Jump to content


MSBlast Symptoms

  • This topic is locked This topic is locked
5 replies to this topic

#1 BetaPlate



  • New Member
  • Pip
  • 4 posts

Posted 12 July 2004 - 02:12 PM

Hello all,

New here, and unfortunately, I have come in desperation. I am getting the MSblast RPC error pop-up with dreaded system termination count down. I disabled the RPC so it won't shut down at least. Scanned with Norton, latest definitions, to no avail...used the specific removal tool with nothing found. All critical patches for XP PRO installed and updated. Trouble started June 30 - July 1. As a semi-last ditch effort I System Restored back three weeks and I still get the error, the pop up and every virus scanner in the world (it seems) telling me that there is nothing wrong. Below is the list generated by StartupList.exe… this but it will have to do until I can get to the computer again...I am at work currently. Your thoughts on this matter are greatly appreciated.


StartupList report, 7/8/2004, 9:14:08 PM
StartupList version: 1.52
Started from : C:\Documents and Settings\Laura\Desktop\StartupList.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options

Running processes:

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Documents and Settings\Laura\Desktop\StartupList.exe


Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,


Autorun entries from Registry:

C-Media Mixer = Mixer.exe /startup
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
anvshell = anvshell.exe
nwiz = nwiz.exe /install
zBrowser Launcher = C:\Program Files\Logitech\iTouch\iTouch.exe
Logitech Utility = Logi_MwX.Exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
URLLSTCK.exe = C:\Program Files\Norton Internet Security\UrlLstCk.exe
AdaptecDirectCD = C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
EPSON Stylus Photo 825 = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P22 "EPSON Stylus Photo 825" /O6 "USB001" /M "Stylus Photo 825"
Share-to-Web Namespace Daemon = C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
CamMonitor = C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe


Autorun entries from Registry:

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
Symantec NetDriver Monitor = C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE


File association entry for .SCR:

(Default) = C:\WINDOWS\NOTEPAD.EXE "%1"


Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Web assistant - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll - {9ECB9560-04F9-4bbc-943D-298DDF1699E1}
NAV Helper - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}


Enumerating Task Scheduler jobs:

Symantec NetDetect.job
Norton AntiVirus - Scan my computer.job


Enumerating Download Program Files:

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com...ex/qtplugin.cab

CODEBASE = http://a1540.g.akama...meInstaller.exe

[AcDcToday Control]
CODEBASE = file://C:\Program Files\Autodesk Architectural Desktop 3\AcDcToday.ocx

[ZoneAxRcMgr Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZAxRcMgr.ocx
CODEBASE = http://zone.msn.com/...me/ZAxRcMgr.cab

[Update Class]
InProcServer32 = C:\WINDOWS\System32\iuctl.dll
CODEBASE = http://v4.windowsupd...8115.4461226852

[Autodesk DWF Viewer Control]
InProcServer32 = C:\Program Files\Autodesk\Autodesk DWF Viewer\AdView.dll
CODEBASE = http://www.autodesk....ViewerSetup.cab

InProcServer32 = C:\WINDOWS\DOWNLO~1\InstBanr.ocx
CODEBASE = file://C:\Program Files\Autodesk Architectural Desktop 3\InstBanr.ocx

InProcServer32 = C:\WINDOWS\DOWNLO~1\InstFred.ocx
CODEBASE = file://C:\Program Files\Autodesk Architectural Desktop 3\InstFred.ocx

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macr...ash/swflash.cab

[PopCapLoader Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\popcaploader.dll
CODEBASE = http://zone.msn.com/...aploader_v5.cab

[AcPreview Control]
CODEBASE = file://C:\Program Files\Autodesk Architectural Desktop 3\AcPreview.ocx


Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\Laura\LOCALS~1\Temp\GLB1A2B.EXE||C:\Program Files\GameHouse\TextTwist\UNWISE.EXE


Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

End of report, 7,831 bytes
Report generated in 0.031 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

#2 BetaPlate



  • New Member
  • Pip
  • 4 posts

Posted 12 July 2004 - 02:50 PM

Please....any help would me great.....anyone?

#3 dave38


    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 12 July 2004 - 03:58 PM

Pleast post your Hijack this log. At this stage, it will be more useful that a startuplist.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#4 BetaPlate



  • New Member
  • Pip
  • 4 posts

Posted 12 July 2004 - 04:01 PM

That I will do...I just need to get home tonigth and do it. I will post it ASAP. Thanks for your reply Dave,


#5 BetaPlate



  • New Member
  • Pip
  • 4 posts

Posted 13 July 2004 - 08:18 AM

Hello all...again,

A highjack this report will not be possible. My girlfriend (it's her computer in the first place) gave up and reformatted the hard drive and started from scratch again last night before I could get home. While this will probably fix our little problem I really didn't want to resort to this cave-man solution once more...such is life I suppose. Thanks, however, for your time.

Until next time,

#6 dave38


    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 13 July 2004 - 02:11 PM

Well, it's fixed!

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button