Go Back   PCMech Forums > Help & Discussion > Networking & Online Security
PostMortem OMG PostMortem OMG
Register FAQ Members List Social Groups Rules Calendar Search Today's Posts Mark Forums Read

Need Some Help? Type Your Keywords Here:

Reply
 
LinkBack Thread Tools Search this Thread Rate Thread Display Modes
Old 07-07-2005, 10:15 PM   #1
Member (2 bit)
 
Join Date: Jul 2005
Posts: 2
PostMortem OMG
Hi. Ive been having this problem for the last month and it has become truely aggravating for me. I have no power over my right clicking... that is every time I right click my computer freezes up and gives me a problem stating that Dr.Watson Postmortem Debugger has experienced a problem. I do have installed SP2... and Ive read many the page in which has discussed ways to remedy the problem. Sadly none have worked for me and I beg someone here can here my plea of help and come to my aid. I've noticed others have found there resolvement by posing there log from HJT. So I decided to do this as well. Please help.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\USBStorage\USBDetector.exe
C:\PROGRA~1\MICROS~3\GAMECO~1\Common\SWTrayV4.exe
C:\PROGRA~1\SPRINT~1\SMARTB~1\MotiveSB.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Documents and Settings\Richard\Desktop\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/mor...on/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.sprint.earthlink.net/
R3 - Default URLSearchHook is missing
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {50CE02DD-CC63-B2E5-1AC4-E4BC1D09B3BF} - C:\WINDOWS\system32\ycoc.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {5E7C797A-BDE1-BD39-B51C-BFEE8CF4BC9C} - C:\WINDOWS\system32\nzq.dll (file missing)
O2 - BHO: (no name) - {6048E642-62BB-2D39-FFED-2619A1669AF6} - C:\WINDOWS\system32\xhqnli.dll (file missing)
O2 - BHO: (no name) - {AD4FBC9F-2B2A-2FDB-2626-7AC2B85F4795} - C:\WINDOWS\system32\isehjtdn.dll (file missing)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O3 - Toolbar: Curb keep - {8D4F5753-B3D2-CDF0-EF0A-22D43E30B547} - C:\PROGRA~1\SIGNSI~1\loudlicense.dll (file missing)
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - (no file)
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [audiogrey] C:\PROGRA~1\extra style\heartdeaf.exe
O4 - HKLM\..\Run: [Tray Temperature] C:\PROGRA~1\AWS\MiniBug.exe 1
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~3\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [CSV7P28] C:\Program Files\CSBB\CSV7P28.exe
O4 - HKLM\..\Run: [1fit] C:\documents and settings\owner\local settings\temp\1fit.exe
O4 - HKLM\..\Run: [ICJ7L8] C:\documents and settings\owner\local settings\temp\ICJ7L8.exe
O4 - HKLM\..\Run: [Ckcbm] C:\Program Files\Oswl\Epimsf.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [xgktwwf] c:\windows\system32\kexaajy.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: BitWare Print Monitor.lnk = C:\BITWARE\NT\bwprnmon.exe
O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
O4 - Global Startup: Sprint FastConnect virtual assistant.lnk = C:\Program Files\Sprint Virtual Assistant\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O20 - AppInit_DLLs: 4APPINITSOFTWARE\Microsoft\Windows NT\CurrentVersion\WindowsAppInit_DLLs,wbsys.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Now, I have no idea what any of this means nor would i be able to fix the problem myself. Ive seen so much on this Dr.Watson problem that ive grown to despise the program. I just wish to get my right clicking back and not have this anymore. Please if someone sees the problem, be kind enough to help me. Thank you so much.
computer+illiturate is offline   Reply With Quote
Old 07-08-2005, 06:48 AM   #2
Member (12 bit)
 
Kov-Ice's Avatar
 
Join Date: Dec 2001
Location: St. Louis, Missouri
Posts: 3,296
Send a message via ICQ to Kov-Ice Send a message via MSN to Kov-Ice
Welcome to PCMech. I'm not familiar with reading HJT logs, either, but have you run a good Anti-Virus scan? There's a free online scanner at www.trendmicro.com called Housecall. I'd give that a shot.
__________________
Kov

Are You Foldin'?
Join PCMech's Folding@Home Team and Help Save Lives! Click Here!
Kov-Ice is offline   Reply With Quote
Old 07-08-2005, 10:39 AM   #3
Lest we forget
 
ghost2003's Avatar
 
Join Date: Jun 2003
Location: Ontario, Canada
Posts: 1,870
Looks like you have the blaster worm. Update windows, then try what people suggest in this thread to clean your pc http://forum.pcmech.com/showthread.php?t=103171 and post a new log.
__________________
redqueen: Antec Sonata, Pentium-D 2.5GHz, MSI G31M3-L, 2GB ram, 320 GB HDD, OpenBSD
hal9000: Lenovo T61, 2GB ram, 120 GB HDD, FreeBSD
ghost2003 is offline   Reply With Quote
Old 07-08-2005, 12:07 PM   #4
Member (2 bit)
 
Join Date: Jul 2005
Posts: 2
Ok, Thank you for the greeting and feedback. Hmm I have already run about 5 or more virus scans, spyware scans, and used most of the programs suggested to fix this problem. Not one of the scans finds this Dr. Watson problem. I've followed the link and have tryed to redo my actions and have resulted with this log. Something different perhaps? I also could not update my windows further as I already have the most recent. I have the windows auto update.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\USBStorage\USBDetector.exe
C:\PROGRA~1\MICROS~3\GAMECO~1\Common\SWTrayV4.exe
C:\PROGRA~1\SPRINT~1\SMARTB~1\MotiveSB.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Sprint Virtual Assistant\bin\mpbtn.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Richard\Desktop\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/mor...on/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.sprint.earthlink.net/
R3 - Default URLSearchHook is missing
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {50CE02DD-CC63-B2E5-1AC4-E4BC1D09B3BF} - C:\WINDOWS\system32\ycoc.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {5E7C797A-BDE1-BD39-B51C-BFEE8CF4BC9C} - C:\WINDOWS\system32\nzq.dll (file missing)
O2 - BHO: (no name) - {6048E642-62BB-2D39-FFED-2619A1669AF6} - C:\WINDOWS\system32\xhqnli.dll (file missing)
O2 - BHO: (no name) - {AD4FBC9F-2B2A-2FDB-2626-7AC2B85F4795} - C:\WINDOWS\system32\isehjtdn.dll (file missing)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O3 - Toolbar: Curb keep - {8D4F5753-B3D2-CDF0-EF0A-22D43E30B547} - C:\PROGRA~1\SIGNSI~1\loudlicense.dll (file missing)
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - (no file)
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [audiogrey] C:\PROGRA~1\extra style\heartdeaf.exe
O4 - HKLM\..\Run: [Tray Temperature] C:\PROGRA~1\AWS\MiniBug.exe 1
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~3\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [CSV7P28] C:\Program Files\CSBB\CSV7P28.exe
O4 - HKLM\..\Run: [1fit] C:\documents and settings\owner\local settings\temp\1fit.exe
O4 - HKLM\..\Run: [ICJ7L8] C:\documents and settings\owner\local settings\temp\ICJ7L8.exe
O4 - HKLM\..\Run: [Ckcbm] C:\Program Files\Oswl\Epimsf.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [xgktwwf] c:\windows\system32\kexaajy.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: BitWare Print Monitor.lnk = C:\BITWARE\NT\bwprnmon.exe
O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
O4 - Global Startup: Sprint FastConnect virtual assistant.lnk = C:\Program Files\Sprint Virtual Assistant\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O20 - AppInit_DLLs: 4APPINITSOFTWARE\Microsoft\Windows NT\CurrentVersion\WindowsAppInit_DLLs,wbsys.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

I noticed an MSBlast somewhere in this log... it was under the windows auto update. Perhaps this is what I need to get rid of? Im really not sure. If anyone has any idea I will be forever grateful. Thank you.
computer+illiturate is offline   Reply With Quote
Old 07-09-2005, 02:55 AM   #5
Member (10 bit)
 
Join Date: Mar 2004
Location: California
Posts: 936
Hello computer+illiturate


read through it carefully before doing any of the fix

you have a varient A of the MSBLAst worm

http://www.pchell.com/virus/msblast.shtml


after your done come back and post another hijack this log

Lobos
Lobos is offline   Reply With Quote
Reply

Bookmarks

Still Need Help? Type Your Keywords Here:


« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Linear Mode Linear Mode
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are Off
Pingbacks are Off
Refbacks are On


All times are GMT -5. The time now is 03:51 AM.
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.1

PCMech - Archive - Top