PostMortem OMG

Discussion in 'Online Security' started by computer+illiturate, Jul 7, 2005.

  1. computer+illiturate

    computer+illiturate

    Joined:
    Jul 7, 2005
    Messages:
    2
    Hi. Ive been having this problem for the last month and it has become truely aggravating for me. I have no power over my right clicking... that is every time I right click my computer freezes up and gives me a problem stating that Dr.Watson Postmortem Debugger has experienced a problem. I do have installed SP2... and Ive read many the page in which has discussed ways to remedy the problem. Sadly none have worked for me and I beg someone here can here my plea of help and come to my aid. I've noticed others have found there resolvement by posing there log from HJT. So I decided to do this as well. Please help.

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\USBStorage\USBDetector.exe
    C:\PROGRA~1\MICROS~3\GAMECO~1\Common\SWTrayV4.exe
    C:\PROGRA~1\SPRINT~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Netscape\Netscape\Netscp.exe
    C:\Documents and Settings\Richard\Desktop\New Folder\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.sprint.earthlink.net/
    R3 - Default URLSearchHook is missing
    O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
    O2 - BHO: (no name) - {50CE02DD-CC63-B2E5-1AC4-E4BC1D09B3BF} - C:\WINDOWS\system32\ycoc.dll (file missing)
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: (no name) - {5E7C797A-BDE1-BD39-B51C-BFEE8CF4BC9C} - C:\WINDOWS\system32\nzq.dll (file missing)
    O2 - BHO: (no name) - {6048E642-62BB-2D39-FFED-2619A1669AF6} - C:\WINDOWS\system32\xhqnli.dll (file missing)
    O2 - BHO: (no name) - {AD4FBC9F-2B2A-2FDB-2626-7AC2B85F4795} - C:\WINDOWS\system32\isehjtdn.dll (file missing)
    O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
    O3 - Toolbar: Curb keep - {8D4F5753-B3D2-CDF0-EF0A-22D43E30B547} - C:\PROGRA~1\SIGNSI~1\loudlicense.dll (file missing)
    O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - (no file)
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
    O4 - HKLM\..\Run: [windows auto update] msblast.exe
    O4 - HKLM\..\Run: [audiogrey] C:\PROGRA~1\extra style\heartdeaf.exe
    O4 - HKLM\..\Run: [Tray Temperature] C:\PROGRA~1\AWS\MiniBug.exe 1
    O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~3\GAMECO~1\Common\SWTrayV4.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [CSV7P28] C:\Program Files\CSBB\CSV7P28.exe
    O4 - HKLM\..\Run: [1fit] C:\documents and settings\owner\local settings\temp\1fit.exe
    O4 - HKLM\..\Run: [ICJ7L8] C:\documents and settings\owner\local settings\temp\ICJ7L8.exe
    O4 - HKLM\..\Run: [Ckcbm] C:\Program Files\Oswl\Epimsf.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [xgktwwf] c:\windows\system32\kexaajy.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
    O4 - Global Startup: BitWare Print Monitor.lnk = C:\BITWARE\NT\bwprnmon.exe
    O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
    O4 - Global Startup: Sprint FastConnect virtual assistant.lnk = C:\Program Files\Sprint Virtual Assistant\bin\matcli.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
    O20 - AppInit_DLLs: 4APPINITSOFTWARE\Microsoft\Windows NT\CurrentVersion\WindowsAppInit_DLLs,wbsys.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    Now, I have no idea what any of this means nor would i be able to fix the problem myself. Ive seen so much on this Dr.Watson problem that ive grown to despise the program. I just wish to get my right clicking back and not have this anymore. Please if someone sees the problem, be kind enough to help me. Thank you so much.
     
  2. Kov-Ice

    Kov-Ice

    Joined:
    Dec 27, 2001
    Messages:
    3,338
    Location:
    St. Louis, Missouri
    Welcome to PCMech. I'm not familiar with reading HJT logs, either, but have you run a good Anti-Virus scan? There's a free online scanner at www.trendmicro.com called Housecall. I'd give that a shot.
     
  3. ghost2003

    ghost2003 Lest we forget

    Joined:
    Jun 24, 2003
    Messages:
    1,869
    Location:
    Ontario, Canada
  4. computer+illiturate

    computer+illiturate

    Joined:
    Jul 7, 2005
    Messages:
    2
    Ok, Thank you for the greeting and feedback. Hmm I have already run about 5 or more virus scans, spyware scans, and used most of the programs suggested to fix this problem. Not one of the scans finds this Dr. Watson problem. I've followed the link and have tryed to redo my actions and have resulted with this log. Something different perhaps? I also could not update my windows further as I already have the most recent. I have the windows auto update.

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
    C:\USBStorage\USBDetector.exe
    C:\PROGRA~1\MICROS~3\GAMECO~1\Common\SWTrayV4.exe
    C:\PROGRA~1\SPRINT~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
    C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
    C:\Program Files\Sprint Virtual Assistant\bin\mpbtn.exe
    C:\Program Files\Netscape\Netscape\Netscp.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Richard\Desktop\New Folder\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.sprint.earthlink.net/
    R3 - Default URLSearchHook is missing
    O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
    O2 - BHO: (no name) - {50CE02DD-CC63-B2E5-1AC4-E4BC1D09B3BF} - C:\WINDOWS\system32\ycoc.dll (file missing)
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: (no name) - {5E7C797A-BDE1-BD39-B51C-BFEE8CF4BC9C} - C:\WINDOWS\system32\nzq.dll (file missing)
    O2 - BHO: (no name) - {6048E642-62BB-2D39-FFED-2619A1669AF6} - C:\WINDOWS\system32\xhqnli.dll (file missing)
    O2 - BHO: (no name) - {AD4FBC9F-2B2A-2FDB-2626-7AC2B85F4795} - C:\WINDOWS\system32\isehjtdn.dll (file missing)
    O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
    O3 - Toolbar: Curb keep - {8D4F5753-B3D2-CDF0-EF0A-22D43E30B547} - C:\PROGRA~1\SIGNSI~1\loudlicense.dll (file missing)
    O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - (no file)
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
    O4 - HKLM\..\Run: [windows auto update] msblast.exe
    O4 - HKLM\..\Run: [audiogrey] C:\PROGRA~1\extra style\heartdeaf.exe
    O4 - HKLM\..\Run: [Tray Temperature] C:\PROGRA~1\AWS\MiniBug.exe 1
    O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~3\GAMECO~1\Common\SWTrayV4.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [CSV7P28] C:\Program Files\CSBB\CSV7P28.exe
    O4 - HKLM\..\Run: [1fit] C:\documents and settings\owner\local settings\temp\1fit.exe
    O4 - HKLM\..\Run: [ICJ7L8] C:\documents and settings\owner\local settings\temp\ICJ7L8.exe
    O4 - HKLM\..\Run: [Ckcbm] C:\Program Files\Oswl\Epimsf.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [xgktwwf] c:\windows\system32\kexaajy.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
    O4 - Global Startup: BitWare Print Monitor.lnk = C:\BITWARE\NT\bwprnmon.exe
    O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
    O4 - Global Startup: Sprint FastConnect virtual assistant.lnk = C:\Program Files\Sprint Virtual Assistant\bin\matcli.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
    O20 - AppInit_DLLs: 4APPINITSOFTWARE\Microsoft\Windows NT\CurrentVersion\WindowsAppInit_DLLs,wbsys.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    I noticed an MSBlast somewhere in this log... it was under the windows auto update. Perhaps this is what I need to get rid of? Im really not sure. If anyone has any idea I will be forever grateful. Thank you.
     
  5. Lobos

    Lobos

    Joined:
    Mar 28, 2004
    Messages:
    931
    Location:
    California
    Hello computer+illiturate


    read through it carefully before doing any of the fix

    you have a varient A of the MSBLAst worm

    http://www.pchell.com/virus/msblast.shtml


    after your done come back and post another hijack this log

    Lobos
     

Share This Page