Tech Support banner
Status
Not open for further replies.
1 - 4 of 4 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter · #1 ·
Hi,

I had recently been getting "data execution prevention" errors followed by "DrWatson PostMortem Debugger" errors. I figured it was no big deal until it started happening every time I tried to open "my documents".

I followed the instructions from microsofts page for disabling dep on certain applications, in this case windows explorer.

Now every time I try to open "my documents" I no longer get the dep error, but just the generic "windows explorer has encountered an error..." error. After sending this error report, it is immeadiately followed by a "drwatson..." error. After sending the drwatson, the system seems to be locked up, so I have to manually end the drwatson process from the task manager before the system becomes responsive again.

It might be worth noting that I can still access sub directories of "my documents" such as "my music, pictures" etc. But if I try to step out of one of those directories back into "my documents" I get the same errors :upset:

Any help will be greatly appreciated, here is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 3:58:15 PM, on 11/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: Gmail Notifier.lnk = C:\Program Files\Google\Gmail Notifier\gnotify.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnPService - Unknown owner - C:\HCT\PnPService.exe (file missing)
O23 - Service: screen-scraper - Unknown owner - C:\Program Files\screen-scraper professional edition\wrapper.exe" -s "C:\Program Files\screen-scraper professional edition\resource\conf\wrapper.conf (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
 

·
Security Manager, Analyst , Rangemaster, TSF Acade
Joined
·
39,538 Posts
Hi and welcome to TSF

Apologies for any delay in replying, but we have been rather busy lately, and, of course, all our helpers are volunteers.

Your log is clean and I suspect this is more of a Windows issue rather than a malware issue.

Let's run an online scan as a check.

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on
    located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting

  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on
    then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan



Post back with the Panda Log.
 

·
Registered
Joined
·
2 Posts
Discussion Starter · #3 ·
Thanks for taking the time to respond.

Before I read your reply, I went ahead and did a system restore. The issue hasn't popped up again since the restore.

Here are the results of my Panda scan post restore:


Incident Status Location

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Chester Szeto\Application Data\Mozilla\Firefox\Profiles\q6635njc.default\cookies.txt[.atwola.com/]

Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Chester Szeto\Application Data\Mozilla\Firefox\Profiles\q6635njc.default\cookies.txt[.c2.gostats.com/]

Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Chester Szeto\Application Data\Mozilla\Firefox\Profiles\q6635njc.default\cookies.txt[.ccbill.com/]

Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Chester Szeto\Application Data\Mozilla\Firefox\Profiles\q6635njc.default\cookies.txt[.kinghost.com/]

Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Chester Szeto\Application Data\Mozilla\Firefox\Profiles\q6635njc.default\cookies.txt[.maxserving.com/]

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Chester Szeto\Application Data\Mozilla\Firefox\Profiles\q6635njc.default\cookies.txt[.realmedia.com/]

Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Chester Szeto\Application Data\Mozilla\Firefox\Profiles\q6635njc.default\cookies.txt[landing.domainsponsor.com/]

Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Chester Szeto\Application Data\Mozilla\Firefox\Profiles\q6635njc.default\cookies.txt[searchportal.information.com/]
 
1 - 4 of 4 Posts
Status
Not open for further replies.
Top