\iruwj.dll
Removed! : C:\WINDOWS\isywb.dll
Removed! : C:\WINDOWS\jeovo.dat
Removed! : C:\WINDOWS\kaazy.dll
Removed! : C:\WINDOWS\kmyyr.dll
Removed! : C:\WINDOWS\kppjo.dll
Removed! : C:\WINDOWS\mqpdw.dll
Removed! : C:\WINDOWS\netkn.dll
Removed! : C:\WINDOWS\npdxc.dll
Removed! : C:\WINDOWS\nxxlg.dll
Removed! : C:\WINDOWS\qnhto.dll
Removed! : C:\WINDOWS\rqjrn.dll
Removed! : C:\WINDOWS\rzxvp.dat
Removed! : C:\WINDOWS\sjwao.dll
Removed! : C:\WINDOWS\slyer.dll
Error Removing! : C:\WINDOWS\systh.dll
Removed! : C:\WINDOWS\wyonk.dat
Removed! : C:\WINDOWS\yiixo.dll
Removed! : C:\WINDOWS\yonkn.dll
Removed! : C:\WINDOWS\zyiix.dat
Removed! : C:\WINDOWS\system32\bztye.dll
Removed! : C:\WINDOWS\system32\cprgn.dll
Removed! : C:\WINDOWS\system32\dfcsf.dll
Removed! : C:\WINDOWS\system32\exwiq.dat
Removed! : C:\WINDOWS\system32\gyqvd.dat
Removed! : C:\WINDOWS\system32\jhwyo.dll
Removed! : C:\WINDOWS\system32\jyefw.dll
Removed! : C:\WINDOWS\system32\kftmy.dll
Removed! : C:\WINDOWS\system32\rjiux.dat
Removed! : C:\WINDOWS\system32\snvsw.dll
Removed! : C:\WINDOWS\system32\vbttf.dat
Removed! : C:\WINDOWS\system32\wtsrq.dll
Removed! : C:\WINDOWS\system32\zjwkp.dat
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 19


Removed Data Streams:
C:\WINDOWS\acroread.ini:vmstk
C:\WINDOWS\aeirem.ini:bctsx
C:\WINDOWS\aeirmpca.exe:fndzm
C:\WINDOWS\atid.ini:rztnz
C:\WINDOWS\BCMSMMSG.exe:ihzxd
C:\WINDOWS\chipset.log:xjixy
C:\WINDOWS\Ckrfresh.exe:ojkgt
C:\WINDOWS\comsetup.log:cmrfl
C:\WINDOWS\dahotfix.log:unksn
C:\WINDOWS\DtcInstall.log:nkwth
C:\WINDOWS\duvte.dat:anxxl
C:\WINDOWS\explorer.exe:jkaaz
C:\WINDOWS\explorer.scf:topco
C:\WINDOWS\FaxSetup.log:kmyon
C:\WINDOWS\gmkka.dll:emhjj
C:\WINDOWS\hpomdl01.dat:gbljm
C:\WINDOWS\IsUninst.exe:abywg
C:\WINDOWS\KB823559.log:kjgdp
C:\WINDOWS\KB824105.log:atdly
C:\WINDOWS\KB842773.log:jmcva
C:\WINDOWS\kguoe.log:pwtpt
C:\WINDOWS\lodbf13.ini:lnbky
C:\WINDOWS\msgsocm.log:eliui
C:\WINDOWS\mshp.dll:evjva
C:\WINDOWS\nsreg.dat:gzqrf
C:\WINDOWS\ocgen.log:ixbza
C:\WINDOWS\PowerReg.dat:vsrhn
C:\WINDOWS\Q323255.log:gjlgj
C:\WINDOWS\Q331953.log:nlxyg
C:\WINDOWS\Q810565.log:clhez
C:\WINDOWS\Q811493.log:fmidi
C:\WINDOWS\Q811630.log:xowmz
C:\WINDOWS\Q817287.log:pohsb
C:\WINDOWS\qnhto.dll:ipafv
C:\WINDOWS\SchedLgU.Txt:vgmkk
C:\WINDOWS\SETUP32.INI:wjsfr
C:\WINDOWS\setupapi.log:edlah
C:\WINDOWS\slyer.dll:uoccg
C:\WINDOWS\svcpack.log:mouha
C:\WINDOWS\SYMINST.LOG:wbgov
C:\WINDOWS\system.ini:fpnuc
C:\WINDOWS\TASKMAN.EXE:sgkqu
C:\WINDOWS\TLC.ico:kvfll
C:\WINDOWS\upth.ini:wyonk
C:\WINDOWS\win.ini:duvte
C:\WINDOWS\WindowsUpdate.log:nvgzh
C:\WINDOWS\xpsp1hfm.log:yeise
C:\WINDOWS\yonkn.dll:nqiuh
C:\WINDOWS\zyiix.dat:ifbxg
C:\WINDOWS\_default.pif:gqahc


Removed! : C:\WINDOWS\systh.dll
Attempted Clean Of Temp folder.
Pages Reset... Done!






Scanned at: 5:18:53 PM on: 2/26/2005


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 19

No ADS found on system
Removed 2 Random Key Entries
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 19

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!






Scanned at: 6:28:27 PM on: 2/26/2005


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 19


Removed Data Streams:
C:\WINDOWS\RussSqr.INI:wblft


Removed 2 Random Key Entries
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 19


Removed Data Streams:
C:\WINDOWS\RussSqr.INI:wblft


Attempted Clean Of Temp folder.
Pages Reset... Done!


Any Ideas??


All The Best,

Frank
  • 0

Advertisements

#2
coachwife6
Posted 27 February 2005 - 08:15 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Please delete your temporary files. Double Click My Computer (WinXP: Navigate to Start --->My Computer)
You will see an icon representing your harddrive (most likely C: Drive) Right Click on the hard drive icon and click Properties at the
bottom of the fly out window. One the very first tab (General) you will see a button labeled "Disk Cleanup"...click that button.
Make sure the following are checked:
Downloaded Program Files
Temporary Internet Files and
Recycle Bin
Click OK and Disk Cleanup will delete those files for you.

Download: http://www.mvps.org/.../DelDomains.inf
To use: right-click and select: Install (no need to restart)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP