Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Dr. Watson Post Mortem Debugger Issues...

  • This topic is locked This topic is locked
2 replies to this topic

#1 cylla


  • Members
  • 2 posts
  • Local time:11:00 PM

Posted 25 May 2008 - 02:01 PM

Good afternoon my friends,

I have noticed that while surfing th internet I get numerous error messages saying Dr. Watson Post Mortem Debugger caused an error. I've done some research and heard that the Dr. Watson software is the fall guy for somesort of virus or spyware that is infecting the system. Basically, everytime I try to load a web page I get the "Cannot Open This Page" message as if the computer were offline, then I click refresh and the page loads. After the page has finished loading I get the Dr. Watson Post Mortem Debugger error message. I installed HijackThis and ran a scan so here is the log file...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:39 PM, on 25/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:Program FilesTOSHIBAPower ManagementCeEPwrSvc.exe
C:Program FilesTOSHIBAConfigFreeCFSvcs.exe
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:Program FilesTOSHIBAE-KEYCeEKey.exe
C:Program FilesTOSHIBAPower ManagementCePMTray.exe
C:Program FilesApoint2KApoint.exe
C:Program FilesTOSHIBATouchPadTPTray.exe
C:Program FilesTOSHIBATouch and LaunchPadExe.exe
C:Program FilesTOSHIBATOSCDSPDtoscdspd.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesApoint2KApntex.exe
C:Program FilesMSN Messengermsnmsgr.exe
C:Program FilesMSN Messengerusnsvc.exe
C:Program FilesTrilliantrillian.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSsystem32dlatfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [CeEKEY] C:Program FilesTOSHIBAE-KEYCeEKey.exe
O4 - HKLM..Run: [CeEPOWER] C:Program FilesTOSHIBAPower ManagementCePMTray.exe
O4 - HKLM..Run: [EzButton] C:Program FilesEzButtonEzButton.EXE
O4 - HKLM..Run: [Apoint] C:Program FilesApoint2KApoint.exe
O4 - HKLM..Run: [TPNF] C:Program FilesTOSHIBATouchPadTPTray.exe
O4 - HKLM..Run: [dla] C:WINDOWSsystem32dlatfswctrl.exe
O4 - HKLM..Run: [PadTouch] C:Program FilesTOSHIBATouch and LaunchPadExe.exe
O4 - HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [WMAAD] C:Program FilesSonyWALKMAN LauncherWMAAD.exe
O4 - HKLM..Run: [DaemonTools_WhenUSave_Installer] C:Program FilesDaemonTools_WhenUSave_InstallerDaemonTools_WhenUSave_Installer.exe
O4 - HKLM..Run: [ntuser] C:WINDOWSsystem32driversspools.exe
O4 - HKLM..Run: [autoload] C:Documents and SettingsCyllacftmon.exe
O4 - HKCU..Run: [TOSCDSPD] C:Program FilesTOSHIBATOSCDSPDtoscdspd.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [ntuser] C:WINDOWSsystem32driversspools.exe
O4 - HKCU..Run: [autoload] C:Documents and SettingsCyllacftmon.exe
O4 - Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: RAMASST.lnk = C:WINDOWSsystem32RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 3 - C:Program FilesSonyIMAGE CONVERTER 3menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2_05binnpjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2_05binnpjpi142_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:Program FilesAIMaim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:WINDOWSsystem32ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:Program FilesTOSHIBAPower ManagementCeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:Program FilesTOSHIBAConfigFreeCFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:WINDOWSsystem32DVDRAMSV.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:Program FilesSonyIMAGE CONVERTER 3ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:Program FilesSonyIMAGE CONVERTER 3IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:Program FilesSonyIMAGE CONVERTER 3IcVzMon.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibMSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:Program FilesCommon FilesSony SharedAVLibPACSPTISVR.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:WINDOWSsystem32driversspools.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibSsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibSPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibSSScsiSV.exe

End of file - 7652 bytes
Any help would be greatly appreciated. thank you guys in advance for your time and consideration...
Merged posts. ~ OB

Edited by Orange Blossom, 25 May 2008 - 07:55 PM.

BC AdBot (Login to Remove)


#2 pskelley


  • Members
  • 1,487 posts
  • Gender:Male
  • Local time:11:00 PM

Posted 02 June 2008 - 07:22 PM

Welcome to Bleeping Computer, please be sure you have read and followed the
Preparation Guide For Use Before Posting A Hijackthis Log, Instructions for receiving help in cleaning your computer http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
All advice given is taken at your own risk.

I apologize for the wait, if your issues are not resolved, read the instructions posted above and then follow the directions below. If you no longer need help, I would appreciate a quick post letting me know so I can close your topic.

http://support.microsoft.com/kb/308538 <<< or your information.

You have some nasty infections:
This is a password stealer, be sure you read that information.


If your issues are not resolved, post a new HijackThis log using Add Reply.

MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006

#3 pskelley


  • Members
  • 1,487 posts
  • Gender:Male
  • Local time:11:00 PM

Posted 10 June 2008 - 05:46 PM

There has been no response to this topic in a week
This topic is closed
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users