TechSpot

Massive Problems

By mayres
Sep 8, 2005
  1. Before I go on - apologies as I know you all have answered these questions before, but this one seems to be a bit different.

    I recently acquired a toolbar virus - surf side kick and 180 assistant - which to start, was a pain in the rear end. So, I went and began the Spyware, Adaware, HiJackThis, Security Suite Stuff to contain and remove the problem. That would not work. I attempted a windows update to update security patches, left the room for 5 minutes and came back to about 50 pop-ups on my screen while Windows was updating about a year or twos worth of updates. This is when the problems arose:

    "Physical Memory Dump" and the computer crashed.

    Now I'm unable to get anywhere but Safe Mode. If I attempt to boot normally, I get this message(which I know you've seen before):

    ***Stop: 0x000000D1 (0x000000FF, 0x00000000, 0x00000000, 0x00000000) Driver_IRQL_NOT_LESS_OR_EQUAL

    So, I can't boot normally anymore - just in Safe Mode w/or w/out networking. If I post some Hijack this logfiles and whatever else you need, could someone please assist me? Or at the very least, point me in the right direction?

    Thank you very much,

    Marc
     
  2. mayres

    mayres TS Rookie Topic Starter

    Logfile of HijackThis v1.99.1
    Scan saved at 3:33:08 PM, on 9/8/2005
    Platform: Windows 2000 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 (5.00.2920.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\rundll32.exe
    C:\WINNT\Explorer.exe
    C:\WINNT\System32\devldr32.exe
    C:\Hijackthis\HijackThis.exe

    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
    O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive2k\Creative Diagnostics 2.0\DIAGENT.EXE startup
    O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
    O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive2k\Program\AHQInit.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [exp.exe] C:\WINNT\System32\exp.exe
    O4 - HKLM\..\Run: [C:\WINNT\VCMnet11.exe] C:\WINNT\VCMnet11.exe
    O4 - HKLM\..\Run: [fvmgpyv] C:\WINNT\fvmgpyv.exe
    O4 - HKLM\..\Run: [ngaut] C:\WINNT\System32\vggwabow\ngaut.exe
    O4 - HKLM\..\Run: [lljg] C:\WINNT\System32\fjie\lljg.exe
    O4 - HKLM\..\Run: [fqoyqse] C:\WINNT\System32\qitl\fqoyqse.exe
    O4 - HKLM\..\Run: [rmgmin] C:\WINNT\System32\r090405.Stub.exe
    O4 - HKLM\..\Run: [MedGS] C:\WINNT\System32\medgs1.exe
    O4 - HKLM\..\Run: [GsAds] C:\WINNT\System32\gms2.exe
    O4 - HKLM\..\Run: [opr] C:\WINNT\System32\opr.exe
    O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
    O4 - HKLM\..\Run: [PowerQuest Startup Utility] C:\Program Files\PowerQuest\PartitionMagic4\UTILITY\MMOVER32\PQINIT.EXE
    O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
    O4 - HKLM\..\Run: [DXDllRegExe] C:\WINNT\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dxdllreg.exe
    O4 - HKLM\..\Run: [version] C:\WINNT\System32\Mmofsz.exe
    O4 - HKLM\..\Run: [secure] C:\WINNT\System32\Qbvwqp.exe
    O4 - HKLM\..\Run: [WinTask driver] C:\WINNT\System32\wintask.exe
    O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
    O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000079.exe
    O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000079.exe
    O4 - HKCU\..\Run: [wincmap] "C:\Program Files\winCMAPP\wincmapp.exe"
    O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Bandit II Fpga Loader.lnk = C:\Coreco\BanditII\Bin\BdIIFpgaLoader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O12 - Plugin for .hlq: C:\Program Files\Internet Explorer\PLUGINS\nphcd32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia.com/install/pcs_0008.exe
    O20 - AppInit_DLLs: repairs.dll
    O20 - Winlogon Notify: H323TSP - C:\WINNT\system32\mvcshext.dll
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\QWRtaW5pc3RyYXRvcgAA\command.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.EXE
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: ngautvggwabow - Unknown owner - C:\WINNT\System32\vggwabow\ngaut.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  3. greenflash

    greenflash TS Rookie Posts: 100

    First of all i think this is not the right place to post ur problem

    Go to section :
    Security And Web

    Open a new topic and post ur hijack log file as an attachment

    How to post your Hijackthis log-file as an ATTACHMENT

    http://www.techspot.com/vb/topic19133.html










    O4 - HKLM\..\Run: [exp.exe] C:\WINNT\System32\exp.exe

    I searched this file and some web sites describes it as a trojen

    see : http://www.liutilities.com/products/wintaskspro/processlibrary/EXP/

    Your comp has the Surfsidekick Trojen

    see : O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe


    Im not experienced on this subject but u might also have other trojens infected ur pc

    dont worry experienced members and technical staff will help you as soon as they read this topic
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...