Root Kit....Zero Access

Page 10 of 11 Previous  1, 2, 3 ... , 9, 10, 11  Next

View previous topic View next topic Go down

Root Kit....Zero Access

Post by JonEJet on Wed 30 May 2012, 3:26 am

First topic message reminder :

Having problems with the laptop. Tried running combo fix, but it won't run, It keeps wanting me to reboot the computer.

Says I have a Root Kit, Zero Access.

Please help

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down


Re: Root Kit....Zero Access

Post by JonEJet on Fri 29 Jun 2012, 1:35 am

Waiting on you then

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by DragonMaster Jay on Fri 29 Jun 2012, 2:45 am



[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Fri 29 Jun 2012, 2:53 am

I used infected as password again with no luck

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by DragonMaster Jay on Fri 29 Jun 2012, 3:56 am

It's giving the same errors over here...



[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Fri 29 Jun 2012, 4:07 am

I was able to download it, but when I tried to run it, my screen just flashed, and it never started running

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by DragonMaster Jay on Fri 29 Jun 2012, 4:12 am

Oh it did....

That was expected. Please run ComboFix now and post a log.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Fri 29 Jun 2012, 4:14 am

okay, it must have worked....my system is going apesh1t....lol

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by DragonMaster Jay on Fri 29 Jun 2012, 4:16 am

Let's do this!


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Fri 29 Jun 2012, 5:11 am

ComboFix 12-06-28.01 - JonEJet 06/28/2012 13:20:24.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.859 [GMT -4:00]
Running from: c:\users\JonEJet\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\root
c:\users\JonEJet\AppData\Local\tbfmco.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-28 )))))))))))))))))))))))))))))))
.
.
2012-06-28 17:30 . 2012-06-28 17:36 -------- d-----w- c:\users\JonEJet\AppData\Local\temp
2012-06-28 17:30 . 2012-06-28 17:30 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-06-28 17:30 . 2012-06-28 17:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-25 22:36 . 2012-06-25 22:37 -------- d-----w- C:\FRST
2012-06-25 20:57 . 2012-06-25 20:57 -------- d-----w- c:\program files\ESET
2012-06-18 15:49 . 2012-06-25 19:05 -------- d-----w- c:\users\JonEJet\Vba32arkit
2012-06-17 20:41 . 2012-06-17 20:41 35712 ----a-w- c:\windows\system32\drivers\Mw3n1br6.sys
2012-06-17 16:56 . 2012-06-17 16:56 -------- d-----w- c:\program files\MustBeRandomlyNamed
2012-06-17 16:40 . 2012-06-17 16:40 -------- d-----w- c:\program files\File Type Assistant
2012-06-17 16:39 . 2012-06-17 16:39 -------- d-----w- c:\users\JonEJet\AppData\Roaming\BitZipper
2012-06-17 16:39 . 2012-06-17 16:39 -------- d-----w- c:\program files\BitZipper
2012-06-16 20:42 . 2012-06-17 16:28 -------- d-----w- c:\program files\7-Zip
2012-06-16 20:15 . 2011-05-04 15:36 27192 ----a-w- c:\windows\system32\drivers\rspSanity32.sys
2012-06-16 15:15 . 2012-06-16 15:15 -------- d-----w- c:\program files\Panda Security
2012-06-15 09:54 . 2012-06-15 09:54 -------- d-----w- c:\programdata\boost_interprocess
2012-06-15 09:53 . 2012-06-15 09:53 -------- d-----w- c:\program files\MediaFire Express
2012-06-15 09:52 . 2012-06-28 14:06 -------- d-----w- c:\users\JonEJet\AppData\Local\MediaFire Express
2012-06-14 19:08 . 2012-06-15 14:57 -------- d-----w- c:\users\JonEJet\DoctorWeb
2012-06-14 14:14 . 2012-06-14 14:14 -------- d-----w- c:\programdata\Kaspersky Lab
2012-06-08 18:08 . 2012-06-25 12:14 -------- d-----w- c:\programdata\HitmanPro
2012-06-07 11:41 . 2012-06-25 19:13 -------- d-----w- C:\SeviceFix
2012-06-06 15:50 . 2012-06-06 15:50 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-06 15:50 . 2012-06-06 15:50 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-05 13:49 . 2012-06-25 12:14 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-06-04 19:51 . 2012-06-04 19:50 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-01 01:01 . 2012-06-01 01:01 -------- d-----w- c:\program files\Amazon
2012-06-01 01:00 . 2012-06-01 15:45 -------- d-----w- c:\program files\Amazon Browser Bar
2012-05-31 14:01 . 2012-06-16 14:34 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-31 13:59 . 2012-06-16 02:20 624608 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-05-31 13:59 . 2012-06-16 02:20 43488 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-05-31 13:59 . 2012-06-16 02:20 157608 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-31 13:59 . 2012-06-16 02:20 113120 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-30 14:20 . 2012-05-30 14:20 -------- d-----w- c:\users\JonEJet\AppData\Roaming\FixZeroAccess
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-04 19:50 . 2011-04-02 16:25 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56 . 2010-12-07 10:54 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-16 02:20 . 2012-06-01 16:24 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MediaFire Tray"="c:\users\JonEJet\AppData\Local\MediaFire Express\mf_systray.exe" [2012-06-13 2172488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-20 141848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-20 129560]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 4444160]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-15 102400]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-06 1862144]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-02 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
c:\users\JonEJet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.3.lnk - c:\users\JonEJet\AppData\Local\temp\quickstart.exe [N/A]
_uninst_.lnk - c:\users\JonEJet\AppData\Local\temp\_uninst_.bat [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd0b4fdb4952f0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 02:58]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 02:58]
.
.
------- Supplementary Scan -------
.
uStart Page =
mStart Page = auto:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 208.59.247.45 208.59.247.46
FF - ProfilePath - c:\users\JonEJet\AppData\Roaming\Mozilla\Firefox\Profiles\okcrvxtn.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BFE]
"ImagePath"="."
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MpsSvc]
"ImagePath"="."
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\lxducoms.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\program files\Microsoft Application Virtualization Client\sftvsa.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Microsoft Application Virtualization Client\sftlist.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\windows\RtHDVCpl.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\users\JonEJet\AppData\Local\MediaFire Express\mf_daemon.exe
c:\users\JonEJet\AppData\Local\MediaFire Express\mf_status.exe
c:\users\JonEJet\AppData\Local\MediaFire Express\mf_services.exe
c:\program files\Mozilla Firefox\firefox.exe
c:\program files\Mozilla Firefox\plugin-container.exe
c:\progra~1\Java\jre6\bin\jp2launcher.exe
c:\program files\Java\jre6\bin\java.exe
.
**************************************************************************
.
Completion time: 2012-06-28 14:06:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-28 18:06
.
Pre-Run: 64,321,372,160 bytes free
Post-Run: 64,104,402,944 bytes free
.
- - End Of File - - 725951309FBF4EFBF3E354284A84CD8F

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Fri 29 Jun 2012, 5:15 am

Still getting redirected, but for whatever reason, I think we're onto something here...lol

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by DragonMaster Jay on Fri 29 Jun 2012, 7:30 am

Please download Farbar Service Scanner and run it on the computer with the issue.
    Check "Include All Files" option.
    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Fri 29 Jun 2012, 7:39 am

Farbar Service Scanner Version: 25-06-2012 01
Ran by JonEJet (administrator) on 28-06-2012 at 16:38:33
Running from "C:\Users\JonEJet\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll
[2011-01-28 15:43] - [2008-01-19 00:34] - 0204288 ____A (Microsoft Corporation) 43A988A9C10333476CB5FB667CBD629D

C:\Windows\system32\Drivers\afd.sys
[2011-06-14 15:45] - [2011-04-21 09:16] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-01-29 17:06] - [2010-06-16 11:59] - 0898952 ____A (Microsoft Corporation) 782568AB6A43160A159B6215B70BCCE9

C:\Windows\system32\dnsrslvr.dll
[2011-05-03 01:19] - [2011-03-02 10:49] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2009-06-07 10:57] - [2009-03-03 00:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830



**** End of log ****

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by DragonMaster Jay on Fri 29 Jun 2012, 8:31 am

1. Click Start, click Run, type sigverif, and then click OK.

2. Click Advanced, click Look for other files that are not digitally signed, navigate to the Winnt\System32\Drivers folder, and then click OK.

3. Click Start.

4. After it has finished running, navigate to C:\Windows\Sigverify.txt, open it and post the contents of the log here.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Fri 29 Jun 2012, 8:43 am

********************************

Microsoft Signature Verification

Log file generated on 6/28/2012 at 5:39 PM
OS Platform: Windows (x86), Version: 6.0, Build: 6001, CSDVersion: Service Pack 1
Scan Results: Total Files: 203, Signed: 199, Unsigned: 0, Not Scanned: 4

File Modified Version Status Catalog Signed By
------------------ ------------ ----------- ------------ ----------- -------------------
[c:\program files\synaptics\syntp]
instnt.exe 8/15/2007 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syncntxt.rtf 8/15/2007 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
synisdll.dll 8/15/2007 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
synmood.exe 8/15/2007 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntoshiba.exe 8/15/2007 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntpcom.dll 8/15/2007 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntpcpl.dll 8/15/2007 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntpenh.exe 8/15/2007 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntpres.dll 8/15/2007 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntpstart.exe 8/15/2007 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
synunst.ini 8/16/2007 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
synzmetr.exe 8/15/2007 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
tutorial.exe 8/15/2007 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
[c:\windows]
agrsmdel.exe 1/9/2007 2:5.00 Signed agrmdv32.cat Microsoft Windows Hardware Compatibility Publisher
rthdvcpl.exe 4/25/2007 2:6.0 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
rtlupd.exe 1/16/2007 2:6.0 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
skytel.exe 4/13/2007 2:6.0 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
[c:\windows\system32]
agrscoin.dll 9/11/2006 2:5.00 Signed agrmdv32.cat Microsoft Windows Hardware Compatibility Publisher
agrsmsvc.exe 10/5/2006 2:5.00 Signed agrmdv32.cat Microsoft Windows Hardware Compatibility Publisher
batt.dll 1/19/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
clfs.sys 1/19/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
hal.dll 1/19/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
halacpi.dll 1/19/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
halmacpi.dll 1/19/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
hccoin.dll 11/2/2006 2:5.1 Signed Package_30_for_KB936Microsoft Windows
hccutils.dll 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
hcrstco.dll 1/19/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
hkcmd.exe 9/20/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
ig4dev32.dll 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
ig4icd32.dll 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igdumd32.dll 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxcfg.exe 9/20/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxcoin_v1329.dll 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxcpl.cpl 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxdev.dll 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxdo.dll 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxexps.dll 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxext.exe 9/20/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxpers.exe 9/20/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxpph.dll 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrara.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrchs.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrcht.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrcsy.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrdan.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrdeu.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrell.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrenu.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxresp.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxress.dll 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrfin.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrfra.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrheb.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrhun.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrita.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrjpn.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrkor.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrnld.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrnor.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrplk.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrptb.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrptg.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrrus.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrsky.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrslv.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrsve.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrtha.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrtrk.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxsrvc.dll 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxsrvc.exe 9/20/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxtmm.dll 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxtray.exe 9/20/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxzoom.exe 9/20/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
iglhxc32.vp 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
iglhxo32.vp 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
iglhxs32.vp 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igmedcompkrn.dll 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igmedkrn.dll 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
iscsilog.dll 1/18/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
oemdspif.dll 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
rtkapo.dll 4/24/2007 2:6.0 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
rtkapoapi.dll 3/23/2007 2:6.0 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
rtkcoinst.dll 4/4/2007 2:6.0 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
rtkpgext.dll 4/20/2007 2:6.0 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
rtsndmgr.cpl 3/20/2007 2:6.0 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
srshp360.dll 1/29/2007 2:6.0 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
srstshd.dll 1/25/2007 2:6.0 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
srstsxt.dll 12/13/2006 2:6.0 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
srswow.dll 4/13/2007 2:6.0 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
storprop.dll 1/19/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
streamci.dll 11/2/2006 2:5.1 Signed Package_25_for_KB948Microsoft Windows
syncom.dll 8/15/2007 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
synctrl.dll 8/15/2007 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntpapi.dll 8/15/2007 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntpco4.dll 8/15/2007 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
sysfxui.dll 1/19/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
wdfcoinstaller01000. 3/9/2006 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
wmalfxgfxdsp.dll 1/19/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
[c:\windows\system32\drivers]
acpi.sys 1/19/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
agrsm.sys 11/28/2006 2:5.00 Signed agrmdv32.cat Microsoft Windows Hardware Compatibility Publisher
asyncmac.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
atapi.sys 1/19/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
ataport.sys 1/19/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
avipbb.sys 6/30/2011 None Signed N/A
battc.sys 1/19/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
cdrom.sys 1/18/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
cmbatt.sys 1/18/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
compbatt.sys 1/19/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
crcdisk.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
disk.sys 1/19/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
drmk.sys 1/18/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
drmkaud.sys 1/18/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
dxgkrnl.sys 8/1/2008 2:5.1,2:5.2,2:6.0 Signed Package_4_for_KB9553Microsoft Windows
fwlnk.sys 11/20/2006 2:6.0 Signed fwlnk.cat Microsoft Windows Hardware Compatibility Publisher
hdaudbus.sys 1/18/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
hidclass.sys 1/18/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
hidparse.sys 1/18/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
hidusb.sys 1/18/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
http.sys 2/20/2010 2:5.1,2:5.2,2:6.0 Signed Package_2_for_KB9739Microsoft Windows
i8042prt.sys 1/18/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
igdkmd32.sys 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
intelide.sys 1/19/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
intelppm.sys 1/18/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
ipfltdrv.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
kbdclass.sys 1/19/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
kbdhid.sys 1/18/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
ksecdd.sys 6/15/2009 2:5.1,2:5.2,2:6.0 Signed Package_2_for_KB9754Microsoft Windows
lltdio.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
modem.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
monitor.sys 1/18/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
mouclass.sys 1/19/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
mouhid.sys 1/18/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
mountmgr.sys 1/19/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
mpsdrv.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
msahci.sys 1/19/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
msisadrv.sys 1/19/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
msiscsi.sys 1/19/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
mskssrv.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
mspclock.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
mspqm.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
mssmbios.sys 1/19/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
mstee.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
ndis.sys 1/19/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
ndistapi.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
ndisuio.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
ndiswan.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
netbt.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
nsiproxy.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
nwifi.sys 5/19/2008 2:5.1,2:5.2,2:6.0 Signed Package_3_for_KB9553Microsoft Windows
pacer.sys 4/4/2008 2:5.1,2:5.2,2:6.0 Signed Package_3_for_KB9527Microsoft Windows
pci.sys 1/19/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
pciidex.sys 1/19/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
pcmcia.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
peauth.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
portcls.sys 1/18/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
rasacd.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
rasl2tp.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
raspppoe.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
raspptp.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
rassstp.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
rdpcdd.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
rdpencdd.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
rspndr.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
rtkvhda.sys 4/25/2007 2:6.0 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
rtl8187b.sys 6/1/2007 2:6.0 Signed net8187b.cat Microsoft Windows Hardware Compatibility Publisher
sermouse.sys 1/18/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
sftfslh.sys 10/1/2011 None Signed N/A Microsoft Corporation
sftplaylh.sys 10/1/2011 None Signed N/A Microsoft Corporation
sftvollh.sys 10/1/2011 None Signed N/A Microsoft Corporation
smb.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
ssmdrv.sys 5/11/2009 None Signed N/A
swenum.sys 1/19/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
syntp.sys 8/15/2007 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
tcpip.sys 6/16/2010 2:5.1,2:5.2,2:6.0 Signed Package_3_for_KB9788Microsoft Windows
tcpipreg.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
tdcmdpst.sys 10/18/2006 2:6.0 Signed tdcmdpst.cat Microsoft Windows Hardware Compatibility Publisher
tdx.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
termdd.sys 1/19/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
tos_sps32.sys 9/19/2007 2:6.0 Signed tos_sps32.cat Microsoft Windows Hardware Compatibility Publisher
tunmp.sys 1/19/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
tunnel.sys 2/18/2010 2:5.1,2:5.2,2:6.0 Signed Package_2_for_KB9783Microsoft Windows
tvalz_o.sys 10/6/2006 2:6.0 Signed tvalz_o.cat Microsoft Windows Hardware Compatibility Publisher
umbus.sys 1/18/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
usbccgp.sys 1/18/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
usbd.sys 1/18/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
usbehci.sys 1/18/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
usbhub.sys 1/18/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
usbport.sys 1/18/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
usbuhci.sys 1/18/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
vga.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
volmgr.sys 1/19/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
volmgrx.sys 1/19/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
volsnap.sys 1/19/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
wanarp.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
wdf01000.sys 1/19/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
ws2ifsl.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
yk60x86.sys 1/9/2007 2:6.0 Signed yk60x86.cat Microsoft Windows Hardware Compatibility Publisher
[c:\windows\system32\rtcom]
rtcomdll.dll 4/18/2007 2:6.0 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
rtlcpapi.dll 3/7/2007 2:6.0 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher

Unscanned Files:
------------------
[c:\windows\c:\combofix]
catchme.sys The directory name is invalid.
[c:\windows\c:\program files\common files\symantec shared\coshared\cw\1.5]
co_mon.sys The directory name is invalid.
[c:\windows\c:\windows\system32\sysprep\drivers]
ioport.sys The directory name is invalid.
[c:\windows\c:\windows\system32\sysprep\up_date]
pedrv.sys The directory name is invalid.


JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by DragonMaster Jay on Fri 29 Jun 2012, 9:11 am

Please download and run the updated Panda ZA tool: [You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Fri 29 Jun 2012, 10:57 am

So it rebooted, and when we restarted, I got the blue screen. So here I am in safe mode. It left me a log when I restarted, here it is

So in safe mode, I tried to run Panda,and when I did, it said the machine had not been rebooted??

So I'll try to reboot, and repair the computer as well

Okay, tried Panda again, and once again after reboot got the blue screen....don't think my system likes the Panda...lol

2012-06-28 19:40:52: ****************************************************
2012-06-28 19:40:52: Starting UP ... v 0.0.0.220
2012-06-28 19:40:52: ****************************************************
2012-06-28 19:40:54: Stop TPSRV returns: 2
2012-06-28 19:41:09: Listing processes...
2012-06-28 19:41:09: :[System Process]:0
2012-06-28 19:41:09: :System:4
2012-06-28 19:41:09: :smss.exe:588
2012-06-28 19:41:09: :csrss.exe:660
2012-06-28 19:41:09: :wininit.exe:704
2012-06-28 19:41:09: :csrss.exe:712
2012-06-28 19:41:09: :services.exe:748
2012-06-28 19:41:09: :lsass.exe:760
2012-06-28 19:41:09: :lsm.exe:772
2012-06-28 19:41:09: :winlogon.exe:848
2012-06-28 19:41:09: :svchost.exe:960
2012-06-28 19:41:09: :PresentationFontCache.exe:1028
2012-06-28 19:41:09: :svchost.exe:1076
2012-06-28 19:41:09: :svchost.exe:1132
2012-06-28 19:41:09: :svchost.exe:1204
2012-06-28 19:41:09: :svchost.exe:1220
2012-06-28 19:41:09: :audiodg.exe:1336
2012-06-28 19:41:09: :SLsvc.exe:1372
2012-06-28 19:41:09: :svchost.exe:1420
2012-06-28 19:41:09: :svchost.exe:1648
2012-06-28 19:41:09: :dwm.exe:1816
2012-06-28 19:41:09: :AvastSvc.exe:1828
2012-06-28 19:41:09: :spoolsv.exe:1956
2012-06-28 19:41:09: :taskeng.exe:1964
2012-06-28 19:41:09: :taskeng.exe:196
2012-06-28 19:41:09: :agrsmsvc.exe:908
2012-06-28 19:41:09: :CFSvcs.exe:508
2012-06-28 19:41:09: :svchost.exe:1480
2012-06-28 19:41:09: :lxducoms.exe:2152
2012-06-28 19:41:09: :pinger.exe:2248
2012-06-28 19:41:09: :sftvsa.exe:2460
2012-06-28 19:41:09: :svchost.exe:2476
2012-06-28 19:41:09: :TNaviSrv.exe:2520
2012-06-28 19:41:09: :TODDSrv.exe:2560
2012-06-28 19:41:09: :TosCoSrv.exe:2600
2012-06-28 19:41:09: :TosBtSrv.exe:2660
2012-06-28 19:41:09: :ULCDRSvr.exe:2700
2012-06-28 19:41:09: :svchost.exe:2716
2012-06-28 19:41:09: :WLIDSVC.EXE:2736
2012-06-28 19:41:09: :SearchIndexer.exe:2768
2012-06-28 19:41:09: :sftlist.exe:2828
2012-06-28 19:41:09: :WLIDSVCM.EXE:3060
2012-06-28 19:41:09: :CVHSVC.EXE:3316
2012-06-28 19:41:09: :igfxpers.exe:880
2012-06-28 19:41:09: :RtHDVCpl.exe:236
2012-06-28 19:41:09: :SynTPStart.exe:2868
2012-06-28 19:41:09: :GoogleDesktop.exe:3568
2012-06-28 19:41:09: :realsched.exe:2988
2012-06-28 19:41:09: :AvastUI.exe:3472
2012-06-28 19:41:09: :SynTPEnh.exe:3924
2012-06-28 19:41:09: :mf_systray.exe:4028
2012-06-28 19:41:09: :unsecapp.exe:2968
2012-06-28 19:41:09: :WmiPrvSE.exe:1160
2012-06-28 19:41:09: :SynToshiba.exe:4020
2012-06-28 19:41:09: :wuauclt.exe:3760
2012-06-28 19:41:09: :mf_daemon.exe:1216
2012-06-28 19:41:09: :mf_status.exe:3480
2012-06-28 19:41:09: :mf_services.exe:3620
2012-06-28 19:41:09: :explorer.exe:3496
2012-06-28 19:41:09: :firefox.exe:3204
2012-06-28 19:41:09: :plugin-container.exe:2844
2012-06-28 19:41:09: :jp2launcher.exe:2972
2012-06-28 19:41:09: :java.exe:2028
2012-06-28 19:41:09: :notepad.exe:4432
2012-06-28 19:41:09: :SearchProtocolHost.exe:4956
2012-06-28 19:41:09: :SearchFilterHost.exe:5408
2012-06-28 19:41:09: :yorkyt.exe:4548
2012-06-28 19:41:09: :WmiPrvSE.exe:5632
2012-06-28 19:41:09:
2012-06-28 19:41:09: Setting restore point
2012-06-28 19:41:48: Determining autonomous or dropped mode...
2012-06-28 19:41:48: Autonomus mode
2012-06-28 19:41:50: Installing drivers...
2012-06-28 19:41:57: Checking that it installed...
2012-06-28 19:41:57: Driver is installed...
2012-06-28 19:41:59: cmd.exe /c start "C:\Users\JonEJet\Desktop\yorkyt.exe"
2012-06-28 19:42:04: Restarting...
2012-06-28 19:57:39: ****************************************************
2012-06-28 19:57:39: Starting UP ... v 0.0.0.220
2012-06-28 19:57:39: ****************************************************
2012-06-28 19:57:39: Stop TPSRV returns: 2
2012-06-28 19:57:54: Listing processes...
2012-06-28 19:57:54: :[System Process]:0
2012-06-28 19:57:54: :System:4
2012-06-28 19:57:54: :smss.exe:388
2012-06-28 19:57:54: :csrss.exe:516
2012-06-28 19:57:54: :csrss.exe:552
2012-06-28 19:57:54: :wininit.exe:560
2012-06-28 19:57:54: :winlogon.exe:604
2012-06-28 19:57:54: :services.exe:632
2012-06-28 19:57:54: :lsass.exe:660
2012-06-28 19:57:54: :lsm.exe:668
2012-06-28 19:57:54: :svchost.exe:796
2012-06-28 19:57:54: :svchost.exe:852
2012-06-28 19:57:54: :svchost.exe:940
2012-06-28 19:57:54: :svchost.exe:964
2012-06-28 19:57:54: :svchost.exe:1000
2012-06-28 19:57:54: :svchost.exe:1016
2012-06-28 19:57:54: :svchost.exe:1032
2012-06-28 19:57:54: :explorer.exe:1408
2012-06-28 19:57:54: :unsecapp.exe:1848
2012-06-28 19:57:54: :WmiPrvSE.exe:1932
2012-06-28 19:57:54: :firefox.exe:2004
2012-06-28 19:57:54: :plugin-container.exe:1612
2012-06-28 19:57:54: :yorkyt.exe:1564
2012-06-28 19:57:54: :WmiPrvSE.exe:624
2012-06-28 19:57:54:
2012-06-28 19:57:54: Computer not restarted. Please restart

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by DragonMaster Jay on Fri 29 Jun 2012, 10:07 pm

I haven't thought about this...

Please download and run this DNS tool by F-Secure: [You must be registered and logged in to see this link.]



[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Sat 30 Jun 2012, 1:01 am

Finished

Congratulations! Your system's DNS settings do not have any signs of known DNSChanger infections

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by DragonMaster Jay on Sat 30 Jun 2012, 5:52 am

Backup bookmarks in all of your browsers: [You must be registered and logged in to see this link.]

