Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Please help, Dr. Watson problems

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 4 posts
Please help me and thanks in advance! Obviously I need help! Maybe a week ago, my IE started having some minor problems, nothing big and everything else was fine. Then, Sun, when I started IE a message box popped up warning me about my security settings, etc. I was told ActiveX wouldn't be allowed with these settings, I needed it so I went to Tools-Internet Options-Security, and voila, my zones are a blank box and my little lever is on custom but no info is viewable. When I click to change this, the comp freezes, pops up with IE has encountered an error box and must close, then Dr. Watson's PostMortem Debugger has encountered and error and must close. I restarted the comp and tried again, same thing. So I do a little research about this Dr. Watson and it seems he is a sign of a virus or something bad. Meanwhile, my comp is progressively getting worse, when it starts up it pops up with a bunch of chinese/japanese symbols that are apparently the name of a program and says it can't be found. Then when I start IE, some sites seem to be forbidden, it won't let me search on Google, won't let me access my webmail (error message says cookies are forbidden from being sent/received on my settings, which are screwed up), if I try to do an online virus scan, comp freezes, try to login anywhere, I can't, etc. and good old Dr. Watson still pops up reliably. So I followed some advice, started in safe mode, scanned with Ad-Aware, which found only a couple of cookies, then with Spy-Bot, which found a few pretty harmless programs that I removed, then scanned with Avast in normal mode, found nothing, then I did a boot-time scan, which found 37 viruses/malware things, which it deleted. The problem seemed to be solved for about 10 mins, then everything was back to normal. So I started in Selective startup using MSCONFIG, which the virus doesn't seem to affect me when I do this (only system services running) and do some more research, d/l Killbox and HiJack This, start the comp in normal mode and run HiJack this. Saved my log, and now I will post it since I'm back in selective mode. I REALLY need your help, I'm totally lost and ready to throw the comp out the window! I need step-by-step instructions since I can be slow. Thanks so much!
  • 0




    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Logfile of HijackThis v1.99.1
Scan saved at 7:16:20 PM, on 4/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\PromptCast\PromptCast.exe
C:\Program Files\Forrester Panel\ForresterPanelUa.exe
C:\Program Files\Forrester Panel\ForresterPanel.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Documents and Settings\Megan\My Documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.ne...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.ne...ch?r=minisearch
R3 - URLSearchHook: (no name) - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file)
F0 - system.ini: Shell=Explorer.exe C:\windows\apisystray.exe
F1 - win.ini: run=C:\windows\apisystray.exe
F3 - REG:win.ini: load=??L
F3 - REG:win.ini: run=??L
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Serum_server] C:\WINDOWS\system32\SerumServer.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NetMeter] C:\PROGRA~1\NETRAT~1\NetMeter\NetMeter.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [apisystray] C:\windows\apisystray.exe
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\RunServices: [apisystray] C:\windows\apisystray.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [PromptCast] C:\Program Files\PromptCast\PromptCast.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Forrester Panel Update] C:\Program Files\Forrester Panel\ForresterPanelUa.exe
O4 - HKCU\..\Run: [Forrester Panel] C:\Program Files\Forrester Panel\ForresterPanel.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Sygate Personal Firewall.lnk = C:\Program Files\Sygate\SPF\Smc.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt3_x.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct1_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.game...nts/y/zt3_x.cab
O16 - DPF: Yahoo! Hearts - http://download.game...nts/y/ht0_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst3_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: Yahoo! Trivia - http://download.game...ts/y/tvt0_x.cab
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxres...m/Preloader.dll
O16 - DPF: {1000026A-8230-4DD4-BE4F-6889D1E74166} - http://www.compete.c...l/01/MSView.cab
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} - http://otx.ifilm.com...ia/OTXMedia.dll
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webi...Q/bin/WebIQ.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77DD44BF-551D-4E3C-82CD-D637D5018D3C} - http://www.surveys.c.....AST SETUP.cab
O16 - DPF: {7BA16120-B314-4EE4-A676-8B4B33909513} (Invoke Solutions MILive Participant Control(MR)) -
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (NMInstall Control) - http://a14.g.akamai.....0_SILENT_2.cab
O16 - DPF: {93EFDAB8-8800-4896-B428-76F943140E1B} (Setup Class) - http://www.compete.c...ter/dcainst.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) -
O16 - DPF: {C6B086D2-146B-47A4-A218-B82DCAF2D872} (cpbrxpie Control) - http://a19.g.akamai....20/cpbrxpie.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Companion) - http://us.dl1.yimg.c...ebio5_1_6_0.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashserv.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP