WiredWX Hobby Weather ToolsLog in

 


Root Kit....Zero Access

4 posters

descriptionRoot Kit....Zero Access - Page 16 EmptyRe: Root Kit....Zero Access

more_horiz
Waiting on you then

descriptionRoot Kit....Zero Access - Page 16 EmptyRe: Root Kit....Zero Access

more_horiz

descriptionRoot Kit....Zero Access - Page 16 EmptyRe: Root Kit....Zero Access

more_horiz
I used infected as password again with no luck

descriptionRoot Kit....Zero Access - Page 16 EmptyRe: Root Kit....Zero Access

more_horiz
It's giving the same errors over here...

descriptionRoot Kit....Zero Access - Page 16 EmptyRe: Root Kit....Zero Access

more_horiz
I was able to download it, but when I tried to run it, my screen just flashed, and it never started running

descriptionRoot Kit....Zero Access - Page 16 EmptyRe: Root Kit....Zero Access

more_horiz
Oh it did....Smile...

That was expected. Please run ComboFix now and post a log.

descriptionRoot Kit....Zero Access - Page 16 EmptyRe: Root Kit....Zero Access

more_horiz
okay, it must have worked....my system is going apesh1t....lol

descriptionRoot Kit....Zero Access - Page 16 EmptyRe: Root Kit....Zero Access

more_horiz
(Gunsmoke) Let's do this!

descriptionRoot Kit....Zero Access - Page 16 EmptyRe: Root Kit....Zero Access

more_horiz
ComboFix 12-06-28.01 - JonEJet 06/28/2012 13:20:24.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.859 [GMT -4:00]
Running from: c:\users\JonEJet\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\root
c:\users\JonEJet\AppData\Local\tbfmco.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-28 )))))))))))))))))))))))))))))))
.
.
2012-06-28 17:30 . 2012-06-28 17:36 -------- d-----w- c:\users\JonEJet\AppData\Local\temp
2012-06-28 17:30 . 2012-06-28 17:30 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-06-28 17:30 . 2012-06-28 17:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-25 22:36 . 2012-06-25 22:37 -------- d-----w- C:\FRST
2012-06-25 20:57 . 2012-06-25 20:57 -------- d-----w- c:\program files\ESET
2012-06-18 15:49 . 2012-06-25 19:05 -------- d-----w- c:\users\JonEJet\Vba32arkit
2012-06-17 20:41 . 2012-06-17 20:41 35712 ----a-w- c:\windows\system32\drivers\Mw3n1br6.sys
2012-06-17 16:56 . 2012-06-17 16:56 -------- d-----w- c:\program files\MustBeRandomlyNamed
2012-06-17 16:40 . 2012-06-17 16:40 -------- d-----w- c:\program files\File Type Assistant
2012-06-17 16:39 . 2012-06-17 16:39 -------- d-----w- c:\users\JonEJet\AppData\Roaming\BitZipper
2012-06-17 16:39 . 2012-06-17 16:39 -------- d-----w- c:\program files\BitZipper
2012-06-16 20:42 . 2012-06-17 16:28 -------- d-----w- c:\program files\7-Zip
2012-06-16 20:15 . 2011-05-04 15:36 27192 ----a-w- c:\windows\system32\drivers\rspSanity32.sys
2012-06-16 15:15 . 2012-06-16 15:15 -------- d-----w- c:\program files\Panda Security
2012-06-15 09:54 . 2012-06-15 09:54 -------- d-----w- c:\programdata\boost_interprocess
2012-06-15 09:53 . 2012-06-15 09:53 -------- d-----w- c:\program files\MediaFire Express
2012-06-15 09:52 . 2012-06-28 14:06 -------- d-----w- c:\users\JonEJet\AppData\Local\MediaFire Express
2012-06-14 19:08 . 2012-06-15 14:57 -------- d-----w- c:\users\JonEJet\DoctorWeb
2012-06-14 14:14 . 2012-06-14 14:14 -------- d-----w- c:\programdata\Kaspersky Lab
2012-06-08 18:08 . 2012-06-25 12:14 -------- d-----w- c:\programdata\HitmanPro
2012-06-07 11:41 . 2012-06-25 19:13 -------- d-----w- C:\SeviceFix
2012-06-06 15:50 . 2012-06-06 15:50 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-06 15:50 . 2012-06-06 15:50 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-05 13:49 . 2012-06-25 12:14 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-06-04 19:51 . 2012-06-04 19:50 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-01 01:01 . 2012-06-01 01:01 -------- d-----w- c:\program files\Amazon
2012-06-01 01:00 . 2012-06-01 15:45 -------- d-----w- c:\program files\Amazon Browser Bar
2012-05-31 14:01 . 2012-06-16 14:34 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-31 13:59 . 2012-06-16 02:20 624608 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-05-31 13:59 . 2012-06-16 02:20 43488 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-05-31 13:59 . 2012-06-16 02:20 157608 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-31 13:59 . 2012-06-16 02:20 113120 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-30 14:20 . 2012-05-30 14:20 -------- d-----w- c:\users\JonEJet\AppData\Roaming\FixZeroAccess
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-04 19:50 . 2011-04-02 16:25 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56 . 2010-12-07 10:54 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-16 02:20 . 2012-06-01 16:24 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MediaFire Tray"="c:\users\JonEJet\AppData\Local\MediaFire Express\mf_systray.exe" [2012-06-13 2172488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-20 141848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-20 129560]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 4444160]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-15 102400]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-06 1862144]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-02 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
c:\users\JonEJet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.3.lnk - c:\users\JonEJet\AppData\Local\temp\quickstart.exe [N/A]
_uninst_.lnk - c:\users\JonEJet\AppData\Local\temp\_uninst_.bat [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd0b4fdb4952f0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 02:58]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 02:58]
.
.
------- Supplementary Scan -------
.
uStart Page =
mStart Page = auto:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 208.59.247.45 208.59.247.46
FF - ProfilePath - c:\users\JonEJet\AppData\Roaming\Mozilla\Firefox\Profiles\okcrvxtn.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BFE]
"ImagePath"="."
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MpsSvc]
"ImagePath"="."
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\lxducoms.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\program files\Microsoft Application Virtualization Client\sftvsa.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Microsoft Application Virtualization Client\sftlist.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\windows\RtHDVCpl.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\users\JonEJet\AppData\Local\MediaFire Express\mf_daemon.exe
c:\users\JonEJet\AppData\Local\MediaFire Express\mf_status.exe
c:\users\JonEJet\AppData\Local\MediaFire Express\mf_services.exe
c:\program files\Mozilla Firefox\firefox.exe
c:\program files\Mozilla Firefox\plugin-container.exe
c:\progra~1\Java\jre6\bin\jp2launcher.exe
c:\program files\Java\jre6\bin\java.exe
.
**************************************************************************
.
Completion time: 2012-06-28 14:06:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-28 18:06
.
Pre-Run: 64,321,372,160 bytes free
Post-Run: 64,104,402,944 bytes free
.
- - End Of File - - 725951309FBF4EFBF3E354284A84CD8F

descriptionRoot Kit....Zero Access - Page 16 EmptyRe: Root Kit....Zero Access

more_horiz
Still getting redirected, but for whatever reason, I think we're onto something here...lol Cheers Mate

descriptionRoot Kit....Zero Access - Page 16 EmptyRe: Root Kit....Zero Access

more_horiz
Please download Farbar Service Scanner and run it on the computer with the issue.
    Check "Include All Files" option.
    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.

descriptionRoot Kit....Zero Access - Page 16 EmptyRe: Root Kit....Zero Access

more_horiz
Farbar Service Scanner Version: 25-06-2012 01
Ran by JonEJet (administrator) on 28-06-2012 at 16:38:33
Running from "C:\Users\JonEJet\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll
[2011-01-28 15:43] - [2008-01-19 00:34] - 0204288 ____A (Microsoft Corporation) 43A988A9C10333476CB5FB667CBD629D

C:\Windows\system32\Drivers\afd.sys
[2011-06-14 15:45] - [2011-04-21 09:16] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-01-29 17:06] - [2010-06-16 11:59] - 0898952 ____A (Microsoft Corporation) 782568AB6A43160A159B6215B70BCCE9

C:\Windows\system32\dnsrslvr.dll
[2011-05-03 01:19] - [2011-03-02 10:49] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2009-06-07 10:57] - [2009-03-03 00:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830



**** End of log ****

descriptionRoot Kit....Zero Access - Page 16 EmptyRe: Root Kit....Zero Access

more_horiz
1. Click Start, click Run, type sigverif, and then click OK.

2. Click Advanced, click Look for other files that are not digitally signed, navigate to the Winnt\System32\Drivers folder, and then click OK.

3. Click Start.

4. After it has finished running, navigate to C:\Windows\Sigverify.txt, open it and post the contents of the log here.

descriptionRoot Kit....Zero Access - Page 16 EmptyRe: Root Kit....Zero Access

more_horiz
********************************

Microsoft Signature Verification

Log file generated on 6/28/2012 at 5:39 PM
OS Platform: Windows (x86), Version: 6.0, Build: 6001, CSDVersion: Service Pack 1
Scan Results: Total Files: 203, Signed: 199, Unsigned: 0, Not Scanned: 4

