Help
This topic is locked
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient. DO NOT RUN ComboFix unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Multiple symptoms of malware/spyware Multiple symptoms of malware/spyware-
#31
- Bleepin' curls!
-
- Group: Malware Response Team
- Posts: 7,857
- Joined: 09-November 08
- Gender:Not Telling
- Location:Canada
Posted 23 August 2011 - 04:44 PM
OK, good, let me know how it goes
The help you receive here is free. If you wish to show your appreciation, then you may 
Microsoft MVP - 2010, 2011
Microsoft MVP - 2010, 2011
Back to top
#32
- Member
-
- Group: Members
- Posts: 148
- Joined: 29-June 11
- Gender:Male
Posted 26 August 2011 - 02:41 AM
it didn't go well.
I can't install it.
It fails with an error message - Windows cannot find 'C:\SAV\ESXP\Install.bat' Make sure you typed the name correctly, and then try again.
What do I do now?
I can't install it.
It fails with an error message - Windows cannot find 'C:\SAV\ESXP\Install.bat' Make sure you typed the name correctly, and then try again.
What do I do now?
#33
- Bleepin' curls!
-
- Group: Malware Response Team
- Posts: 7,857
- Joined: 09-November 08
- Gender:Not Telling
- Location:Canada
Posted 26 August 2011 - 04:14 PM
looks like Sophos is missing an installation file
Are you using a disk to install the program or a download?
you may need to re-download the program
failing that, I would contact Sophos Support
http://www.sophos.com/support/
Are you using a disk to install the program or a download?
you may need to re-download the program
failing that, I would contact Sophos Support
http://www.sophos.com/support/
The help you receive here is free. If you wish to show your appreciation, then you may
Microsoft MVP - 2010, 2011
Microsoft MVP - 2010, 2011
#34
- Member
-
- Group: Members
- Posts: 148
- Joined: 29-June 11
- Gender:Male
Posted 30 August 2011 - 12:13 AM
I am using the exe file provided by my company and the same file works for all other people here.
I am writing to Sophos support. Lets see what they have to say.
Btw a new development on my machine- mozilla and chrome crashing every now and then.
Could this be related?
I am writing to Sophos support. Lets see what they have to say.
Btw a new development on my machine- mozilla and chrome crashing every now and then.
Could this be related?
#35
- Bleepin' curls!
-
- Group: Malware Response Team
- Posts: 7,857
- Joined: 09-November 08
- Gender:Not Telling
- Location:Canada
Posted 30 August 2011 - 04:09 PM
Your logs didn't give any indication of a rootkit at all, but run the following programs just to be certain:
Scan With RootKitUnHooker
Note** you may get the following warning, just click OK and continue.
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
NEXT
Please download TDSSKiller.zip
Scan With RootKitUnHooker
- Please Download Rootkit Unhooker and save it to your desktop.
- Now double-click on RKUnhookerLE.exe to run it.
- Click the Report tab, then click Scan.
- Check (Tick) Drivers and Stealth
- Uncheck the rest. then click OK
- When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
- Wait till the scanner has finished and then click File > Save Report.
- Save the report somewhere where you can find it. Click Close.
- Copy the entire contents of the report and paste it in your next reply.
Note** you may get the following warning, just click OK and continue.
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
NEXT
Please download TDSSKiller.zip
- Extract it to your desktop
- Double click TDSSKiller.exe
- Press Start Scan
- Only if Malicious objects are found then ensure Cure is selected
- Then click Continue > Reboot now
- Only if Malicious objects are found then ensure Cure is selected
- Copy and paste the log in your next reply
- A copy of the log will be saved automatically to the root of the drive (typically C:\)
The help you receive here is free. If you wish to show your appreciation, then you may
Microsoft MVP - 2010, 2011
Microsoft MVP - 2010, 2011
#36
- Member
-
- Group: Members
- Posts: 148
- Joined: 29-June 11
- Gender:Male
Posted 04 September 2011 - 01:10 AM
TDS-Skiller scan clean - no logs produced.
Rootkit log provided below.
RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB8038000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 6348800 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 101.33 )
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 5468160 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 101.33 )
0xB7D7C000 C:\WINDOWS\system32\DRIVERS\NETw4x32.sys 2207744 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB4337000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 991232 bytes (Conexant Systems, Inc., HSF_DP driver)
0xB7C5D000 C:\WINDOWS\system32\DRIVERS\btkrnl.sys 851968 bytes (Broadcom Corporation., Bluetooth Bus Enumerator)
0xB9E2F000 iaStor.sys 778240 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xB4284000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 733184 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xB9D43000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB7864000 C:\WINDOWS\system32\drivers\btaudio.sys 524288 bytes (Broadcom Corporation., Bluetooth Audio Device)
0xAF601000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB7BA7000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAFB1D000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA5A77000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xB4475000 C:\WINDOWS\system32\drivers\ADIHdAud.sys 319488 bytes (Analog Devices, Inc., High Definition Audio Function Driver)
0xBF549000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB7FE3000 C:\WINDOWS\system32\DRIVERS\e1e5132.sys 266240 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 5.2 deserialized driver)
0xA49F3000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB4429000 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 212992 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xB7C05000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA5C5F000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9D16000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB7D50000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 180224 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x99A7B000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xAF671000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB7F97000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xAFAF5000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB30E6000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0xB9F05000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xAFACF000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB7840000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB7FBF000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB7D2D000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA503E000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xAFAAD000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xAFA0C000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 135168 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9E0F000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F2B000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9F4A000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xB9CFA000 Apsx86.sys 114688 bytes (Lenovo., Shockproof Disk Driver)
0xB9CE0000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB445D000 C:\WINDOWS\system32\drivers\AEAudio.sys 98304 bytes (Andrea Electronics Corporation, Audio Noise Filtering Driver (32-bit))
0xB9EED000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA5DBA000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)
0xB9DD0000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB7C46000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA5DD2000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xA5DA4000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xB9DE7000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0xA52D1000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB8024000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAFB76000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9DFD000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB7C35000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB5F89000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB967C000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA138000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA108000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB0B0B000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xB8739000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB966C000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA555F000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA1B8000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA118000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB969C000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xB965C000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB963C000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xAA87E000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB968C000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB964C000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA2F8000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB8729000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA278000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xA45B8000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB96AC000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB962C000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB0B5B000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xBA0F8000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB1C51000 C:\WINDOWS\System32\Drivers\tcusb.sys 36864 bytes (UPEK Inc., TouchChip USB Kernel Driver)
0xB8709000 C:\WINDOWS\system32\DRIVERS\tvtfilter.sys 36864 bytes (Lenovo, Rescue and Recovery filter driver)
0xB0B3B000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA338000 ApsHM86.sys 32768 bytes (Lenovo., ThinkVantage Active Protection System HID Digitizer Activity Monitor Driver)
0xBA478000 C:\WINDOWS\system32\DRIVERS\atmeltpm.sys 32768 bytes (Atmel, Inc., Atmel TPM Driver)
0xBA408000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xB0CD2000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA460000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA388000 C:\WINDOWS\system32\DRIVERS\btport.sys 28672 bytes (Broadcom Corporation., Bluetooth BTPORT Driver for Windows 2000)
0xB0C9A000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xB12B2000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB0CC2000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 28672 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xBA4B0000 C:\WINDOWS\system32\DRIVERS\Tvti2c.sys 28672 bytes (Lenovo (United States) Inc., SMBUS Driver)
0xB12BA000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
0xBA480000 C:\WINDOWS\system32\drivers\iviaspi.sys 24576 bytes (InterVideo, Inc., InterVideo ASPI Shell)
0xBA468000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA470000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xAB119000 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A616C6A6-F7D7-4383-8265-93DFAAF25B44}\MpKsl4cadea32.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0xAABB9000 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A616C6A6-F7D7-4383-8265-93DFAAF25B44}\MpKslc0b68be0.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0xBA4A8000 C:\WINDOWS\system32\DRIVERS\psadd.sys 24576 bytes (Lenovo (United States) Inc., SMBIOS Driver)
0xB602C000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xBA458000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB12AA000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xAB109000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 20480 bytes (Cisco Systems, Inc., IEEE 802.1X Protocol Driver)
0xB3020000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA498000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA4A0000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA490000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB0CCA000 C:\WINDOWS\System32\drivers\Tppwrif.sys 20480 bytes
0xBA488000 C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys 20480 bytes (Lenovo Group Limited, TVT NDIS 5.1 Intermediate Miniport Filter Driver)
0xAB0F9000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xBA59C000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xB7838000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA5A0000 C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys 16384 bytes (Lenovo., ThinkPad Power Management Driver)
0xA5BEF000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0xB9C42000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB2DF3000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB2DEF000 C:\WINDOWS\system32\DRIVERS\s24trans.sys 16384 bytes (Intel Corporation, Intel WLAN Packet Driver)
0xB9C98000 C:\WINDOWS\system32\DRIVERS\SSLDrv.sys 16384 bytes (SonicWALL Inc., SonicWALL SSL-VPN NetExtender driver for Windows.)
