rootkit problems

Collapse

Ad

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Kamui
    Imperial Advisor

    rootkit problems

    For awhile now I have been having a rootkit problem, While I delete it via OSAM:Autorun manager, It comes back after every reboot. The reason I am able to avoid the problem from causing any real damage to my computer is because I tend to put my computer in Hibernate alot, But I can't keep on avoiding this problem any longer on my computer, Because it just returns when I restart the computer.
    I know there is something hidden deploying these rootkits, But I don't know what. I was wondering if a tech head here can help me solve my rootkit problem once, and for all. I will show you the results of the scan, and the path of the files in question that apparently cause a problem to my computer. I also have a screensho

    HKLM\SYSTEM\CurrentControlSet\Services\abd0oe6q,Im agePath
    HKLM\SYSTEM\CurrentControlSet\Services\ae3n5r3m,Im agePath
    C:\WINDOWS\system32\drivers\abd0oe6q.sys
    C:\WINDOWS\system32\drivers\ae3n5r3m.sys
    abd0oe6q Microsoft Corporation C:\WINDOWS\system32\driver\abd0oe6q.sys
    ae3n5r3m Microsoft Corporation C:\WINDOWS\system32\drivers\ae3n5r3m.sys




    Thanks for the potential help.
    <a href="http://s11.photobucket.com/user/dsaBOSS/media/mui_sig_zpsdfb059b2.png.html" target="_blank"><img src="http://i11.photobucket.com/albums/a178/dsaBOSS/mui_sig_zpsdfb059b2.png" border="0" alt=" photo mui_sig_zpsdfb059b2.png"/></a><a href="http://psnprofiles.com/XxkamuixX1"><img src="http://card.psnprofiles.com/1/XxkamuixX1.png" border="0"></a>
  • #2
    norm
    Imperial Guard
    • Jun 2006
    • 4051
    • DSA norm

    have you run Hijack This yet? If so maybe post that for us.

    Ratix knows more about Rootkit things then i do.

    Comment

    • #3
      sovereign
      Honorary DSA
      • Jan 2008
      • 92

      Have you tried following the steps liste by Ratix here?

      [ame="http://www.darksidealliance.com/showpost.php?p=141622&postcount=2"]Dark Side Alliance - View Single Post - Conficker Virus - Variants, Precautions, Removal and Dangers.[/ame]

      __________________________________________________

      is not the hope you are looking for...

      Comment

      • #4
        RaTix
        Emperor

        Qwigybos!! lol. Yeah those look like some rootkits. Besides following the all out cleaning steps, you could try to just run ComboFix (Must be run in safe mode). It's pretty good at getting rid of rootkits.



        When the log file pops up when it's done, anything listed under "Other Deletions" are usually those rootkit virus files it removed. I would also run a full scan with Malwarebytes afterward to be safe. Or just follow the normal cleaning steps (Run Smits, HJT, Spybot, and Malwarebytes in safe mode as well, reboot and run CCLeaner, done).
        "POWER!!! UNLIMITED POOWWWEEEER!!!!!!

        "Tell me what you regard as your greatest strength, so I will know how best to undermine you; tell me of your greatest fear, so I will know which I must force you to face; tell me what you cherish most, so I will know what to take from you; and tell me what you crave, so that I might deny you."
        ?Darth Plagueis

        "Peace is a lie, there is only passion. Through passion, I gain strength. Through strength, I gain power. Through power, I gain victory. Through victory, my chains are broken. The Force shall free me."

        Comment

        • #5
          Kamui
          Imperial Advisor

          I'm going to run a full scan with Malware bytes again. For some reason OSAM keeps on picking up the Rootkits still regardless after each restart. So I will run a full scan with malware bytes one more time tomorrow when I get back from class since i'm not in a mood for scanning again.
          <a href="http://s11.photobucket.com/user/dsaBOSS/media/mui_sig_zpsdfb059b2.png.html" target="_blank"><img src="http://i11.photobucket.com/albums/a178/dsaBOSS/mui_sig_zpsdfb059b2.png" border="0" alt=" photo mui_sig_zpsdfb059b2.png"/></a><a href="http://psnprofiles.com/XxkamuixX1"><img src="http://card.psnprofiles.com/1/XxkamuixX1.png" border="0"></a>

          Comment

          • #6
            RaTix
            Emperor

            Did you run ComboFix? If so and they are still showing up, Make sure you run Combofix in safe mode. Also make sure there is a internet connection while in safe mode. ComboFix will try to update itself when you ruin it. sometimes if it can;t update, it runs in a limited type mode.
            "POWER!!! UNLIMITED POOWWWEEEER!!!!!!

            "Tell me what you regard as your greatest strength, so I will know how best to undermine you; tell me of your greatest fear, so I will know which I must force you to face; tell me what you cherish most, so I will know what to take from you; and tell me what you crave, so that I might deny you."
            ?Darth Plagueis

            "Peace is a lie, there is only passion. Through passion, I gain strength. Through strength, I gain power. Through power, I gain victory. Through victory, my chains are broken. The Force shall free me."

            Comment

            • #7
              Kamui
              Imperial Advisor

              I still got those rootkits, I delete them everytime I startup the computer, But they just return no matter what. I ran hijack these, And I don't see anything out of the ordinary. here are the results of the txt file

              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 7:33:46 PM, on 11/8/2009
              Platform: Windows XP SP3 (WinNT 5.01.2600)
              MSIE: Internet Explorer v8.00 (8.00.6001.18702)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\Ati2evxx.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\system32\Ati2evxx.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\WINDOWS\Explorer.EXE
              C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
              C:\WINDOWS\ehome\ehtray.exe
              C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
              C:\Program Files\LSI SoftModem\agrsmsvc.exe
              C:\WINDOWS\arservice.exe
              C:\PROGRA~1\AVG\AVG8\avgtray.exe
              C:\HP\KBD\KBD.EXE
              C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
              C:\Program Files\QuickTime\QTTask.exe
              C:\Program Files\Zune\ZuneLauncher.exe
              C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
              C:\Program Files\Java\jre6\bin\jusched.exe
              C:\Program Files\Common Files\Real\Update_OB\realsched.exe
              C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
              C:\WINDOWS\RTHDCPL.EXE
              C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
              C:\WINDOWS\eHome\ehRecvr.exe
              C:\WINDOWS\eHome\ehSched.exe
              C:\WINDOWS\System32\svchost.exe
              C:\PROGRA~1\AVG\AVG8\avgrsx.exe
              C:\PROGRA~1\AVG\AVG8\avgnsx.exe
              C:\Program Files\Java\jre6\bin\jqs.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
              C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
              C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
              C:\WINDOWS\system32\svchost.exe
              c:\WINDOWS\system32\ZuneBusEnum.exe
              C:\PROGRA~1\AVG\AVG8\avgemc.exe
              C:\Program Files\DNA\btdna.exe
              C:\WINDOWS\system32\SearchIndexer.exe
              C:\WINDOWS\eHome\ehmsas.exe
              C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
              C:\Program Files\AVG\AVG8\avgcsrvx.exe
              C:\Documents and Settings\HP_Administrator.KAMLION-2\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.e xe
              C:\Program Files\DAEMON Tools Lite\daemon.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
              C:\Program Files\Pando Networks\Media Booster\PMB.exe
              C:\Program Files\USB TV\EM28XX\BDARemote.exe
              C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
              C:\Program Files\Rainmeter\Rainmeter.exe
              C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
              C:\Program Files\Windows Desktop Search\WindowsSearch.exe
              C:\WINDOWS\system32\dllhost.exe
              c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
              C:\Program Files\Online Solutions\OSAM\osam.exe
              C:\Program Files\Java\jre6\bin\jucheck.exe
              c:\windows\system\hpsysdrv.exe
              C:\Program Files\Mozilla Firefox\firefox.exe
              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
              R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
              R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
              R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
              O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
              O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
              O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
              O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
              O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
              O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
              O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
              O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
              O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
              O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
              O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
              O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
              O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingle Instance.dll
              O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
              O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
              O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
              O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
              O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
              O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
              O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
              O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
              O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
              O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
              O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
              O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
              O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
              O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
              O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
              O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
              O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
              O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
              O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
              O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
              O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
              O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
              O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
              O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
              O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
              O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
              O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
              O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HP_Administrator.KAMLION-2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
              O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
              O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
              O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
              O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
              O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
              O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
              O4 - Global Startup: BDARemote.lnk = ?
              O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
              O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
              O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
              O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
              O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
              O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
              O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
              O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
              O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
              O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
              O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
              O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
              O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
              O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
              O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
              O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1215294168140
              O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players...stallAsst2.cab
              O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
              O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
              O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
              O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
              O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
              O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
              O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
              O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
              O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
              O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
              O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM1 2.EXE
              O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
              O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
              O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
              O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