Reset Internet Explorer: [You must be registered and logged in to see this link.]
Reset Firefox: [You must be registered and logged in to see this link.]





  • Open Start > Run, and enter the following exactly: %APPDATA%\Mozilla\Firefox\Profiles then press OK.
  • You will see an eight-character folder, which is your Firefox profile. (xxxxxxxx.default) (x=random character)
  • Right-click on that folder and select Copy. Then, go to My Documents and right-click and select Paste. (If we make an error, at least the data for your current Firefox profile will be backed up, so it can be safely restored.)
  • Go to Start > Run. Enter the following: firefox.exe -ProfileManager and then press OK.
  • To start the Create Profile Wizard, click Create Profile... in the Profile Manager.
  • Click Next and enter the name of the profile. Use a profile name that is descriptive, such as your personal name. This name is not exposed on the Internet.
  • You can also choose where to store the profile, which is useful if you plan on exporting your data and settings to another computer or setup in the future. To choose its storage location on your system, click Choose Folder....
  • Note: If you choose a custom location for the profile, store it in a new or clean folder. When you choose to remove the profile, all contents stored in the same folder are removed.
  • To create the new profile, click Finish.
  • The new profile is displayed in the Profile Manager.
  • Lastly. Choose the New Profile and click Start Firefox. If you do not want it to prompt you, then click Don't Ask at Startup.


Please let me know if this worked or not.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Root Kit....Zero Access

Post by DragonMaster Jay on Sat 30 Jun 2012, 6:47 am

Believe it or not, ZEROACCESS IS GONE! It's been gone this whole time, since we did a few more removal tasks...probably about page 10 or 11. Haha. But, you have a separate redirect worm and we need to fish it out again manually.

Once you are finished with that above, please do the following:

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    %PROGRAMFILES%\*.
    %appdata%\*.*
    netsvcs
    activex
    drivers32
    /md5start
    ipemm.dll
    ip*.*
    gam.exe
    qgaylmv.dll
    *.xpi
    /md5stop


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time


Note: in the event that OTL fails to run, please use alternate download links to try again:

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]


AND


Please download CKScanner by askey127 from here

Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Sat 30 Jun 2012, 6:51 am

I'm not sure what has happened here...but it's good

Every time I'd shut down firefox to run the profile manager, I wasn't able to.....It would just open the internet browser

So I restarted, and tried to get to the profile manager with no luck.

But for whatever reason, it seems as if I am not getting redirected

I will temper my excitement for a moment, and will continue to browse a bit more

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Sat 30 Jun 2012, 7:14 am

OTL logfile created on: 6/29/2012 3:55:30 PM - Run 1

[You must be registered and logged in to see this link.]

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Sat 30 Jun 2012, 7:17 am

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\toshiba games\bejeweled 2 deluxe\sounds\firecrackle.ogg
c:\program files\toshiba games\mah jong quest\images\tile_firecracker-1.pnge
c:\program files\toshiba games\mah jong quest\images\tile_firecracker-2.pnge
c:\program files\toshiba games\mah jong quest\images\tile_firecracker-3.pnge
c:\program files\toshiba games\mah jong quest\images\tile_firecracker1.pnge
c:\program files\toshiba games\mah jong quest\images\kwazi3\level5-1cracktop.jpge
c:\program files\toshiba games\mah jong quest\images\kwazi5\5_lvl_5a_postcrack1.jpge
c:\program files\toshiba games\mah jong quest\images\kwazi5\5_lvl_5a_postcrack2.jpge
scanner sequence 3.CE.11.ESNAOL
----- EOF -----

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by DragonMaster Jay on Sat 30 Jun 2012, 10:09 am

Okay...don't worry about the profile right now then. Hopefully resetting the browsers helped with the issue with redirects.

We need to check for remnants, though!

That was not the full log for OTL. I need the contents of OTL.txt.

If you don't see it, then please re-run OTL. I need a full log to do a full analysis!



[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Root Kit....Zero Access

Post by JonEJet on Sat 30 Jun 2012, 5:56 pm

Here is the OTL I ran.....take a look again to see if this is what you need


Otherwise, I'll run it again

[You must be registered and logged in to see this link.]

Extras

[You must be registered and logged in to see this link.]

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Root Kit....Zero Access

Post by Sponsored content Today at 6:10 am


Sponsored content


Back to top Go down

Page 10 of 11 Previous  1, 2, 3 ... , 9, 10, 11  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum