Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Windows XP > Memory Dump

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Memory Dump

Reply to Message Icon

Name: lamarguy91
Date: February 22, 2004 at 21:50:01 Pacific
OS: XP Pro Version 2002 SP1
CPU/Ram: P4 1.8ghz 512MB Ran
Comment:

For some reason over the past 3 days, my computer has done the BSOD memory dump 2x's. I am not sure why it is occuring. My a-drive keeps randomly making noise like it is checking for a floppy. Also, I have Sygate Pro Firewall (version 5). It popped up with a message saying ICMP Echo packet trying to reach 1.1.1.1 - Is this a trojan? I have read many posts on this forum before, and below is my HijackThis log as is often requested:

Logfile of HijackThis v1.97.7
Scan saved at 9:35:57 PM, on 2/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\oodag.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hix mIRC\mirc.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\Documents and Settings\Jason\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Global Startup: Instant Wireless Configuration Utility.lnk = C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: P&&PDIE (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/03e9adda40040f8f7400/netzip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38015.420162037
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


I just reformatted about 3 weeks ago, but I have no problem doing it again if necessary... I just don't want to unless it is absolutely necessary!



Sponsored Link
Ads by Google

Response Number 1
Name: svg
Date: February 22, 2004 at 22:11:01 Pacific
Reply:

Hi lamarguy91,

Try these first:
Anti-Virus (try BitDefender @ least):
[on-line] BitDefender Anti-Virus
[on-line] ActiveScan Anti-Virus (Panda)
[on-line] HouseCall Anti-Virus (Trend Micro)
[on-line] RAV Anti-Virus (AV Security)
AVG Anti-Virus (Grisoft)

Anti-Spyware (try Spybot & AdAware @ least)
Spybot Search & Destroy (Safer Networking)
Ad-aware (Lavasoft)
CWShredder (Merijn.org)
TDS-3 (DiamondCS)
Pest Patrol
[on-line] TrojanScan (GFi)
TrojanRemover (SimplySuper)
Keep in mind that some of them may need to be updated over the web first when started, and before zapping the baddies!

Those should get most of the stuff. It indeed sounds like a trojan. If it's a nasty one, then check the Norton-Symantec site for removal procedures:
[HomePage] Norton Symantec
Their support page has a good Search-box. But you can always ask us (or the Security & Virus forum) for more info.
___________________________________________
[Belgium, GMT+1]_________________________svg


0
Reply to Message Icon

Related Posts

See More


Desktop is completely GON... outlook express



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Windows XP Forum Home


Sponsored links
Ads by Google


Results for: Memory Dump
Memory Dump www.computing.net/answers/windows-xp/memory-dump/62545.html

Memory Dump Help www.computing.net/answers/windows-xp/memory-dump-help/145448.html

Phsyicl Memory Dump In Games www.computing.net/answers/windows-xp/phsyicl-memory-dump-in-games/145539.html