File Modified Version Status Catalog Signed By
------------------ ------------ ----------- ------------ ----------- -------------------
[c:\program files\synaptics\syntp]
instnt.exe 8/15/2007 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syncntxt.rtf 8/15/2007 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
synisdll.dll 8/15/2007 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
synmood.exe 8/15/2007 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntoshiba.exe 8/15/2007 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntpcom.dll 8/15/2007 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntpcpl.dll 8/15/2007 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntpenh.exe 8/15/2007 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntpres.dll 8/15/2007 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntpstart.exe 8/15/2007 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
synunst.ini 8/16/2007 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
synzmetr.exe 8/15/2007 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
tutorial.exe 8/15/2007 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
[c:\windows]
agrsmdel.exe 1/9/2007 2:5.00 Signed agrmdv32.cat Microsoft Windows Hardware Compatibility Publisher
rthdvcpl.exe 4/25/2007 2:6.0 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
rtlupd.exe 1/16/2007 2:6.0 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
skytel.exe 4/13/2007 2:6.0 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
[c:\windows\system32]
agrscoin.dll 9/11/2006 2:5.00 Signed agrmdv32.cat Microsoft Windows Hardware Compatibility Publisher
agrsmsvc.exe 10/5/2006 2:5.00 Signed agrmdv32.cat Microsoft Windows Hardware Compatibility Publisher
batt.dll 1/19/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
clfs.sys 1/19/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
hal.dll 1/19/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
halacpi.dll 1/19/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
halmacpi.dll 1/19/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
hccoin.dll 11/2/2006 2:5.1 Signed Package_30_for_KB936Microsoft Windows
hccutils.dll 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
hcrstco.dll 1/19/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
hkcmd.exe 9/20/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
ig4dev32.dll 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
ig4icd32.dll 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igdumd32.dll 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxcfg.exe 9/20/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxcoin_v1329.dll 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxcpl.cpl 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxdev.dll 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxdo.dll 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxexps.dll 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxext.exe 9/20/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxpers.exe 9/20/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxpph.dll 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrara.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrchs.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrcht.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrcsy.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrdan.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrdeu.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrell.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrenu.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxresp.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxress.dll 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrfin.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrfra.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrheb.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrhun.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrita.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrjpn.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrkor.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrnld.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrnor.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrplk.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrptb.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrptg.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrrus.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrsky.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrslv.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrsve.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrtha.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxrtrk.lrc 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxsrvc.dll 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxsrvc.exe 9/20/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxtmm.dll 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxtray.exe 9/20/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igfxzoom.exe 9/20/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
iglhxc32.vp 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
iglhxo32.vp 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
iglhxs32.vp 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igmedcompkrn.dll 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
igmedkrn.dll 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
iscsilog.dll 1/18/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
oemdspif.dll 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
rtkapo.dll 4/24/2007 2:6.0 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
rtkapoapi.dll 3/23/2007 2:6.0 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
rtkcoinst.dll 4/4/2007 2:6.0 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
rtkpgext.dll 4/20/2007 2:6.0 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
rtsndmgr.cpl 3/20/2007 2:6.0 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
srshp360.dll 1/29/2007 2:6.0 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
srstshd.dll 1/25/2007 2:6.0 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
srstsxt.dll 12/13/2006 2:6.0 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
srswow.dll 4/13/2007 2:6.0 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
storprop.dll 1/19/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
streamci.dll 11/2/2006 2:5.1 Signed Package_25_for_KB948Microsoft Windows
syncom.dll 8/15/2007 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
synctrl.dll 8/15/2007 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntpapi.dll 8/15/2007 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
syntpco4.dll 8/15/2007 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
sysfxui.dll 1/19/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
wdfcoinstaller01000. 3/9/2006 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
wmalfxgfxdsp.dll 1/19/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
[c:\windows\system32\drivers]
acpi.sys 1/19/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
agrsm.sys 11/28/2006 2:5.00 Signed agrmdv32.cat Microsoft Windows Hardware Compatibility Publisher
asyncmac.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
atapi.sys 1/19/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
ataport.sys 1/19/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
avipbb.sys 6/30/2011 None Signed N/A
