Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan - system32\rdriv.sys - PLS Help [RESOLVED]

Started by Kalinche007 , May 30 2005 03:09 PM

  • This topic is locked This topic is locked

#31
Michelle
Posted 08 June 2005 - 12:28 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Ok, we're going to remove optional items from Startup to free up some system resources to see if that helps your problem any. My comments are in red.

Run HiJackThis. Place a check next to the following items and click FIX CHECKED:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
Quick access to the control panel via a System Tray icon. Available via Start> Control Panel.

O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
Touchpad configuration tray icon for Toshiba laptops. Available via Start > Control Panel

O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
Periodically checks to see if there are any software/driver upgrades for your particular computer model. If it finds any, it posts a notification. Not needed on startup.

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
Tray icon for Logitech Image Studios. Available via Start > All Programs.

O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
Tray icon for ICQ. Available via Start > All programs.

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
For Yahoo Messenger. Available via Start > All Programs.

O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
For ICQ. Available via Start > All programs.

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
Huge resource hog. Not needed on startup.

Close HiJackthis. Reboot, post a new HiJackThis log and let me know if it's running any better.
  • 0

Advertisements

#32
Kalinche007
Posted 08 June 2005 - 01:10 PM

Kalinche007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
My computer was definitely performing better even before I ran HiJack This and fixed what you told me! I haven't had the Generic Host Error message for quite a while!!! /As you see I am very excited about it haha/

After running HiJack This, the Microsoft Office Shortcut Bar disappeared and I can't get it back. Not that I need it that much but I was wondering if I could do something about it anyway?

Here is the new log:

Logfile of HijackThis v1.99.1
Scan saved at 22:03:25, on 08.6.2005 г.
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Webshots\WebshotsTray.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\PROGRA~1\Logitech\Video\AlbumDB2.exe
C:\PROGRA~1\Logitech\Video\FxSvr2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\tsyssmon.exe /detect
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\JetCar.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\JetCar.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://arcade.icq.co...dyssey_web8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{21630AEB-E2C4-4244-AB31-C366332DE2D4}: NameServer = 195.69.108.2,195.69.108.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{21630AEB-E2C4-4244-AB31-C366332DE2D4}: NameServer = 195.69.108.2,195.69.108.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{21630AEB-E2C4-4244-AB31-C366332DE2D4}: NameServer = 195.69.108.2,195.69.108.254
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Kalina :tazz:
  • 0

#33
Michelle
Posted 08 June 2005 - 01:25 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Well that is great to hear (read)!! :tazz:

Open HiJackThis. Click on "View List of Backups". Locate this one in that list:

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

Put a check next to it and click "Restore".

Reboot and let me know if that was the one you were needing. ;)
  • 0

#34
Kalinche007
Posted 08 June 2005 - 01:53 PM

Kalinche007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Yes, that was it! It's back now.

Unfortunately, my old friend, the Generic Host Message, appeared again, just before I opened HiJackThis. It seems to have heard /read/ that I miss it already so it was about time to show up.

Everything else seems to be alright!

Kalina :tazz:
  • 0

#35
Michelle
Posted 08 June 2005 - 02:03 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
The Generic Host error happens on XP (I receive the error message myself from time to time).

I'm not sure what causes it, but right now your system is clean so it's not caused by malware.

You could try downloading XP Service Pack 2 (although this error message happens with it too), but you need your computer more secure to protect it as best you can from anymore worms.

Go here: http://www.microsoft.com
Click on "Windows Update" on the left side,
You may want to check out the optional updates as well as the security updates because there may be another patch/update in there for a program/XP that will help with your problem (be sure to get Service Pack 2)!

If it only happens periodically now, then it shouldn't be anything to worry about.

Let me know after you install the updates or let me know if you had any problems with downloading/installing any of it.

Edited by bananafanafo, 08 June 2005 - 02:04 PM.

  • 0

#36
Kalinche007
Posted 09 June 2005 - 06:22 PM

Kalinche007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hello again!

I downloaded the Service Pack 2. It took quite a lot of time and it took a lot of time for my PC to restart too but everything seems to be functioning properly. I haven't had the Generic Host Message /yet/.

Kalina :tazz:))
  • 0

#37
Michelle
Posted 09 June 2005 - 06:26 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Excellent! :tazz:

Congratulations your log is clean!

(I will keep this topic open for a few days incase you run into any problems, in which case all you have to do is post here and I'll be happy to help again!)

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.

  • 0

#38
Kalinche007
Posted 09 June 2005 - 06:46 PM

Kalinche007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Thank you! You do wonders!

I only have a few ( :tazz: ) more questions to ask, I'd appreciate your answer!

Can I delete the rdriv.reg from my desktop?

I have a lot of useless programs that I cannot uninstall and they do not show in the Add and Remove Programs either. Is it ok if I just delete them from Program files?


Can I somehow save the topic so I can view it for future reference /program links etc/?

I promise I will do my best to NOT have any further questions!

And finally: I tried to find some info about you but you haven't posted any /besides a photo/. I was just wondering who you are /curious/ and why you are helping people /seems like a real selfless good deed to me/.

Kalina ;)))
  • 0

#39
Michelle
Posted 09 June 2005 - 10:48 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts

Thank you! You do wonders!

You're very welcome!

Can I delete the rdriv.reg from my desktop?

Yes :tazz:

I have a lot of useless programs that I cannot uninstall and they do not show in the Add and Remove Programs either. Is it ok if I just delete them from Program files?

Which programs are they? It should be fine as long as nothing pertaining to these programs are trying to be loaded on startup.

Can I somehow save the topic so I can view it for future reference /program links etc/?

You can put it in your favorites. Another way is to click the "Track this topic" in the upper right corner and it will subscribe you to the topic, but you will have to log-in here to access it. If it's in your favorites you can get to it much easier ;)

I promise I will do my best to NOT have any further questions!

I don't mind being asked questions at all! Ask as many as you want, you're not bothering me any!

And finally: I tried to find some info about you but you haven't posted any /besides a photo/. I was just wondering who you are /curious/ and why you are helping people /seems like a real selfless good deed to me/.

I love computers, I love helping people, and I despise malware and the associated companies. So this it the perfect place for me! ;)
  • 0

#40
Michelle
Posted 18 June 2005 - 03:50 AM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP