Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

dll error, BIOS trouble, and virus issues


  • Please log in to reply

#1
Kimmi

Kimmi

    New Member

  • Member
  • Pip
  • 3 posts
Okay guys, I'm going to admit it, Im going insane. Back in april my computer crashed (my PC, i am currently using my lap top) I was unaware of how many issues the poor thing had. But non the less, a got a blue screen of death which said:

DRIVER_IRQL_NOT_LESS_OR_EQUAL

everytime i connect to the internet, i get the blue screen of death. I've been pretty much ignoring the problem since i had trojans and aurora to keep me occupied, but now I've gotten rid of aurora (uh, I hope), and I'm not exactly sure what other virus's I've got. While looking around, I manged to look at my Device Manager and I nocited that the Microsoft System Managment BIOS Driver had an exclaimation mark on it, so I checked it out. The location of it is unknown. Driver Providor: unknown Driver Date: Not availbie. Driver Versain: not available, Digital Signer: Not digitally signed. File Versain: 5.1.2600.180 (xpsp_sp2_rtm.040803-2158)
using dixdag, under the more help tab i was able to click MSInfo, which let me see system information. Under the components section, I clicked problem devices, and Microsoft System Mangement BIOS Driver showed up, the PNP Devide ID is: ROOT\SYSYTEM\0002 and the error code is 39.

Anyone know whats wrong with that?

Well, heres my highjackthis log, lol.

Logfile of HijackThis v1.99.1
Scan saved at 10:47:39 PM, on 6/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\system32\igayblj\evjtwm.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\bxcyjrhh\gegmcju.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\vksv\ebknjno.exe
C:\WINDOWS\system32\eeegphbc\hdcl.exe
C:\WINDOWS\system32\dqap\vjfg.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\mdhjxxb\qipmtg.exe
C:\WINDOWS\system32\tbctray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\DOCUME~1\kimberly\LOCALS~1\Temp\Rar$EX01.234\HijackThis.exe
C:\WINDOWS\System32\notepad.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
C:\WINDOWS\SYSTEM32\mmc.exe
C:\WINDOWS\System32\dxdiag.exe
C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 216.39.69.102 view.atdmt.com
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [qpmnce] C:\WINDOWS\system32\rwiw\qpmnce.exe
O4 - HKLM\..\Run: [mwxpfrv] C:\WINDOWS\system32\oxqephue\mwxpfrv.exe
O4 - HKLM\..\Run: [ufukmm] C:\WINDOWS\system32\niqss\ufukmm.exe
O4 - HKLM\..\Run: [evjtwm] C:\WINDOWS\system32\igayblj\evjtwm.exe
O4 - HKLM\..\Run: [gegmcju] C:\WINDOWS\system32\bxcyjrhh\gegmcju.exe
O4 - HKLM\..\Run: [ebknjno] C:\WINDOWS\system32\vksv\ebknjno.exe
O4 - HKLM\..\Run: [hdcl] C:\WINDOWS\system32\eeegphbc\hdcl.exe
O4 - HKLM\..\Run: [vjfg] C:\WINDOWS\system32\dqap\vjfg.exe
O4 - HKLM\..\Run: [ktstsl] c:\windows\system32\phmmtip.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [qipmtg] C:\WINDOWS\system32\mdhjxxb\qipmtg.exe
O4 - HKLM\..\Run: [fcpluuvs] C:\WINDOWS\system32\hnoh\fcpluuvs.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c8.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {986DDE35-E955-11D0-A707-000000521958} - http://69.56.176.75/webplugin.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn...eUC/MsnUpld.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://www.wildtange...iker/wtinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn...UC/MsnPUpld.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.dll
O16 - DPF: {DCB709B4-4142-411A-8E9F-F265AE2B7BDE} - http://www.myfreecur...ors/default.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab
O23 - Service: evjtwmigayblj - Unknown owner - C:\WINDOWS\system32\igayblj\evjtwm.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: gegmcjubxcyjrhh - Unknown owner - C:\WINDOWS\system32\bxcyjrhh\gegmcju.exe
O23 - Service: mwxpfrvoxqephue - Unknown owner - C:\WINDOWS\system32\oxqephue\mwxpfrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: ufukmmniqss - Unknown owner - C:\WINDOWS\system32\niqss\ufukmm.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)


and here, are the things that run at startup:

: (oh I'm putting going to put a 1. in front of the start up items, 2 in front of the commands, and 3 infront of the location)


1. RUNDLL32
2. RUNDLL32.EXE NvQTwk,NvCplDeamon initialize
3. HKLM\SOFTWARE
\Microsoft\Windws\CurrentVersion\Run

1. DELLMMKB
2. C:\WINDOWS\DELLMMKB.EXE
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

1. DirectCD
2. "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

1. navapw32
2. C:\PROGRA~1\NORTON~1\navapw32.exe
3.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

1. qttask
2. "C:\Program Files\QuickTime\qttask.exe" -atboottime
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

1. MsgPlus
2. "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

1. nwiz
2. nwiz.exe /install
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

1. realsched
2. "C:\Program Files\Common files\Real\Update_OB\realsched.exe" -osboot
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
realsched
1. SNDMon
2. C:\PROGRA~1\SYMNET~1\SNDMon.exe
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

1. qipmtg
2. C:\WINDOWS\system32\mdhjxxb\qipmtg.exe
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

1. fcpluuvs
2. C:\WINDOWS\system32\hnoh\fcpluuvs
3.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

1. qpmnce
2. C:\WINDOWS\system32\rwiw\qpmnce
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

1. mwxpfrcv
2. C:\WINDOWS\system32\oxqephue\mwxpfrv.exe
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

1. ufukmm
2. C:\WINDOWS\system32\niqss\ufukmm.exe
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

1. evjtwm
2. C:\WINDOWS\system32\jgayblj\evjtwm.exe
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

1. gegmcju
2. C:\WINDOWS\system32\bxcjrhh\gegmcju.exe
3.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

1. ebknjno
2. C:\WINDOWS\system32\vksv\ebknjno.exe
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

1. hdcl
2. C:\WINDOWS\system32\eeegphbc\hdcl.exe
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

1. vjfg
2. C:\WINDOWS\system32\dqap\vjfg.exe
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

1. phmmtip
2. c:\windows\system32\phmmtip.exe
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

1. InvokeSvc3
2. C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
3. HKLM/SOFTWARE\Microsoft\Windows\CurrentVersion\Run

1. IMJPMIG,
2. "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

1. IMEKRMIG
2. C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

1. dumprep 0 -k
2. %systemroom%\system32\dumprep 0 -k
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

1. tbctray
2. C:\WINDOWS\system32\tbctray.exe
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

1. WkDetect
2. C:\Program Files\Microsoft Works\WkDetect.exe
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

1. SNDMon
2. C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

1. ctfmon
2. C:\WINDOWS\Systrem32\ctfmon.exe
3. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

1. Adobe Gomma Loaded
2. C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
3. Common Startup

1. Microsoft Works Calender Reminders
2. C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\wkcalrem.exe
3. Common Startup

1. WinZip Qick Pick
2. C:\PROGRA~1\WinZip\WZQKPICK.EXE
3. Common Startup

1. aim
2. C:\Program Files\AIM\aim.exe -cnetwait.odl
3. SOFRWARE\Microsotf\Windows\CurrentVersion\Run

1. dumprep 0-k
2. %systemroot%\system32\dumprep 0 -k
3. SOFRWARE\Microsotf\Windows\CurrentVersion\Run

1. rdpkager
2. rdpkager.exe
3.SOFRWARE\Microsotf\Windows\CurrentVersion\Run

1. MsgPlus
2. "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
3. SOFRWARE\Microsotf\Windows\CurrentVersion\Run

1. ford trust
2. C:\Documents and Settings\All Users\Application Dada\Timeeggsspamdvd\ford trust.exe
3. SOFRWARE\Microsotf\Windows\CurrentVersion\Run

1. ypager
2. C:\Program Files\Jlbhy\Jdayga.exe
3. SOFRWARE\Microsotf\Windows\CurrentVersion\Run

1. syasupdatehp
2. C:\Documents and Settings\Kimberly\Start Menu\Programs\Startup\sysasupdatehp.url
3. Startupup

Heh, okay...there....Can anyone help. And dont tell me reformatting is easier, because i tried it. it didnt work :|
  • 0

Advertisements


#2
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
Run Panda Scan

http://www.pandasoft....com/activescan

The Hijack This log has a number of entries which could not be found in process libraries, so you should run the log by the malware section

Please go here

http://www.geekstogo..._Log-t2852.html



Run all the programmes as advised and then post a current Hijack This log to the Malware Section
  • 0

#3
Kimmi

Kimmi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
okay, thanks :tazz:
  • 0

#4
Kimmi

Kimmi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
is there anyway i can download the program? I cant get onto my PC, im using my lap top currently because of the DLL error....:tazz:
  • 0

#5
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
Can you post which dll error you have

Which programme do you need to download
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP