Massive Problems

Status
Not open for further replies.
Before I go on - apologies as I know you all have answered these questions before, but this one seems to be a bit different.

I recently acquired a toolbar virus - surf side kick and 180 assistant - which to start, was a pain in the rear end. So, I went and began the Spyware, Adaware, HiJackThis, Security Suite Stuff to contain and remove the problem. That would not work. I attempted a windows update to update security patches, left the room for 5 minutes and came back to about 50 pop-ups on my screen while Windows was updating about a year or twos worth of updates. This is when the problems arose:

"Physical Memory Dump" and the computer crashed.

Now I'm unable to get anywhere but Safe Mode. If I attempt to boot normally, I get this message(which I know you've seen before):

***Stop: 0x000000D1 (0x000000FF, 0x00000000, 0x00000000, 0x00000000) Driver_IRQL_NOT_LESS_OR_EQUAL

So, I can't boot normally anymore - just in Safe Mode w/or w/out networking. If I post some Hijack this logfiles and whatever else you need, could someone please assist me? Or at the very least, point me in the right direction?

Thank you very much,

Marc
 
Logfile of HijackThis v1.99.1
Scan saved at 3:33:08 PM, on 9/8/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\devldr32.exe
C:\Hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive2k\Creative Diagnostics 2.0\DIAGENT.EXE startup
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive2k\Program\AHQInit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINNT\System32\exp.exe
O4 - HKLM\..\Run: [C:\WINNT\VCMnet11.exe] C:\WINNT\VCMnet11.exe
O4 - HKLM\..\Run: [fvmgpyv] C:\WINNT\fvmgpyv.exe
O4 - HKLM\..\Run: [ngaut] C:\WINNT\System32\vggwabow\ngaut.exe
O4 - HKLM\..\Run: [lljg] C:\WINNT\System32\fjie\lljg.exe
O4 - HKLM\..\Run: [fqoyqse] C:\WINNT\System32\qitl\fqoyqse.exe
O4 - HKLM\..\Run: [rmgmin] C:\WINNT\System32\r090405.Stub.exe
O4 - HKLM\..\Run: [MedGS] C:\WINNT\System32\medgs1.exe
O4 - HKLM\..\Run: [GsAds] C:\WINNT\System32\gms2.exe
O4 - HKLM\..\Run: [opr] C:\WINNT\System32\opr.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [PowerQuest Startup Utility] C:\Program Files\PowerQuest\PartitionMagic4\UTILITY\MMOVER32\PQINIT.EXE
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [DXDllRegExe] C:\WINNT\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dxdllreg.exe
O4 - HKLM\..\Run: [version] C:\WINNT\System32\Mmofsz.exe
O4 - HKLM\..\Run: [secure] C:\WINNT\System32\Qbvwqp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINNT\System32\wintask.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000079.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000079.exe
O4 - HKCU\..\Run: [wincmap] "C:\Program Files\winCMAPP\wincmapp.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bandit II Fpga Loader.lnk = C:\Coreco\BanditII\Bin\BdIIFpgaLoader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O12 - Plugin for .hlq: C:\Program Files\Internet Explorer\PLUGINS\nphcd32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia.com/install/pcs_0008.exe
O20 - AppInit_DLLs: repairs.dll
O20 - Winlogon Notify: H323TSP - C:\WINNT\system32\mvcshext.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\QWRtaW5pc3RyYXRvcgAA\command.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ngautvggwabow - Unknown owner - C:\WINNT\System32\vggwabow\ngaut.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 
First of all i think this is not the right place to post ur problem

Go to section :
Security And Web

Open a new topic and post ur hijack log file as an attachment

How to post your Hijackthis log-file as an ATTACHMENT

https://www.techspot.com/vb/topic19133.html










O4 - HKLM\..\Run: [exp.exe] C:\WINNT\System32\exp.exe

I searched this file and some web sites describes it as a trojen

see : http://www.liutilities.com/products/wintaskspro/processlibrary/EXP/

Your comp has the Surfsidekick Trojen

see : O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe


Im not experienced on this subject but u might also have other trojens infected ur pc

dont worry experienced members and technical staff will help you as soon as they read this topic
 
Status
Not open for further replies.
Back