multiple drwtsn32.exe instances open when starting programs

Hi, I've been having some trouble with my computer lately. I'm running Windows XP Home SP2.

Recently, whenever I try to open a program it crashes. I am able to open the program eventually by continually trying to open it, but sometimes it crashes many times before starting successfully. After the program crashes, I get a window saying Dr. Watson Postmortem Debugger has encountered a problem and needs to close, similar to the popup the program I try to run gives me. This happens with Mozilla Firefox, AIM, MSN Messenger, and pretty much any program I try to run, but not all the time - it seems to be random. When I check my Windows Task Manager, I get multiple instances of drwtsn32.exe and dwwin.exe. I am usually able to kill them, but it is only a temporary fix... Programs continue to crash on startup after a little while. I'll include my HJT log, and hope one of you is able to help me with my problem.




Edit by chaslang: Inline HJT log removed. READ & RUN ME sticky not followed.



As you can see in my log, drwtsn32.exe is running in a few places.

 

Hi Nick

Welcome to Major Geeks!

Please start by running this utility:

1. Download this file - Combo Fix
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Attach this log to your next reply and

Note: Do not mouseclick combofix's window while it is running. That may cause it to stall. Once you've finished, please post fresh logs for Shownew, Runkeys and HJT.

After you've completed this, please follow our standard cleaning procedure in the box:

 

I've attached combofix, counterspy, and hjt logs. I'm currently on step 6A of "READ & RUN ME FIRST."

 

Attached runkeys and shownew.

 

Attached bitdefender log and pandascan log.

 

Hi Nick!

I don't see any antivirus or firewall program on your computer!! This is very dangerous for your computer!!


1) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger

2) Please copy the bold text including the word REGEDIT4 below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it, double click it and allow it to merge with the registry.

3) Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.


After you have completed the above in the correct order, please attach the following logs.

• ShowNew Log
• HJT
• Avenger Log

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

abri

 

Attached the 3 requested logs.

 

Hi Nick!

Your last three logs didn't get attached. I can look at them if you post them. The changes we made will help your computer, but aren't the cause of the Dr. Watson problems. We can try one more scan to see if you might have a rootkit. However, there are many causes for Dr. Watson appearing, so I would like to refer you to the following webpage at a forum where this particular problem is discussed.:

http://forums.whirlpool.net.au/forum-replies-archive.cfm/474206.html

The rootkit scan you can still do is the following:

abri

 

For some reason, the forum is telling me that I've already attached the 3 previous logs. FSBL found nothing. On the plus side, I haven't had the problem for a couple days now - I think the temp files cleaners and maybe bitdefender fixed the problem.

 

Hi Nick!

That's possible. Some things hang out in the temporary files waiting for their chance to get back into the computer, so by deleting them, they don't get to reincarnate.
I suggest, since you don't seem to have a rootkit and your computer looks otherwise to be clean, that you post about the Dr. Watson problems in the Software Forum or even do a search, because there are a variety of Dr. Watson issues. Please follow the set of instructions in the box below to remove some of the tools and logs we used, and also, in view of the repetitive Dr. Watson files, take care to keep your backups up to date, as Dr. Watson can indicate a number of things including corrupt files and physical problems with your hard drive. If you have a chance, look around the software forum and you'll find out a lot about different diagnostic software that can let you know how your computer is doing in general.
Please observe your computer over the next few days, and if it seems to be running smoothly and the Dr. Watson problems have stopped plaguing you, please set a fresh system restore point as per these instructions: Disable and Enable System Restore!
Note! This will erase all previous restore points.

abri

 

Thanks for all your help, Abri.

 

Your welcome!
Good luck with all your computer endeavors!
abri