DRIVER_IRQL_NOT_LESS_OR_EQUAL
everytime i connect to the internet, i get the blue screen of death. I've been pretty much ignoring the problem since i had trojans and aurora to keep me occupied, but now I've gotten rid of aurora (uh, I hope), and I'm not exactly sure what other virus's I've got. While looking around, I manged to look at my Device Manager and I nocited that the Microsoft System Managment BIOS Driver had an exclaimation mark on it, so I checked it out. The location of it is unknown. Driver Providor: unknown Driver Date: Not availbie. Driver Versain: not available, Digital Signer: Not digitally signed. File Versain: 5.1.2600.180 (xpsp_sp2_rtm.040803-2158)
using dixdag, under the more help tab i was able to click MSInfo, which let me see system information. Under the components section, I clicked problem devices, and Microsoft System Mangement BIOS Driver showed up, the PNP Devide ID is: ROOT\SYSYTEM\0002 and the error code is 39.
Anyone know whats wrong with that?
Well, heres my highjackthis log, lol.
Logfile of HijackThis v1.99.1
Scan saved at 10:47:39 PM, on 6/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\system32\igayblj\evjtwm.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\bxcyjrhh\gegmcju.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\vksv\ebknjno.exe
C:\WINDOWS\system32\eeegphbc\hdcl.exe
C:\WINDOWS\system32\dqap\vjfg.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\mdhjxxb\qipmtg.exe
C:\WINDOWS\system32\tbctray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\DOCUME~1\kimberly\LOCALS~1\Temp\Rar$EX01.234\HijackThis.exe
C:\WINDOWS\System32\notepad.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
C:\WINDOWS\SYSTEM32\mmc.exe
C:\WINDOWS\System32\dxdiag.exe
C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 216.39.69.102 view.atdmt.com
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [qpmnce] C:\WINDOWS\system32\rwiw\qpmnce.exe
O4 - HKLM\..\Run: [mwxpfrv] C:\WINDOWS\system32\oxqephue\mwxpfrv.exe
O4 - HKLM\..\Run: [ufukmm] C:\WINDOWS\system32\niqss\ufukmm.exe
O4 - HKLM\..\Run: [evjtwm] C:\WINDOWS\system32\igayblj\evjtwm.exe
O4 - HKLM\..\Run: [gegmcju] C:\WINDOWS\system32\bxcyjrhh\gegmcju.exe
O4 - HKLM\..\Run: [ebknjno] C:\WINDOWS\system32\vksv\ebknjno.exe
O4 - HKLM\..\Run: [hdcl] C:\WINDOWS\system32\eeegphbc\hdcl.exe
O4 - HKLM\..\Run: [vjfg] C:\WINDOWS\system32\dqap\vjfg.exe
O4 - HKLM\..\Run: [ktstsl] c:\windows\system32\phmmtip.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [qipmtg] C:\WINDOWS\system32\mdhjxxb\qipmtg.exe
O4 - HKLM\..\Run: [fcpluuvs] C:\WINDOWS\system32\hnoh\fcpluuvs.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c8.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {986DDE35-E955-11D0-A707-000000521958} - http://69.56.176.75/webplugin.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn...eUC/MsnUpld.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://www.wildtange...iker/wtinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.dll
O16 - DPF: {DCB709B4-4142-411A-8E9F-F265AE2B7BDE} - http://www.myfreecur...ors/default.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O23 - Service: evjtwmigayblj - Unknown owner - C:\WINDOWS\system32\igayblj\evjtwm.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: gegmcjubxcyjrhh - Unknown owner - C:\WINDOWS\system32\bxcyjrhh\gegmcju.exe
O23 - Service: mwxpfrvoxqephue - Unknown owner - C:\WINDOWS\system32\oxqephue\mwxpfrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: ufukmmniqss - Unknown owner - C:\WINDOWS\system32\niqss\ufukmm.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)
and here, are the things that run at startup:
: (oh I'm putting going to put a 1. in front of the start up items, 2 in front of the commands, and 3 infront of the location)
1. RUNDLL32
2. RUNDLL32.EXE NvQTwk,NvCplDeamon initialize
3. HKLM\SOFTWARE
\Microsoft\Windws\CurrentVersion\Run
1. DELLMMKB
2. C:\WINDOWS\DELLMMKB.EXE
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
1. DirectCD
2. "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
1. navapw32
2. C:\PROGRA~1\NORTON~1\navapw32.exe
3.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
1. qttask
2. "C:\Program Files\QuickTime\qttask.exe" -atboottime
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
1. MsgPlus
2. "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
1. nwiz
2. nwiz.exe /install
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
1. realsched
2. "C:\Program Files\Common files\Real\Update_OB\realsched.exe" -osboot
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
realsched
1. SNDMon
2. C:\PROGRA~1\SYMNET~1\SNDMon.exe
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
1. qipmtg
2. C:\WINDOWS\system32\mdhjxxb\qipmtg.exe
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
1. fcpluuvs
2. C:\WINDOWS\system32\hnoh\fcpluuvs
3.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
1. qpmnce
2. C:\WINDOWS\system32\rwiw\qpmnce
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
1. mwxpfrcv
2. C:\WINDOWS\system32\oxqephue\mwxpfrv.exe
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
1. ufukmm
2. C:\WINDOWS\system32\niqss\ufukmm.exe
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
1. evjtwm
2. C:\WINDOWS\system32\jgayblj\evjtwm.exe
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
1. gegmcju
2. C:\WINDOWS\system32\bxcjrhh\gegmcju.exe
3.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
1. ebknjno
2. C:\WINDOWS\system32\vksv\ebknjno.exe
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
1. hdcl
2. C:\WINDOWS\system32\eeegphbc\hdcl.exe
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
1. vjfg
2. C:\WINDOWS\system32\dqap\vjfg.exe
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
1. phmmtip
2. c:\windows\system32\phmmtip.exe
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
1. InvokeSvc3
2. C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
3. HKLM/SOFTWARE\Microsoft\Windows\CurrentVersion\Run
1. IMJPMIG,
2. "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
1. IMEKRMIG
2. C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
1. dumprep 0 -k
2. %systemroom%\system32\dumprep 0 -k
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
1. tbctray
2. C:\WINDOWS\system32\tbctray.exe
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
1. WkDetect
2. C:\Program Files\Microsoft Works\WkDetect.exe
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
1. SNDMon
2. C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
1. ctfmon
2. C:\WINDOWS\Systrem32\ctfmon.exe
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
1. Adobe Gomma Loaded
2. C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
3. Common Startup
1. Microsoft Works Calender Reminders
2. C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\wkcalrem.exe
3. Common Startup
1. WinZip Qick Pick
2. C:\PROGRA~1\WinZip\WZQKPICK.EXE
3. Common Startup
1. aim
2. C:\Program Files\AIM\aim.exe -cnetwait.odl
3. SOFRWARE\Microsotf\Windows\CurrentVersion\Run
1. dumprep 0-k
2. %systemroot%\system32\dumprep 0 -k
3. SOFRWARE\Microsotf\Windows\CurrentVersion\Run
1. rdpkager
2. rdpkager.exe
3.SOFRWARE\Microsotf\Windows\CurrentVersion\Run
1. MsgPlus
2. "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
3. SOFRWARE\Microsotf\Windows\CurrentVersion\Run
1. ford trust
2. C:\Documents and Settings\All Users\Application Dada\Timeeggsspamdvd\ford trust.exe
3. SOFRWARE\Microsotf\Windows\CurrentVersion\Run
1. ypager
2. C:\Program Files\Jlbhy\Jdayga.exe
3. SOFRWARE\Microsotf\Windows\CurrentVersion\Run
1. syasupdatehp
2. C:\Documents and Settings\Kimberly\Start Menu\Programs\Startup\sysasupdatehp.url
3. Startupup
Heh, okay...there....Can anyone help. And dont tell me reformatting is easier, because i tried it. it didnt work :|