Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Rdriv.sys [CLOSED]

Started by Assa , Jul 14 2005 09:10 AM

  • This topic is locked This topic is locked

#1
Assa
Posted 14 July 2005 - 09:10 AM

Assa

    New Member

  • Member
  • Pip
  • 1 posts
Logfile of HijackThis v1.99.1
Scan saved at 17:04:37, on 2005-07-14
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\WINNT\System32\svchost.exe
C:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Program\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program\F-Secure Internet Security\Common\FCH32.EXE
C:\Program\F-Secure Internet Security\Common\FAMEH32.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\F-Secure Internet Security\Common\FSM32.EXE
C:\Program\F-Secure Internet Security\FSGUI\fsguiexe.exe
C:\Program\F-secure\F-BOT.EXE
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program\Need2Find\bar\2.bin\ND2FNBAR.DLL
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Login Screen Saver] login.scr
O4 - HKLM\..\Run: [Windows spoolservr Service] spoolservr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\RunServices: [Login Screen Saver] login.scr
O4 - HKLM\..\RunServices: [Windows spoolservr Service] spoolservr.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Steam] "c:\program\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Login Screen Saver] login.scr
O8 - Extra context menu item: &Search - http://kc.bar.need2f...earch.html?p=KC
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-sec...m/ols/fscax.cab
O23 - Service: F-Secure product (BackWeb Plug-in - 4476822) - Unknown owner - C:\Program\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Gates [bleep] (Gates) - Unknown owner - C:\WINNT\System32\BillG.exe (file missing)
O23 - Service: iPod-tjänst (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Local Security Authority System Service (Local Security Authority System) - Unknown owner - C:\WINNT\lsass.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
  • 0

Advertisements

#2
Kristy
Posted 25 July 2005 - 12:19 PM

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Hello and welcome to Geeks To Go.

Lets start out with some general scans and see if we cant clean things up a little.

+++++ Step 1 +++++

Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

+++++ Step 2 +++++

Update HiJackThis
  • Open HiJackThis
  • Click Open the Misc Tools Section
  • Click Check for update online
+++++ Step 3 +++++

After that, I will need to see two different logs from HiJackThis. The first is the normal log like you posted here. To get the other one, follow these directions.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Post back with those logs and we can continue from there.

If you have recieved help elsewhere or no longer need our assistance, please let us know.

~Kristy
  • 0

#3
Kristy
Posted 06 August 2005 - 12:00 AM

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP