Unsolved
This post is more than 5 years old
3 Posts
0
7681
March 8th, 2005 22:00
DrWatson Postmortem Debugger
Hi, I got directed here by someone in the Windows XP Service Pack 2 Forum. Last night my Windows XP Home Edition automatically installed Service Pack 2. Now this morning I can't use Windows Explorer, My Computer, Control Panel, or open files on the desktop. When I try to use any of these my computer momentarily freezes up, the screen flickers, and I often get the error message "DrWatson Postmortem Debugger has encountered a problem and needs to close. We are sorry for the inconvenience." I can still run programs from my desktop or start menu (e.g., double-clicking on Firefox opens up the internet just fine). I can also open many files if I first open up a program (such as MSWord), and use the File-Open menu to navigate to a file and open it (assuming, in this case, the file is a Word file).
I've noticed that it is generally customary to post a HijackThis logfile. I downloaded version 1.99.1 and the logfile is below. I've also run scans (both in safe mode and normal mode) using Symantec, Ad-Aware SE, and Spybot S&D. I found plenty of spyware, but it didn't make any difference with my DrWatson problem. Thanks in advance!
PS: Believe it or not, the Dell support forum won't let me post my message because it says my message includes the prohibited word "a*s". I figure this must be because of words in my logfile below such as "cla*s". So, I've gone through the logfile and replaced all instances of "a*s" with "WHATEVER". If you need to change it back, I'm sure you can do it using find and replace.
Logfile of HijackThis v1.99.1
Scan saved at 6:16:13 PM, on 3/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsWHATEVER.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\ntne.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\appon32.exe
C:\WINDOWS\system32\l?WHATEVER.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\Chris\Application Data\eetu.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\System32\Hcj2s6.exe
C:\WINDOWS\System32\Hcj2s6.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Documents and Settings\Chris\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\uqokd.dll/sp.html#76985
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\uqokd.dll/sp.html#76985
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\uqokd.dll/sp.html#76985
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\uqokd.dll/sp.html#76985
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\uqokd.dll/sp.html#76985
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchWHATEVERistant = res://C:\WINDOWS\uqokd.dll/sp.html#76985
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj ClWHATEVER - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {EFFA5234-1603-4600-4D31-8FE60DB658FB} - C:\WINDOWS\atlos.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\JwqVfC.exe
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [31.tmp] C:\DOCUME~1\Chris\LOCALS~1\Temp\31.tmp.exe 4 10001
O4 - HKLM\..\Run: [tibs5] C:\WINDOWS\system32\tibs5.exe
O4 - HKLM\..\Run: [appon32.exe] C:\WINDOWS\system32\appon32.exe
O4 - HKLM\..\RunOnce: [ntne.exe] C:\WINDOWS\ntne.exe
O4 - HKCU\..\Run: [Ioyhna] C:\WINDOWS\system32\l?WHATEVER.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Chris\Application Data\eetu.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System ClWHATEVER) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,74/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr ClWHATEVER) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Network Security Service ( 6QÔõ'ª´ÆÐ8) - Unknown owner - C:\WINDOWS\ietr.exe (file missing)
I've noticed that it is generally customary to post a HijackThis logfile. I downloaded version 1.99.1 and the logfile is below. I've also run scans (both in safe mode and normal mode) using Symantec, Ad-Aware SE, and Spybot S&D. I found plenty of spyware, but it didn't make any difference with my DrWatson problem. Thanks in advance!
PS: Believe it or not, the Dell support forum won't let me post my message because it says my message includes the prohibited word "a*s". I figure this must be because of words in my logfile below such as "cla*s". So, I've gone through the logfile and replaced all instances of "a*s" with "WHATEVER". If you need to change it back, I'm sure you can do it using find and replace.
Logfile of HijackThis v1.99.1
Scan saved at 6:16:13 PM, on 3/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsWHATEVER.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\ntne.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\appon32.exe
C:\WINDOWS\system32\l?WHATEVER.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\Chris\Application Data\eetu.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\System32\Hcj2s6.exe
C:\WINDOWS\System32\Hcj2s6.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Documents and Settings\Chris\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\uqokd.dll/sp.html#76985
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\uqokd.dll/sp.html#76985
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\uqokd.dll/sp.html#76985
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\uqokd.dll/sp.html#76985
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\uqokd.dll/sp.html#76985
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchWHATEVERistant = res://C:\WINDOWS\uqokd.dll/sp.html#76985
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj ClWHATEVER - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {EFFA5234-1603-4600-4D31-8FE60DB658FB} - C:\WINDOWS\atlos.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\JwqVfC.exe
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [31.tmp] C:\DOCUME~1\Chris\LOCALS~1\Temp\31.tmp.exe 4 10001
O4 - HKLM\..\Run: [tibs5] C:\WINDOWS\system32\tibs5.exe
O4 - HKLM\..\Run: [appon32.exe] C:\WINDOWS\system32\appon32.exe
O4 - HKLM\..\RunOnce: [ntne.exe] C:\WINDOWS\ntne.exe
O4 - HKCU\..\Run: [Ioyhna] C:\WINDOWS\system32\l?WHATEVER.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Chris\Application Data\eetu.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System ClWHATEVER) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,74/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr ClWHATEVER) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Network Security Service ( 6QÔõ'ª´ÆÐ8) - Unknown owner - C:\WINDOWS\ietr.exe (file missing)
No Events found!
zn3zman
18 Posts
0
March 31st, 2005 07:00
ora1313
27 Posts
0
April 10th, 2005 13:00
It is not hard to fix...Print this out
It is not a virus, nor do you have to down-load anything to fix it. And for God Sake, do not re-format your pc.......or mess with your registry!
A Tech informed me it is a microsoft problem, don’t know if it is true, it seems to be. Problems are from an update from microsoft with the SP2....Tech didn’t know how to fix it, but I figured it out........
When the error box pops up, click on the link in the box see error file........You will see a path or 2 that looks something like this:
c:\docume~1\user\locals~1\Temp\werabbb.dir00\DRWTSN32.exe.mdmp
Write it down
Now, Re-Boot computer in safe-mode.............press F8 as soon as it starts to re-boot: This brings you into safe-mode. Here, you can get into your files.
Go into Windows Explorer, follow the path and delete the file: DRWTSN32.exe.
Now step 2: Go into the control panel, then add/remove programs. Find the program.........SP2 and click uninstall. This is the up-date from microsoft. You don’t need it anyway. If you don’t do both steps, it will just re-load.
Then, Re-boot system in normal mode, it should be ok.
Hope this helps, it worked for me....Let me know
Donna