battc.sys 1/19/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
cdrom.sys 1/18/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
cmbatt.sys 1/18/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
compbatt.sys 1/19/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
crcdisk.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
disk.sys 1/19/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
drmk.sys 1/18/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
drmkaud.sys 1/18/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
dxgkrnl.sys 8/1/2008 2:5.1,2:5.2,2:6.0 Signed Package_4_for_KB9553Microsoft Windows
fwlnk.sys 11/20/2006 2:6.0 Signed fwlnk.cat Microsoft Windows Hardware Compatibility Publisher
hdaudbus.sys 1/18/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
hidclass.sys 1/18/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
hidparse.sys 1/18/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
hidusb.sys 1/18/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
http.sys 2/20/2010 2:5.1,2:5.2,2:6.0 Signed Package_2_for_KB9739Microsoft Windows
i8042prt.sys 1/18/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
igdkmd32.sys 9/13/2007 2:6.0 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher
intelide.sys 1/19/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
intelppm.sys 1/18/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
ipfltdrv.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
kbdclass.sys 1/19/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
kbdhid.sys 1/18/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
ksecdd.sys 6/15/2009 2:5.1,2:5.2,2:6.0 Signed Package_2_for_KB9754Microsoft Windows
lltdio.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
modem.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
monitor.sys 1/18/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
mouclass.sys 1/19/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
mouhid.sys 1/18/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
mountmgr.sys 1/19/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
mpsdrv.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
msahci.sys 1/19/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
msisadrv.sys 1/19/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
msiscsi.sys 1/19/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
mskssrv.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
mspclock.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
mspqm.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
mssmbios.sys 1/19/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
mstee.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
ndis.sys 1/19/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
ndistapi.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
ndisuio.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
ndiswan.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
netbt.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
nsiproxy.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
nwifi.sys 5/19/2008 2:5.1,2:5.2,2:6.0 Signed Package_3_for_KB9553Microsoft Windows
pacer.sys 4/4/2008 2:5.1,2:5.2,2:6.0 Signed Package_3_for_KB9527Microsoft Windows
pci.sys 1/19/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
pciidex.sys 1/19/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
pcmcia.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
peauth.sys 11/2/2006 2:6.0 Signed nt5.cat Microsoft Windows
portcls.sys 1/18/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
rasacd.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
rasl2tp.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
raspppoe.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
raspptp.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
rassstp.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
rdpcdd.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
rdpencdd.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
rspndr.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
rtkvhda.sys 4/25/2007 2:6.0 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
rtl8187b.sys 6/1/2007 2:6.0 Signed net8187b.cat Microsoft Windows Hardware Compatibility Publisher
sermouse.sys 1/18/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
sftfslh.sys 10/1/2011 None Signed N/A Microsoft Corporation
sftplaylh.sys 10/1/2011 None Signed N/A Microsoft Corporation
sftvollh.sys 10/1/2011 None Signed N/A Microsoft Corporation
smb.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
ssmdrv.sys 5/11/2009 None Signed N/A
swenum.sys 1/19/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
syntp.sys 8/15/2007 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher
tcpip.sys 6/16/2010 2:5.1,2:5.2,2:6.0 Signed Package_3_for_KB9788Microsoft Windows
tcpipreg.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
tdcmdpst.sys 10/18/2006 2:6.0 Signed tdcmdpst.cat Microsoft Windows Hardware Compatibility Publisher
tdx.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
termdd.sys 1/19/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
tos_sps32.sys 9/19/2007 2:6.0 Signed tos_sps32.cat Microsoft Windows Hardware Compatibility Publisher
tunmp.sys 1/19/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
tunnel.sys 2/18/2010 2:5.1,2:5.2,2:6.0 Signed Package_2_for_KB9783Microsoft Windows
tvalz_o.sys 10/6/2006 2:6.0 Signed tvalz_o.cat Microsoft Windows Hardware Compatibility Publisher
umbus.sys 1/18/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
usbccgp.sys 1/18/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
usbd.sys 1/18/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
usbehci.sys 1/18/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
usbhub.sys 1/18/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
usbport.sys 1/18/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
usbuhci.sys 1/18/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
vga.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
volmgr.sys 1/19/2008 2:5.1 Signed Package_25_for_KB948Microsoft Windows
volmgrx.sys 1/19/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
volsnap.sys 1/19/2008 2:5.1 Signed Package_30_for_KB936Microsoft Windows
wanarp.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
wdf01000.sys 1/19/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
ws2ifsl.sys 1/18/2008 2:5.1,2:5.2,2:6.0 Signed Package_30_for_KB936Microsoft Windows
yk60x86.sys 1/9/2007 2:6.0 Signed yk60x86.cat Microsoft Windows Hardware Compatibility Publisher
[c:\windows\system32\rtcom]
rtcomdll.dll 4/18/2007 2:6.0 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher
rtlcpapi.dll 3/7/2007 2:6.0 Signed hda32.cat Microsoft Windows Hardware Compatibility Publisher

Unscanned Files:
------------------
[c:\windows\c:\combofix]
catchme.sys The directory name is invalid.
[c:\windows\c:\program files\common files\symantec shared\coshared\cw\1.5]
co_mon.sys The directory name is invalid.
[c:\windows\c:\windows\system32\sysprep\drivers]
ioport.sys The directory name is invalid.
[c:\windows\c:\windows\system32\sysprep\up_date]
pedrv.sys The directory name is invalid.

descriptionRoot Kit....Zero Access - Page 16 EmptyRe: Root Kit....Zero Access

more_horiz
Please download and run the updated Panda ZA tool: http://www.pandasecurity.com/usa/homeusers/support/card?id=1672&idIdioma=2

descriptionRoot Kit....Zero Access - Page 16 EmptyRe: Root Kit....Zero Access

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum