Solved: Another HijackThis report curtsey of Dr Watson

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

carbonrose

Thread Starter
Joined
Mar 28, 2005
Messages
146
Dr Watson.
If this is a reporting program then I wonder why it freezes the pc once windows has loaded and not just provide a warning report. Anyway.. It seems many people have issues with Dr Watson and I am another.

I am running Windows XP Home with SP2.
This system has been running perfectly fine for a long time.
The only thing that has been updated or installed recently has been this Java2SE runtime environment and the Logitech files for the Wireless Keyboard and mouse.
How ever I have uninstalled both during my trouble shooting process but it made no difference to the current mystery of Dr Watson freezing the PC at start-up.
I will here mention that the Logitech programs caused havoc with the keyboard as it is a Japanese keyboard and PC. Now this does not work properly. :-(

But regarding Dr Watson, what is happening is when booting the PC, all starts fine.
Then during loading when you can finally see the Desktop you can see that the PC is still loading the programs that start automatically from start up. I.e. Zone alarm, AVG, SpyBot etc. (Only the ones I want to start of course.) at the bottom right hand of the screen.
But it is at this point where a Dr Watson.exe dialog Box appears saying that an error has occurred and the PC is frozen in space. So, ALT, CTRL, DELETE we go and in processes I usually find 2 and sometimes 3 dr watsons mentioned. Memory usages vary. From 3000-8100.
As I am typing now I have just checked the Task manager to see that DrWatson is till loaded.
When the PC freezes during the loading of windows desktop process I highlight one occurrence of Dr Watson and choose delete and then I can then access the desktop. Yet Dr Watson still remains and does not delete.
Through my limited knowledge of diagnosing I have found that SpyBot-SD definitely activates DR Watson when choosing 'resident' mode.
I have used the method of msconfig and removed all from startup and then selected one by one and restarting every time. The results were varied at best.
The best result was from playing around with SpyBot. This always gave a result with Dr Watson.
No Error Reports have been recorded in the log report under My Computer, Manage etc.
I have tried quite a few virus checkers, ad ware and Trojan checkers and only came up with a Host File Hijacker. Which has been deleted by MS Antivirus.

I have here a copy if the HijackThis report if it will help.
Although the PC is working well, it is of concern as to what has caused this Dr Watson to suddenly appear.

Any light shed upon this would be most appreciated. I have not been able to find anything on the net that reflects a similar issue to this one. But I have found a thread from MS about how to de-activate Dr Watson. And re-activate it if needed.
I have not yet done this. Not yet anyway.

Cheers all for their input.


Logfile of HijackThis v1.99.1
Scan saved at 15:18:37, on 2005/12/25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\IBM King of Translation V5\Program\KingMailTransToolBar.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IBM King of Translation V5\Program\Petit.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
F:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: IE–|–óƒc[ƒ‹ƒo[ - {1F97BE73-7957-4D7E-92F7-03204ED1E496} - C:\Program Files\IBM King of Translation V5\Program\KingToolBand.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KingMailTrans] "C:\Program Files\IBM King of Translation V5\Program\KingMailTransToolBar.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: IncrediMail ƒXƒ^ƒCƒ‹ƒ{ƒbƒNƒX‚ւ̃Aƒjƒ[ƒVƒ‡ƒ“‚̒ljÁ - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: –|–ó‚̉¤—l ’PŒê’ (&W) - res://C:\Program Files\IBM King of Translation V5\Program\KingExpBar.dll/217
O8 - Extra context menu item: –|–ó‚̉¤—l –¢’mŒêƒŠƒXƒg(&U) - res://C:\Program Files\IBM King of Translation V5\Program\KingExpBar.dll/212
O8 - Extra context menu item: –|–ó‚̉¤—l –|–ó(&T) - res://C:\Program Files\IBM King of Translation V5\Program\KingExpBar.dll/211
O8 - Extra context menu item: –|–ó‚̉¤—l —v–ñ(&A) - res://C:\Program Files\IBM King of Translation V5\Program\KingExpBar.dll/215
O8 - Extra context menu item: –|–ó‚̉¤—l –ó‚Ó‚è(&R) - res://C:\Program Files\IBM King of Translation V5\Program\KingExpBar.dll/216
O8 - Extra context menu item: –|–ó‚̉¤—l Ž«‘ƒc[ƒ‹(&D) - res://C:\Program Files\IBM King of Translation V5\Program\KingExpBar.dll/214
O8 - Extra context menu item: –|–ó‚̉¤—l Ž«‘ˆø‚«(&L) - res://C:\Program Files\IBM King of Translation V5\Program\KingExpBar.dll/213
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun ‚Ì Java ƒRƒ“ƒ\[ƒ‹ - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/
O16 - DPF: Yahoo! Chat JP - http://cs.chat.yahoo.co.jp/c212/chat.cab
O16 - DPF: Yahoo! Chat JP 2 - http://cs.chat.yahoo.co.jp/c302/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs.chat.yahoo.co.jp/v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130763859375
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4635/mcfscan.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} -
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 

Attachments

carbonrose

Thread Starter
Joined
Mar 28, 2005
Messages
146
Well, since deleting SpyBot. Or not using the resident mode..I have not encountered any more Dr Watson messages.
I wonder why though that this started to happen. It had worked well for a long time and then... poof!!
A message to the creators of Spybot perhaps...

I forgot to mention that Spyware Gaurd also causes a Dr Watson to appear.
 

carbonrose

Thread Starter
Joined
Mar 28, 2005
Messages
146
Well, no replies yet. And since last update I have been experiencing intermittant occurances of Dr Watson appearing. Always I have to use Task manger to stop Dr Watson for the short term so I can then fully use the applications.

If anyone does care to reply, Is it safe to disable Dr Watson by deleting the reg key?
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top