Can't Remove Ldcore.dll


Recommended Posts

Here is my HIJack log. Any help would be Great. Friends Laptop running XP Home with SP3. I ran AVG and Spybot with out any luck.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:07:23 PM, on 5/25/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\mrofinu333.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe

C:\WINDOWS\system32\carpserv.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Messenger\msmsgs.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {800A0C44-E788-419C-B8B5-1B4964C56785} - C:\WINDOWS\system32\iifeddb.dll (file missing)

O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{3C64B~1\Bar888.dll (file missing)

O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{3C64B~1\Bar888.dll (file missing)

O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu333.exe 61A847B5BBF728113198284503996897C881250221C8670836AC4FA7C88332017491394661A64DB7

C8F0287E55E246220D9E728F86C07B5670CA3B5571E744AB97

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{6C64B92E-07C9-1033-0403-030303180001}] "C:\Program Files\Common Files\{6C64B92E-07C9-1033-0403-030303180001}\Update.exe" mc-110-12-0000501 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{6C64B92E-07C9-1033-0403-030303180001}] "C:\Program Files\Common Files\{6C64B92E-07C9-1033-0403-030303180001}\Update.exe" mc-110-12-0000501 (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Refresh Pa≥ with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html

O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1211324596551

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll,avgrsstx.dll

O20 - Winlogon Notify: iifeddb - iifeddb.dll (file missing)

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\System32\svchosts.exe (file missing)

--

End of file - 4824 bytes

Link to post
Share on other sites

Would it be best to just reformat the HD and reinstall the os? This is a new hard drive installed in it and the recovery disks were used(which I think the infection is on) to reinstall the OS.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.