Suspected Dr watson problem crashing explorer

Unknown

Hi,

I really need some help and was hoping someone would be able to help, my problem is that whenever I use IE to explore my LG dvd drive it crashes after a few seconds and gives me an error report. Usually it doesnt say anything about Dr Watson Postmortem Debugger, but a couple of times today it did and it locked my computer. So after i got this error i did a google search and found this site. Recently I have re-installed my OS because i was having issues this version has only been on my computer for about 4 or 5 weeks.

I found some information on other sites and this one and downloaded and ran the following mostly in safe mode.

Panda Anti-virus
Spy sweeper
Ad-Aware
Tweaknow Regcleaner
Reg cure
Spybot search and destroy
Hijack This

(All were legimate copies)

The programs all found problems and i deleted and/or fixed them BUT it didnt fix the problem of it crashing.


System Info

Microsoft Windows XP
Professional
Version 2002
Service Pack 2

Computer:
AMD Athlon(tm) XP2800+
2.08 GHz, 512MB or RAM


I had a look through the logfile of Hijack This but i couldnt really spot anything obvious so I didnt delete anything. This is the Hijack This file:

Logfile of HijackThis v1.99.1
Scan saved at 10:37:14 PM, on 13/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Paul\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Y!mLite - {9B04D939-D9D1-45e0-9FBF-5A31AAF7A68A} - C:\Program Files\Y!mLite\ymlite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe

When i get the error report the error signature is :
Appname: explorer.exe Appver: 6.0.2900.2180 Modname: nevideo.ax
Modver: 3.2.0.7 Offset 000c3206


Please help its driving me crazy as it effectively makes my DVD drive useless.

Thanks in Advance,

Paul

tooheys

So is there nothing in my logfile that is suspect? I've also found that with some files that windows media player will not stay open and give an error and close. Please help me

jmoney3457

hi too, sorry for the wait, we've been backed up by logs, first please fix these lines in HJT-->R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = then reboot and post new hjt log

tooheys

Jmoney thanks for the reply. You guys do a great job and the speed this forum moves I can see why you would be swamped. Anyways fixed those two lines and this is what my HJT log looks like now.
Logfile of HijackThis v1.99.1
Scan saved at 11:10:26 PM, on 21/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Toop\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\yahoomessenger.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Y!mLite - {9B04D939-D9D1-45e0-9FBF-5A31AAF7A68A} - C:\Program Files\Y!mLite\ymlite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe

Also on certain folders usually containing mpegs or avi's across my network the explorer window will crash and/or windows media player will crash. And every now and then i notice that the cursor has the hourglass loading symbol over it when nothing is loading. Thanks for you help look forward to your reply.

jmoney3457

no problem thank you for the kind words, i'm not really familar with malware causing that but lets give this a try please do the following-->First download ewido anti-spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
2. Once the setup is complete you will need run ewido and update the definition files.
3. On the main screen select the icon "Update" then select the "Update now" link.
   • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
6. Under "Reports"
   • Select "Automatically generate report after every scan"
   • Un-Select "Only if threats were found"

Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.

1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
   IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
2. Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
4. ewido will now begin the scanning process, be patient this may take a little time.
   Once the scan is complete do the following:
5. If you have any infections you will prompted, then select "Apply all actions"
6. Next select the "Reports" icon at the top.
7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
8. Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan.

tooheys

Ok downloaded ewido and followed the steps. Strangely though when i booted in safe mode and went to the start menu to boot ewido up i got an explorer error again and said it had to close explorer even though only the start menu had been opened. After i click the dont send I lost the taskbar and it went back to the start of safe mode where you have the choice of staying in safe mode or rebooting and using system restore.

Anyways after that little setback I ran ewido and this is the report.

ewido anti-spyware - Scan Report

---

+ Created at: 6:32:16 PM 22/08/2006

+ Scan result:



C:\Documents and Settings\Toop\My Documents\Apps\MsgPlus-301.exe/sponsor.exe -> Downloader.Swizzor.ag : Cleaned with backup (quarantined).
:mozilla.76:C:\Documents and Settings\Toop\Application Data\Mozilla\Firefox\Profiles\6d75znce.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Toop\Cookies\toop@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.71:C:\Documents and Settings\Toop\Application Data\Mozilla\Firefox\Profiles\6d75znce.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.72:C:\Documents and Settings\Toop\Application Data\Mozilla\Firefox\Profiles\6d75znce.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
:mozilla.73:C:\Documents and Settings\Toop\Application Data\Mozilla\Firefox\Profiles\6d75znce.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\Documents and Settings\Toop\Cookies\toop@as.casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.135:C:\Documents and Settings\Toop\Application Data\Mozilla\Firefox\Profiles\6d75znce.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.136:C:\Documents and Settings\Toop\Application Data\Mozilla\Firefox\Profiles\6d75znce.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.137:C:\Documents and Settings\Toop\Application Data\Mozilla\Firefox\Profiles\6d75znce.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.139:C:\Documents and Settings\Toop\Application Data\Mozilla\Firefox\Profiles\6d75znce.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.141:C:\Documents and Settings\Toop\Application Data\Mozilla\Firefox\Profiles\6d75znce.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.142:C:\Documents and Settings\Toop\Application Data\Mozilla\Firefox\Profiles\6d75znce.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.143:C:\Documents and Settings\Toop\Application Data\Mozilla\Firefox\Profiles\6d75znce.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.144:C:\Documents and Settings\Toop\Application Data\Mozilla\Firefox\Profiles\6d75znce.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.61:C:\Documents and Settings\Toop\Application Data\Mozilla\Firefox\Profiles\6d75znce.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.80:C:\Documents and Settings\Toop\Application Data\Mozilla\Firefox\Profiles\6d75znce.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.81:C:\Documents and Settings\Toop\Application Data\Mozilla\Firefox\Profiles\6d75znce.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\Toop\Application Data\Mozilla\Firefox\Profiles\6d75znce.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).


::Report end

jmoney3457

havn't heard of that happening before, lets try this-->Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)

• Scan Options:

Scan Archives
Scan Mail Bases

[*]Click OK
[*]Now under select a target to scan:

Select

My Computer

[*]This will program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.

• Now click on the Save as Text button:

[*]Save the file to your desktop.
[*]Copy and paste that information in your next post.

tooheys

Did the scan and this is what i got

KASPERSKY ONLINE SCANNER REPORT
Wednesday, August 23, 2006 11:28:12 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 23/08/2006
Kaspersky Anti-Virus database records: 217476
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
Y:\
Z:\
Scan Statistics
Total number of scanned objects 81918
Number of viruses found 3
Number of infected objects 41 / 0
Number of suspicious objects 0
Duration of the scan process 02:00:52

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2c8e5ebe65c551e133f9b84dd0512584_f7771019-d0d7-41b4-8162-773ee1328bb2 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\836ad2d1306ec09b9271e30f16ba118d_f7771019-d0d7-41b4-8162-773ee1328bb2 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e169c758c7b0bd6ffce4fd188f03d1d8_f7771019-d0d7-41b4-8162-773ee1328bb2 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fe627a8e6a89c3de53c30036a396d45c_f7771019-d0d7-41b4-8162-773ee1328bb2 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Toop\Application Data\Mozilla\Firefox\Profiles\6d75znce.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Toop\Application Data\Mozilla\Firefox\Profiles\6d75znce.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Toop\Application Data\Mozilla\Firefox\Profiles\6d75znce.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Toop\Application Data\Mozilla\Firefox\Profiles\6d75znce.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Toop\Application Data\Mozilla\Firefox\Profiles\6d75znce.default\cert8.db Object is locked skipped
C:\Documents and Settings\Toop\Application Data\Mozilla\Firefox\Profiles\6d75znce.default\history.dat Object is locked skipped
C:\Documents and Settings\Toop\Application Data\Mozilla\Firefox\Profiles\6d75znce.default\key3.db Object is locked skipped
C:\Documents and Settings\Toop\Application Data\Mozilla\Firefox\Profiles\6d75znce.default\parent.lock Object is locked skipped
C:\Documents and Settings\Toop\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Toop\Local Settings\Application Data\Microsoft\Messenger\phillip_stubs@hotmail.com\SharingMetadata\Logs\Dfsr.log Object is locked skipped
C:\Documents and Settings\Toop\Local Settings\Application Data\Microsoft\Messenger\phillip_stubs@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Toop\Local Settings\Application Data\Microsoft\Messenger\phillip_stubs@hotmail.com\SharingMetadata\Working\database_CC8_6D60_C86D_48D2\dfsr.db Object is locked skipped
C:\Documents and Settings\Toop\Local Settings\Application Data\Microsoft\Messenger\phillip_stubs@hotmail.com\SharingMetadata\Working\database_CC8_6D60_C86D_48D2\fsr.log Object is locked skipped
C:\Documents and Settings\Toop\Local Settings\Application Data\Microsoft\Messenger\phillip_stubs@hotmail.com\SharingMetadata\Working\database_CC8_6D60_C86D_48D2\tmp.edb Object is locked skipped
C:\Documents and Settings\Toop\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Toop\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Toop\Local Settings\Application Data\Microsoft\Windows Live Contacts\phillip_stubs@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Toop\Local Settings\Application Data\Microsoft\Windows Live Contacts\phillip_stubs@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Toop\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Toop\Local Settings\History\History.IE5\MSHist012006082320060824\index.dat Object is locked skipped
C:\Documents and Settings\Toop\Local Settings\Temp\Perflib_Perfdata_aac.dat Object is locked skipped
C:\Documents and Settings\Toop\Local Settings\Temp\~DF3459.tmp Object is locked skipped
C:\Documents and Settings\Toop\Local Settings\Temp\~DF3464.tmp Object is locked skipped
C:\Documents and Settings\Toop\Local Settings\Temp\~DF3E23.tmp Object is locked skipped
C:\Documents and Settings\Toop\Local Settings\Temp\~DF3E2E.tmp Object is locked skipped
C:\Documents and Settings\Toop\Local Settings\Temp\~DF65FE.tmp Object is locked skipped
C:\Documents and Settings\Toop\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Toop\My Documents\Apps\Yahoo apps\-Big-Killer-V6.0-.zip/-Big-Killer-V6.0-/-Big-Killer-V6.0-.exe/-Big-Killer-V6.0-.exe Infected: IM-Flooder.Win32.KillBig.51 skipped
C:\Documents and Settings\Toop\My Documents\Apps\Yahoo apps\-Big-Killer-V6.0-.zip/-Big-Killer-V6.0-/-Big-Killer-V6.0-.exe Infected: IM-Flooder.Win32.KillBig.51 skipped
C:\Documents and Settings\Toop\My Documents\Apps\Yahoo apps\-Big-Killer-V6.0-.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Toop\My Documents\Apps\Yahoo apps\Cr@@gle.ace/Craagle.exe Infected: not-a-virus:AdWare.Win32.Craagle.19 skipped
C:\Documents and Settings\Toop\My Documents\Apps\Yahoo apps\Cr@@gle.ace ACE: infected - 1 skipped
C:\Documents and Settings\Toop\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Toop\NTUSER.DAT.LOG Object is locked skipped
C:\Program Files\Panda Software\Panda Antivirus 2007\PSK_NAMES Object is locked skipped
C:\Program Files\Panda Software\Panda Antivirus 2007\PSK_NAMES2 Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\billing_Toop.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\client_Toop.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\network_Toop.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{B3624EF3-ADA4-41C8-9C0F-A3A9D5EB7124}\RP80\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2001\BNB007\Computing Module\Matlab\M_DATA.ZIP/FILE.VBS Infected: Email-Worm.VBS.Gedza skipped
Z:\Lindsay Archive\Docs\UNI\2001\BNB007\Computing Module\Matlab\M_DATA.ZIP ZIP: infected - 1 skipped
Z:\Lindsay Archive\Docs\UNI\2001\EEB212\Computing Module\index.htm Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2001\EEB212\Computing Module\Tutorials\week 2.htm Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2001\EEB212\Computing Module\Tutorials\week 3.htm Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2001\EEB212\Computing Module\Tutorials\week 4.htm Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2001\EEB212\Computing Module\Tutorials\week 5.htm Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2001\EEB212\Computing Module\Tutorials\week 7.htm Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2001\MMB131\Quiz 1.htm Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2001\MMB131\Quiz 2.htm Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2001\MMB131\Quiz 3.htm Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2001\MMB131\Quiz 5.htm Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2001\MMB131\Quiz 7.htm Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2001\MMB131\Quiz 9.htm Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2002\BSB110\Assignment\Brand Names.htm Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2002\BSB110\Assignment\Brand Names_files\dyn-help.js Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2002\BSB110\Assignment\Brand Names_files\feedback.js Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2002\BSB110\Assignment\Brand Names_files\HM_Loader.js Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2002\BSB110\Assignment\Brand Names_files\overlib.js Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2002\BSB110\Assignment\Manufacturing.htm Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2002\BSB110\Assignment\Manufacturing_files\dyn-help.js Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2002\BSB110\Assignment\Manufacturing_files\feedback.js Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2002\BSB110\Assignment\Manufacturing_files\HM_Loader.js Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2002\BSB110\Assignment\Manufacturing_files\overlib.js Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2002\BSB110\Assignment\The internationalization process of the smaller firm.htm Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2002\BSB110\Assignment\The internationalization process of the smaller firm_files\dyn-help.js Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2002\BSB110\Assignment\The internationalization process of the smaller firm_files\HM_Loader.js Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2002\BSB110\Assignment\The internationalization process of the smaller firm_files\overlib.js Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2002\BSB110\Assignment\Wine Labels.htm Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2002\BSB110\Assignment\Wine Labels_files\dyn-help.js Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2002\BSB110\Assignment\Wine Labels_files\feedback.js Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2002\BSB110\Assignment\Wine Labels_files\HM_Loader.js Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2002\BSB110\Assignment\Wine Labels_files\overlib.js Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2002\BSB110\Assignment\Wine Prices.htm Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2002\BSB110\Assignment\Wine Prices_files\dyn-help.js Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2002\BSB110\Assignment\Wine Prices_files\feedback.js Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2002\BSB110\Assignment\Wine Prices_files\HM_Loader.js Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2002\BSB110\Assignment\Wine Prices_files\overlib.js Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2002\BSB113\Assignment\greenhouse gasses.htm Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2002\BSB113\Assignment\greenhouse gasses_files\dyn-help.js Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2002\BSB113\Assignment\greenhouse gasses_files\HM_Loader.js Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2002\BSB113\Assignment\greenhouse gasses_files\overlib.js Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2002\BSB119\BSB119 Workshop Intro.html Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2003\BSB114\Assignment\Document.htm Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2003\BSB114\Assignment\Document_files\dyn-help.js Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2003\BSB114\Assignment\Document_files\feedback.js Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2003\BSB114\Assignment\Document_files\HM_Loader.js Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2003\BSB114\Assignment\Document_files\overlib.js Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2003\BSB119\oral\crops.htm Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2003\BSB119\oral\Document.htm Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2003\BSB119\oral\recycle.htm Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2003\BSB119\oral\talked up.htm Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2004\Uni 2 Sem 2004\BSB314 E-Business Intelligence\prdsale variable list.htm Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2004\Uni 2 Sem 2004\MGB334 Managing in a changing Environmnet\MGB334 Unit Outline.htm Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2004\UNI 2004\AYB220\AYB220 Lecture 1 Tutorial Solutions.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza skipped
Z:\Lindsay Archive\Docs\UNI\2004\UNI 2004\AYB220\AYB220 Lecture 1 Tutorial Solutions.zip ZIP: infected - 1 skipped
Z:\Lindsay Archive\Docs\UNI\2004\UNI 2004\AYB221\Assement\MYOB Assignment.ZIP/FILE.VBS Infected: Email-Worm.VBS.Gedza skipped
Z:\Lindsay Archive\Docs\UNI\2004\UNI 2004\AYB221\Assement\MYOB Assignment.ZIP ZIP: infected - 1 skipped
Z:\Lindsay Archive\Docs\UNI\2004\UNI 2004\AYB221\MYOB0512.ZIP/FILE.VBS Infected: Email-Worm.VBS.Gedza skipped
Z:\Lindsay Archive\Docs\UNI\2004\UNI 2004\AYB221\MYOB0512.ZIP ZIP: infected - 1 skipped
Z:\Lindsay Archive\Docs\UNI\2004\UNI 2004\AYB221\MYOB0918.ZIP/FILE.VBS Infected: Email-Worm.VBS.Gedza skipped
Z:\Lindsay Archive\Docs\UNI\2004\UNI 2004\AYB221\MYOB0918.ZIP ZIP: infected - 1 skipped
Z:\Lindsay Archive\Docs\UNI\2004\UNI 2004\BSB114\Research\Formatted Document.htm Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2004\UNI 2004\BSB114\Research\Formatted Document_files\pqdlink.htm Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2004\UNI 2004\BSB114\Research\Formatted Document_files\pqdlink_files\dyn-help.js Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2004\UNI 2004\BSB114\Research\Formatted Document_files\pqdlink_files\overlib.js Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2004\UNI 2004\BSB114\Research\Formatted Document_files\pqdlink_files\scripts.js Object is locked skipped
Z:\Lindsay Archive\Docs\UNI\2004\UNI 2004\BSB114\Research\pqdlink.htm Object is locked skipped
Z:\Lindsay Archive\Good emails\Good files\MixingAlcohol.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza skipped
Z:\Lindsay Archive\Good emails\Good files\MixingAlcohol.zip ZIP: infected - 1 skipped
Z:\Lindsay Archive\Pictures\Photos\Lindsay's Photo's\Snowboarding\Highlands\23-2-05 (Highlands Bowl)\doing the bowl.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza skipped
Z:\Lindsay Archive\Pictures\Photos\Lindsay's Photo's\Snowboarding\Highlands\23-2-05 (Highlands Bowl)\doing the bowl.zip ZIP: infected - 1 skipped
Z:\Lindsay Archive\Pictures\Photos\Lindsay's Photo's\Unsorted\sophies **** for ryan\New Folder\DSC00239.ZIP/FILE.VBS Infected: Email-Worm.VBS.Gedza skipped
Z:\Lindsay Archive\Pictures\Photos\Lindsay's Photo's\Unsorted\sophies **** for ryan\New Folder\DSC00239.ZIP ZIP: infected - 1 skipped
Z:\Lindsay Archive\Programs\Drivers\IDE PCI card\one you want.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza skipped
Z:\Lindsay Archive\Programs\Drivers\IDE PCI card\one you want.zip ZIP: infected - 1 skipped
Z:\Lindsay Archive\Programs\Drivers\IDE PCI card\SiI0608A_updbios.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza skipped
Z:\Lindsay Archive\Programs\Drivers\IDE PCI card\SiI0608A_updbios.zip ZIP: infected - 1 skipped
Z:\Lindsay Archive\Programs\Drivers\IDE PCI card\SiI0608A_updbios_util.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza skipped
Z:\Lindsay Archive\Programs\Drivers\IDE PCI card\SiI0608A_updbios_util.zip ZIP: infected - 1 skipped
Z:\Lindsay Archive\Programs\Drivers\IDE PCI card\SiI0680A_dos-image.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza skipped
Z:\Lindsay Archive\Programs\Drivers\IDE PCI card\SiI0680A_dos-image.zip ZIP: infected - 1 skipped
Z:\Lindsay Archive\Programs\Drivers\IDE PCI card\SiI0680a_rdrv1017.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza skipped
Z:\Lindsay Archive\Programs\Drivers\IDE PCI card\SiI0680a_rdrv1017.zip ZIP: infected - 1 skipped
Z:\Lindsay Archive\Programs\Drivers\IDE PCI card\SiI0680A_SiIcfg-docs.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza skipped
Z:\Lindsay Archive\Programs\Drivers\IDE PCI card\SiI0680A_SiIcfg-docs.zip ZIP: infected - 1 skipped
Z:\Lindsay Archive\Programs\Drivers\IDE PCI card\SiI0680A_updflash_util.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza skipped
Z:\Lindsay Archive\Programs\Drivers\IDE PCI card\SiI0680A_updflash_util.zip ZIP: infected - 1 skipped
Z:\Lindsay Archive\Programs\Drivers\IDE PCI card\SiI0680A_Windows_IDE.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza skipped
Z:\Lindsay Archive\Programs\Drivers\IDE PCI card\SiI0680A_Windows_IDE.zip ZIP: infected - 1 skipped
Z:\Lindsay Archive\Programs\Drivers\IDE PCI card\SiI0680_x86_InstallSiICfg-1205.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza skipped
Z:\Lindsay Archive\Programs\Drivers\IDE PCI card\SiI0680_x86_InstallSiICfg-1205.zip ZIP: infected - 1 skipped
Z:\Lindsay Archive\Programs\Nero\Nero 6 DVD-Video Plugin.zip/FILE.VBS Infected: Email-Worm.VBS.Gedza skipped
Z:\Lindsay Archive\Programs\Nero\Nero 6 DVD-Video Plugin.zip ZIP: infected - 1 skipped
Z:\Lindsay Archive\Programs\Power DVD Pro 6 v2.55\Html\Enu\CONTENT.HTM Object is locked skipped
Scan process completed.


Also while the scan was running panda picked up some worms and viruses on a computer on my network. Maybe this is where im getting infected from

jmoney3457

my, that comp is quite infected

Also while the scan was running panda picked up some worms and viruses on a computer on my network. Maybe this is where im getting infected from

is the computer that panda detected them on this PC we're working on or a different 1? also how many computers on your network ?

tooheys

well there are 3 computers constantly connected on my network all running through a wireless router. I have complete control over 2 of them and none over the other one as its my room mates. All the Z drive files are on the other computer that i control.

I use this other computer as a mass storage device for music movies etc so im presuming that because it is infiected it keeps infecting me. Can i clean both of my computers and then firewall myself from my room mates computer so that he cant infect me as he runs limewire and equally unsafe programs regularly.

Thanks

jmoney3457

oh ok, yes if he does infact have limewire and such on his computer that would definitely be a big source of malware..have you asked him to get rid of all the malware?if he wants he join this forum and post hjt log as well and i can help him cleanup his machine as well but as for the other 2 that are under your control...do you want me to help you clean up both of them?

tooheys

Mate that would be awesome I would appreciate getting my two clean. I have asked him and he doesnt really care thats why im thinking of trying to firewall my two machines from his so he cant contaminate me.

jmoney3457

tooheys wrote:

Mate that would be awesome I would appreciate getting my two clean. I have asked him and he doesnt really care thats why im thinking of trying to firewall my two machines from his so he cant contaminate me.

no problem, to make it let confusing for us both lets continue with cleaning up this machine we're working on now then once that's done move on to the other of yours:smiles:

tooheys

So whats the next step?

jmoney3457

please post new hjt log from the current machine we're working on