Unsolved
This post is more than 5 years old
1 Message
0
2952
April 8th, 2005 10:00
DrWatson Postmortem Debugger is ruining my life!
Hi, until yesterday my whole computer was fine. Now I can't right click any file at all, or the whole destop and any folders open will freeze! I can right click folers though. After about 30 seconds of freezing, the error message saying that the DrWatson Postmortem Debugger has crashed
Here is my Hijack this log file.
Logfile of HijackThis v1.99.0
Scan saved at 12:25:59, on 08/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe
C:\Program Files\AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AntiSpyware\gcasDtServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Folding@Home\winFAH.exe
C:\Program Files\Folding@Home\FahCore_78.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\program files\internet explorer\IEXPLORE.EXE
C:\program files\internet explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
E:\My Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
O4 - HKLM\..\Run: [AS00_Gear311T] C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe -hide
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Startup: Time Synchronizer.lnk = C:\Program Files\Softnik Technologies\Time Synchronizer\timesync.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\JRE\bin\npjpi142_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\JRE\bin\npjpi142_07.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105805648457
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown - C:\Program.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) - Unknown - %ProgramFiles%\WinPcap\rpcapd.exe (file missing)
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: WinTab Service - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe
Please help me, I can't rename or delete any files at all!
Here is my Hijack this log file.
Logfile of HijackThis v1.99.0
Scan saved at 12:25:59, on 08/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe
C:\Program Files\AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AntiSpyware\gcasDtServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Folding@Home\winFAH.exe
C:\Program Files\Folding@Home\FahCore_78.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\program files\internet explorer\IEXPLORE.EXE
C:\program files\internet explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
E:\My Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
O4 - HKLM\..\Run: [AS00_Gear311T] C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe -hide
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Startup: Time Synchronizer.lnk = C:\Program Files\Softnik Technologies\Time Synchronizer\timesync.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\JRE\bin\npjpi142_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\JRE\bin\npjpi142_07.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105805648457
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown - C:\Program.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) - Unknown - %ProgramFiles%\WinPcap\rpcapd.exe (file missing)
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: WinTab Service - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe
Please help me, I can't rename or delete any files at all!
0 events found
No Events found!
ky331
5 Journeyman
•
15.6K Posts
•
45K Points
0
April 8th, 2005 11:00
(message retracted)
Message Edited by ky331 on 04-11-2005 11:27 AM
crayphish
19 Posts
0
April 8th, 2005 23:00
ky331
5 Journeyman
•
15.6K Posts
•
45K Points
0
April 12th, 2005 00:00
To Crayphish: Upon sound advice from SpotCheckBilly, I have removed my reference to Ora's "fix". instead, I offer the following 'rebuttal' to Ora (which I also attached to the previously referenced threads containing her "fix").
To Billy: I thank you for your help and suggestions. I hope that my words have done justice to your comments.
To Ora,
I've been in touch with SpotCheckBilly, and with his permission, I think it's important to bring out what I believe to be some critical points here. The quotes (in blue) are his. Please do not take this as a personal attack... rather, my only intent here is to be helpful to other readers in this forum.
First, as I know you're already aware, there is a Fake Microsoft Security Trojan on the Loose -- a spam e-mail which advocates that one should "Update your windows machine" by downloading an "Urgent Windows Update". Upon clicking on the supplied link, you are transferred to a Web site which fakes the appearance of the Microsoft Windows Update Site, but in reality, is operated by hackers, and installs a Trojan horse program (called DSNX-05) on your system. This alleged "update" is in fact a phony update... it is NOT legitimate. But as a consequence of this bad download, people have indeed been experiencing some very severe problems, and blaming their troubles on downloading/updating XP SP2.
In contrast, the legitimate "sp2 update (from the real Microsoft Windows Update site) and its subsequent patches should ALWAYS be installed, unless there is some very compelling reason not to" do so. By removing SP2, you are in fact compromising your PC's security. In fact, at some future point, in order to get later updates, XP users will have to install SP2 first. For those who've already installed it (from the legitimate sites), it's "ill-advised" to advocate they remove it. In short, SP2 is a highly important/valuable addition to the Windows XP operating system, and should NOT be removed.
As for removing Dr. Watson: "Every case of the 'Dr. Watson postmortem debugger' problem that" Billy has "come across has been a result of one of the CWS (Cool Web Search) variants". It should be kept in mind that "Dr. Watson is a legitimate diagnostic tool for the Windows operating system". As such, it shouldn't be simply discarded.
Now Ora, I understand your desire to step-in and argue (paraphrasing what I believe to be your contention) "But my fix really works... several people have all told me that, by removing Dr. Watson, they no longer experienced this error". And yes, you're correct... as far as the literal meaning here. But here's the analogy to your advice, as crazy as this may seem to you: Suppose a person came to you, in great pain, suffering from a broken arm. You COULD tell that person he/she needs an amputation. That certainly would 'work', in the sense that it would take care of their pain. No more pain.... And no more broken arm. But the problem now is, much more simply, no more ARM! That person can no longer reach for things, or write, or do the usual tasks that had been performed with that arm. And, by analogy, THIS is what you're advocating when you tell people to remove (i.e., cut off) Dr. Watson. They will lose access to a potentially valuable debugging tool. I'm sure we all would agree that instead of amputating one's arm, the far-preferable approach is to set it... likewise, rather than removing Dr. Watson, it would be far-better to repair it.
So, I would suggest that all readers out there take SpotCheckBilly's good advice... find the proper fix for Dr. Watson... don't just settle for its "amputation".
And don't give up on SP2.
dr watson again
17 Posts
0
April 12th, 2005 01:00
ky331
5 Journeyman
•
15.6K Posts
•
45K Points
0
April 12th, 2005 11:00
Message Edited by ky331 on 04-12-2005 07:21 AM
ky331
5 Journeyman
•
15.6K Posts
•
45K Points
0
April 12th, 2005 14:00
dr watson again
17 Posts
0
April 12th, 2005 14:00
dr watson again
17 Posts
0
April 12th, 2005 16:00
dr watson again
17 Posts
0
April 12th, 2005 16:00
ky331
5 Journeyman
•
15.6K Posts
•
45K Points
0
April 12th, 2005 16:00
ky331
5 Journeyman
•
15.6K Posts
•
45K Points
0
April 12th, 2005 16:00
Message Edited by ky331 on 04-12-2005 12:42 PM
Bertha2
711 Posts
0
April 13th, 2005 13:00
Can I just add to this incase there is any confusion that I am male!!!!
Im a student from Britain
Bertha2
Bertha2
711 Posts
0
April 13th, 2005 14:00
No problem Ky331
Bertha2
ky331
5 Journeyman
•
15.6K Posts
•
45K Points
0
April 13th, 2005 14:00