[dquixote]

I was refered to your site by my friend, Jaredd. He said that you guys were very helpful and professional, so I followed his instructions and downloaded "hijack this". I think that I may have an IRC Trojan because the virus scanner I was using detected it once and I attempted to delete it, but have been blue screening constantly everytime I try to scan again and on occassion for no reason at all (even with no programs running. I even tried disconnecting my RJ45 in case it was hacker activity, but to no avail. Please HELP! I am about to throw my computer out of the window! Here is my log:

Logfile of HijackThis v1.97.7
Scan saved at 6:49:22 PM, on 3/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\SysMetrix\SysMetrix.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\girder32\Girder.exe
C:\Program Files\ZMatrix\matrix.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Abraxas\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe -s
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: Girder3.lnk = C:\Program Files\girder32\Girder.exe
O4 - Startup: ZMatrix.lnk = C:\Program Files\ZMatrix\matrix.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38018.5711342593
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

Thanks in advance.

 

[dvk01]

when you get the blue screen what error messages are on the screen, that will help us to track down the cause

i would suspect one of these programs as the cause most likely the first one, because it hooks deep into the opearating system and that is the usual cause for BSOD an incompatability between windows and some installed driver
C:\Program Files\SysMetrix\SysMetrix.exe

C:\Program Files\girder32\Girder.exe
C:\Program Files\ZMatrix\matrix.exe

 

[dquixote]

I tried to do another virus scan to get the error code and sure enough it bluescreened. the screen said:

IRQL_NOT_LESS_OR_EQUAL

and at the bottom the code was:

STOP: 0x0000000A (0xFFBDD400, 0x00000002, 0x00000000, 0x804E3ACE)

After restarting windows the error signature was:

BCCode: a BCP1 : FFBDD400 BCP2:00000002 BCP3: 0000000 BCP4: 804E3ACE OSVer: 5_1_2600 SP: 1_0 Product: 256_1

I still have problems when I have shut down Sysmetrix, Girder and ZMatrix.

Thanks for your help.

 

[dvk01]

if it only happens when using panda, then I would suspect a fault with the panda installation.

BUT let's do an online virus scan first

Run an online antivirus check from at least one and preferably 2 of the following sites
http://security.symantec.com/default.asp?
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/
http://www.ravantivirus.com/scan/
http://www3.ca.com/virusinfo/
http://www.anti-trojan.net/en/onlinecheck.aspx

 

[dquixote]

Symantec online scan:
Bluescreen
IRQL_NOT_LESS_OR_EQUAL
STOP: 0x0000000A (0xFFFF0F00, 0x00000002, 0x00000000, 0x804E3ACE)

I'll try the next link.

 

[dquixote]

TrendMicro Online scan:
Bluescreen
STOP: 0x000000C5 (0xFFF38B64, 0x00000002, 0x00000001, 0x80534DE3

Error Signature:
BCCode: C5 BCP1: FFF38B64 BCP2: 00000002 BCP3: 00000001 BCP4: 80534DE3

On to the next one....

 

[dquixote]

Panda online Scan:
Bluescreen
IRQL_NOT_LESS_OR_EQUAL
STOP: 0x0000000A (0xFFF7CF00, 0x00000002, 0x00000000, 0x804E3ACE)

NEXT...

 

[dquixote]

Ravantivirus online Scan:
Bluescreened yet again.
STOP: 0x000000C5 (0x00000000, 0x00000002, 0x00000001, 0x80534EE2)

It seems that no matter what I scan with, whether it is an antivirus program or adaware, etc, I invariably bluescreen. Some one please help! I feel like I've exhausted all possibilites, but there must be an answer out there somewhere... Thanks.

 

[$teve]

Control alt delete......hit the processes tab and end everything you can do without,if you hit something windows needs it will fall over so it may be trial and error.
Then try connecting to the sites

 

[$teve]

The 3 files Derek posted would be 1st on the list