              --
              End of file - 13925 bytes
              Thanks again for the help.
              <a href="http://s11.photobucket.com/user/dsaBOSS/media/mui_sig_zpsdfb059b2.png.html" target="_blank"><img src="http://i11.photobucket.com/albums/a178/dsaBOSS/mui_sig_zpsdfb059b2.png" border="0" alt=" photo mui_sig_zpsdfb059b2.png"/></a><a href="http://psnprofiles.com/XxkamuixX1"><img src="http://card.psnprofiles.com/1/XxkamuixX1.png" border="0"></a>

              Comment

              • #8
                RaTix
                Emperor

                Log into Safe mode (Shut down PC, restart and repeatedly click F8 till you get to Advanced Option Menu, choose Safe Mode with Networking, login as Administrator if possible).

                Run HJT, remove these entries.

                R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local

                O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM1 2.EXE

                Uninstall Java from Add/Remove Programs.

                While still in Safe mode, Download this


                Place that file on the desktop, and run it. Hit YES on all the prompts. Give it time, be patient and let it finish. It might seem hung up, but it's not, let it run. The computer might restart during the process. It will continue to run once it restarts. Let it finish. Post the log file from ComboFix once it's done.
                "POWER!!! UNLIMITED POOWWWEEEER!!!!!!

                "Tell me what you regard as your greatest strength, so I will know how best to undermine you; tell me of your greatest fear, so I will know which I must force you to face; tell me what you cherish most, so I will know what to take from you; and tell me what you crave, so that I might deny you."
                ?Darth Plagueis

                "Peace is a lie, there is only passion. Through passion, I gain strength. Through strength, I gain power. Through power, I gain victory. Through victory, my chains are broken. The Force shall free me."

                Comment

                • #9
                  Kamui
                  Imperial Advisor

                  Ok will do, Thanks man for the help.
                  <a href="http://s11.photobucket.com/user/dsaBOSS/media/mui_sig_zpsdfb059b2.png.html" target="_blank"><img src="http://i11.photobucket.com/albums/a178/dsaBOSS/mui_sig_zpsdfb059b2.png" border="0" alt=" photo mui_sig_zpsdfb059b2.png"/></a><a href="http://psnprofiles.com/XxkamuixX1"><img src="http://card.psnprofiles.com/1/XxkamuixX1.png" border="0"></a>

                  Comment

                  • #10
                    norm
                    Imperial Guard
                    • Jun 2006
                    • 4051
                    • DSA norm

                    Also do you need both the Yahoo and Google toolbars? I'm thinking you can get rid of Zone Alarm too. If you aren't monitoring your PC's performance you can get rid of Rainmeter. Do you need Browser Defender?

                    Comment

                    • #11
                      Kamui
                      Imperial Advisor

                      I need none of those in reality, As for Rainmeter I had it for amusement, But I can get rid of it too.
                      <a href="http://s11.photobucket.com/user/dsaBOSS/media/mui_sig_zpsdfb059b2.png.html" target="_blank"><img src="http://i11.photobucket.com/albums/a178/dsaBOSS/mui_sig_zpsdfb059b2.png" border="0" alt=" photo mui_sig_zpsdfb059b2.png"/></a><a href="http://psnprofiles.com/XxkamuixX1"><img src="http://card.psnprofiles.com/1/XxkamuixX1.png" border="0"></a>

                      Comment

                      • #12
                        Kamui
                        Imperial Advisor

                        Ok I have the log uploaded, Once again I appreciate the help guys in removing this menace.
                        Attached Files
                        <a href="http://s11.photobucket.com/user/dsaBOSS/media/mui_sig_zpsdfb059b2.png.html" target="_blank"><img src="http://i11.photobucket.com/albums/a178/dsaBOSS/mui_sig_zpsdfb059b2.png" border="0" alt=" photo mui_sig_zpsdfb059b2.png"/></a><a href="http://psnprofiles.com/XxkamuixX1"><img src="http://card.psnprofiles.com/1/XxkamuixX1.png" border="0"></a>

                        Comment

                        Ad

                        Collapse
                        Working...