0xBA4C4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xABF1D000 C:\WINDOWS\System32\drivers\ANC.SYS 12288 bytes (IBM Corp., IBM Access Connections - ANC)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xAA6B6000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB62D5000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xB9CB0000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB27FF000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB9CB8000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xB0D89000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5FC000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
0xB20E0000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xB0D8B000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5B2000 C:\WINDOWS\system32\Drivers\IBMBLDID.sys 8192 bytes
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB0D87000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xAFE28000 C:\WINDOWS\System32\drivers\pmemnt.sys 8192 bytes (Microsoft Corporation, Physical Memory Driver)
0xB0D85000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xB20DC000 C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys 8192 bytes (UPEK Inc., SMI helper driver)
0xBA5FE000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5FA000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA694000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xA972B000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xA972F000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB090E000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA671000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
Nothing detected
Rootkit log provided below.
RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB8038000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 6348800 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 101.33 )
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 5468160 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 101.33 )
0xB7D7C000 C:\WINDOWS\system32\DRIVERS\NETw4x32.sys 2207744 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB4337000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 991232 bytes (Conexant Systems, Inc., HSF_DP driver)
0xB7C5D000 C:\WINDOWS\system32\DRIVERS\btkrnl.sys 851968 bytes (Broadcom Corporation., Bluetooth Bus Enumerator)
0xB9E2F000 iaStor.sys 778240 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xB4284000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 733184 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xB9D43000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB7864000 C:\WINDOWS\system32\drivers\btaudio.sys 524288 bytes (Broadcom Corporation., Bluetooth Audio Device)
0xAF601000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB7BA7000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAFB1D000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA5A77000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xB4475000 C:\WINDOWS\system32\drivers\ADIHdAud.sys 319488 bytes (Analog Devices, Inc., High Definition Audio Function Driver)
0xBF549000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB7FE3000 C:\WINDOWS\system32\DRIVERS\e1e5132.sys 266240 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 5.2 deserialized driver)
0xA49F3000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB4429000 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 212992 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xB7C05000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA5C5F000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9D16000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB7D50000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 180224 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x99A7B000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xAF671000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB7F97000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xAFAF5000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB30E6000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0xB9F05000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xAFACF000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB7840000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB7FBF000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB7D2D000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA503E000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xAFAAD000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xAFA0C000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 135168 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9E0F000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F2B000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9F4A000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xB9CFA000 Apsx86.sys 114688 bytes (Lenovo., Shockproof Disk Driver)
0xB9CE0000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB445D000 C:\WINDOWS\system32\drivers\AEAudio.sys 98304 bytes (Andrea Electronics Corporation, Audio Noise Filtering Driver (32-bit))
0xB9EED000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA5DBA000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)
0xB9DD0000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB7C46000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA5DD2000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xA5DA4000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xB9DE7000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0xA52D1000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB8024000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAFB76000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9DFD000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB7C35000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB5F89000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB967C000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA138000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA108000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB0B0B000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xB8739000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB966C000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA555F000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA1B8000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA118000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB969C000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xB965C000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB963C000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xAA87E000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB968C000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB964C000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA2F8000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB8729000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA278000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xA45B8000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB96AC000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB962C000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB0B5B000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xBA0F8000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB1C51000 C:\WINDOWS\System32\Drivers\tcusb.sys 36864 bytes (UPEK Inc., TouchChip USB Kernel Driver)
0xB8709000 C:\WINDOWS\system32\DRIVERS\tvtfilter.sys 36864 bytes (Lenovo, Rescue and Recovery filter driver)
0xB0B3B000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA338000 ApsHM86.sys 32768 bytes (Lenovo., ThinkVantage Active Protection System HID Digitizer Activity Monitor Driver)
0xBA478000 C:\WINDOWS\system32\DRIVERS\atmeltpm.sys 32768 bytes (Atmel, Inc., Atmel TPM Driver)
0xBA408000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xB0CD2000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA460000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA388000 C:\WINDOWS\system32\DRIVERS\btport.sys 28672 bytes (Broadcom Corporation., Bluetooth BTPORT Driver for Windows 2000)
0xB0C9A000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xB12B2000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB0CC2000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 28672 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xBA4B0000 C:\WINDOWS\system32\DRIVERS\Tvti2c.sys 28672 bytes (Lenovo (United States) Inc., SMBUS Driver)
0xB12BA000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
0xBA480000 C:\WINDOWS\system32\drivers\iviaspi.sys 24576 bytes (InterVideo, Inc., InterVideo ASPI Shell)
0xBA468000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA470000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xAB119000 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A616C6A6-F7D7-4383-8265-93DFAAF25B44}\MpKsl4cadea32.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0xAABB9000 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A616C6A6-F7D7-4383-8265-93DFAAF25B44}\MpKslc0b68be0.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0xBA4A8000 C:\WINDOWS\system32\DRIVERS\psadd.sys 24576 bytes (Lenovo (United States) Inc., SMBIOS Driver)
0xB602C000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xBA458000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB12AA000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xAB109000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 20480 bytes (Cisco Systems, Inc., IEEE 802.1X Protocol Driver)
0xB3020000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA498000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA4A0000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA490000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB0CCA000 C:\WINDOWS\System32\drivers\Tppwrif.sys 20480 bytes
0xBA488000 C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys 20480 bytes (Lenovo Group Limited, TVT NDIS 5.1 Intermediate Miniport Filter Driver)
0xAB0F9000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xBA59C000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xB7838000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA5A0000 C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys 16384 bytes (Lenovo., ThinkPad Power Management Driver)
0xA5BEF000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0xB9C42000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB2DF3000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB2DEF000 C:\WINDOWS\system32\DRIVERS\s24trans.sys 16384 bytes (Intel Corporation, Intel WLAN Packet Driver)
0xB9C98000 C:\WINDOWS\system32\DRIVERS\SSLDrv.sys 16384 bytes (SonicWALL Inc., SonicWALL SSL-VPN NetExtender driver for Windows.)
0xBA4C4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xABF1D000 C:\WINDOWS\System32\drivers\ANC.SYS 12288 bytes (IBM Corp., IBM Access Connections - ANC)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xAA6B6000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB62D5000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xB9CB0000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB27FF000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB9CB8000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xB0D89000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5FC000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
0xB20E0000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xB0D8B000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5B2000 C:\WINDOWS\system32\Drivers\IBMBLDID.sys 8192 bytes
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB0D87000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xAFE28000 C:\WINDOWS\System32\drivers\pmemnt.sys 8192 bytes (Microsoft Corporation, Physical Memory Driver)
0xB0D85000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xB20DC000 C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys 8192 bytes (UPEK Inc., SMI helper driver)
0xBA5FE000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5FA000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA694000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xA972B000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xA972F000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB090E000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA671000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
Nothing detected
#37
- Bleepin' curls!
-
- Group: Malware Response Team
- Posts: 7,857
- Joined: 09-November 08
- Gender:Not Telling
- Location:Canada
Posted 04 September 2011 - 05:52 PM
What are the outstanding issues?
It would appear the machine is clean of malware
It would appear the machine is clean of malware
The help you receive here is free. If you wish to show your appreciation, then you may
Microsoft MVP - 2010, 2011
Microsoft MVP - 2010, 2011
#38
- Bleepin' curls!
-
- Group: Malware Response Team
- Posts: 7,857
- Joined: 09-November 08
- Gender:Not Telling
- Location:Canada
Posted 10 September 2011 - 05:46 PM
Due to the lack of feedback, this topic is now closed.
In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
The help you receive here is free. If you wish to show your appreciation, then you may
Microsoft MVP - 2010, 2011
Microsoft MVP - 2010, 2011
