Jump to content

Rootkit infection


sebdmd

Recommended Posts

Can someone please help me identify the rootkit driver?

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2011/10/12 10:35

Program Version: Version 1.3.5.0

Windows Version: Windows XP Media Center Edition SP3

==================================================

Drivers

-------------------

Name: 00000975

Image Path: \Driver\00000975

Address: 0x00000000 Size: 0 File Visible: No Signed: -

Status: -

Name: 1394BUS.SYS

Image Path: C:\WINDOWS\System32\DRIVERS\1394BUS.SYS

Address: 0xF77CF000 Size: 57344 File Visible: - Signed: -

Status: -

Name: ACPI.sys

Image Path: ACPI.sys

Address: 0xF7760000 Size: 187776 File Visible: - Signed: -

Status: -

Name: ACPI_HAL

Image Path: \Driver\ACPI_HAL

Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -

Status: -

Name: afd.sys

Image Path: C:\WINDOWS\System32\drivers\afd.sys

Address: 0xF137D000 Size: 138496 File Visible: - Signed: -

Status: -

Name: agp440.sys

Image Path: agp440.sys

Address: 0xF781F000 Size: 42368 File Visible: - Signed: -

Status: -

Name: AGRSM.sys

Image Path: C:\WINDOWS\System32\DRIVERS\AGRSM.sys

Address: 0xF697E000 Size: 1171648 File Visible: - Signed: -

Status: -

Name: arp1394.sys

Image Path: C:\WINDOWS\System32\DRIVERS\arp1394.sys

Address: 0xF78FF000 Size: 60800 File Visible: - Signed: -

Status: -

Name: atapi.sys

Image Path: atapi.sys

Address: 0xF76F2000 Size: 96512 File Visible: - Signed: -

Status: -

Name: ATMFD.DLL

Image Path: C:\WINDOWS\System32\ATMFD.DLL

Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -

Status: -

Name: audstub.sys

Image Path: C:\WINDOWS\System32\DRIVERS\audstub.sys

Address: 0xF7D86000 Size: 3072 File Visible: - Signed: -

Status: -

Name: Beep.SYS

Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS

Address: 0xF7CF1000 Size: 4224 File Visible: - Signed: -

Status: -

Name: BOOTVID.dll

Image Path: C:\WINDOWS\system32\BOOTVID.dll

Address: 0xF7BBF000 Size: 12288 File Visible: - Signed: -

Status: -

Name: Cdfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS

Address: 0xB1DB5000 Size: 63744 File Visible: - Signed: -

Status: -

Name: cdrom.sys

Image Path: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Address: 0xF78CF000 Size: 62976 File Visible: - Signed: -

Status: -

Name: CLASSPNP.SYS

Image Path: C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS

Address: 0xF780F000 Size: 53248 File Visible: - Signed: -

Status: -

Name: COMMONFX.SYS

Image Path: C:\WINDOWS\System32\drivers\COMMONFX.SYS

Address: 0xF15F2000 Size: 110592 File Visible: - Signed: -

Status: -

Name: ctac32k.sys

Image Path: C:\WINDOWS\system32\drivers\ctac32k.sys

Address: 0xF160D000 Size: 638976 File Visible: - Signed: -

Status: -

Name: ctaud2k.sys

Image Path: C:\WINDOWS\system32\drivers\ctaud2k.sys

Address: 0xF6AF5000 Size: 513536 File Visible: - Signed: -

Status: -

Name: CTAUDFX.SYS

Image Path: C:\WINDOWS\System32\drivers\CTAUDFX.SYS

Address: 0xF1567000 Size: 569344 File Visible: - Signed: -

Status: -

Name: ctoss2k.sys

Image Path: C:\WINDOWS\system32\drivers\ctoss2k.sys

Address: 0xF6A9D000 Size: 212992 File Visible: - Signed: -

Status: -

Name: ctprxy2k.sys

Image Path: C:\WINDOWS\system32\drivers\ctprxy2k.sys

Address: 0xF7B1F000 Size: 32768 File Visible: - Signed: -

Status: -

Name: CTSBLFX.SYS

Image Path: C:\WINDOWS\System32\drivers\CTSBLFX.SYS

Address: 0xF14D9000 Size: 581632 File Visible: - Signed: -

Status: -

Name: ctsfm2k.sys

Image Path: C:\WINDOWS\system32\drivers\ctsfm2k.sys

Address: 0xF16A9000 Size: 167936 File Visible: - Signed: -

Status: -

Name: disk.sys

Image Path: disk.sys

Address: 0xF77FF000 Size: 36352 File Visible: - Signed: -

Status: -

Name: DMICall.sys

Image Path: C:\WINDOWS\System32\DRIVERS\DMICall.sys

Address: 0xF7F00000 Size: 3552 File Visible: - Signed: -

Status: -

Name: dmio.sys

Image Path: dmio.sys

Address: 0xF770A000 Size: 153344 File Visible: - Signed: -

Status: -

Name: dmload.sys

Image Path: dmload.sys

Address: 0xF7CB3000 Size: 5888 File Visible: - Signed: -

Status: -

Name: drmk.sys

Image Path: C:\WINDOWS\system32\drivers\drmk.sys

Address: 0xF789F000 Size: 61440 File Visible: - Signed: -

Status: -

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xF0483000 Size: 98304 File Visible: No Signed: -

Status: -

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xF7CF9000 Size: 8192 File Visible: No Signed: -

Status: -

Name: Dxapi.sys

Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys

Address: 0xF687F000 Size: 12288 File Visible: - Signed: -

Status: -

Name: dxg.sys

Image Path: C:\WINDOWS\System32\drivers\dxg.sys

Address: 0xBF000000 Size: 73728 File Visible: - Signed: -

Status: -

Name: dxgthk.sys

Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys

Address: 0xF7E01000 Size: 4096 File Visible: - Signed: -

Status: -

Name: e1000325.sys

Image Path: C:\WINDOWS\System32\DRIVERS\e1000325.sys

Address: 0xF6C76000 Size: 121344 File Visible: - Signed: -

Status: -

Name: emupia2k.sys

Image Path: C:\WINDOWS\system32\drivers\emupia2k.sys

Address: 0xF16D2000 Size: 192512 File Visible: - Signed: -

Status: -

Name: Fastfat.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS

Address: 0xF049B000 Size: 143744 File Visible: - Signed: -

Status: -

Name: fdc.sys

Image Path: C:\WINDOWS\System32\DRIVERS\fdc.sys

Address: 0xF7B37000 Size: 27392 File Visible: - Signed: -

Status: -

Name: Fips.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS

Address: 0xF6DF0000 Size: 44544 File Visible: - Signed: -

Status: -

Name: flpydisk.sys

Image Path: C:\WINDOWS\System32\DRIVERS\flpydisk.sys

Address: 0xF7B77000 Size: 20480 File Visible: - Signed: -

Status: -

Name: fltmgr.sys

Image Path: fltmgr.sys

Address: 0xF76D2000 Size: 129792 File Visible: - Signed: -

Status: -

Name: Fs_Rec.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS

Address: 0xF7CEF000 Size: 7936 File Visible: - Signed: -

Status: -

Name: ftdisk.sys

Image Path: ftdisk.sys

Address: 0xF7730000 Size: 125056 File Visible: - Signed: -

Status: -

Name: gameenum.sys

Image Path: C:\WINDOWS\System32\DRIVERS\gameenum.sys

Address: 0xF7C77000 Size: 10624 File Visible: - Signed: -

Status: -

Name: GEARAspiWDM.sys

Image Path: C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

Address: 0xF7B3F000 Size: 21120 File Visible: - Signed: -

Status: -

Name: ha10kx2k.sys

Image Path: C:\WINDOWS\system32\drivers\ha10kx2k.sys

Address: 0xF1701000 Size: 1089536 File Visible: - Signed: -

Status: -

Name: hal.dll

Image Path: C:\WINDOWS\system32\hal.dll

Address: 0x806FF000 Size: 134400 File Visible: - Signed: -

Status: -

Name: HPZid412.sys

Image Path: C:\WINDOWS\System32\DRIVERS\HPZid412.sys

Address: 0xF136D000 Size: 49920 File Visible: - Signed: -

Status: -

Name: HPZipr12.sys

Image Path: C:\WINDOWS\System32\DRIVERS\HPZipr12.sys

Address: 0xF696E000 Size: 16224 File Visible: - Signed: -

Status: -

Name: HPZius12.sys

Image Path: C:\WINDOWS\System32\DRIVERS\HPZius12.sys

Address: 0xF7A67000 Size: 21568 File Visible: - Signed: -

Status: -

Name: HTTP.sys

Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys

Address: 0xB1714000 Size: 265728 File Visible: - Signed: -

Status: -

Name: i8042prt.sys

Image Path: C:\WINDOWS\System32\DRIVERS\i8042prt.sys

Address: 0xF78AF000 Size: 52480 File Visible: - Signed: -

Status: -

Name: imapi.sys

Image Path: C:\WINDOWS\System32\DRIVERS\imapi.sys

Address: 0xF78BF000 Size: 42112 File Visible: - Signed: -

Status: -

Name: intelppm.sys

Image Path: C:\WINDOWS\System32\DRIVERS\intelppm.sys

Address: 0xF787F000 Size: 36352 File Visible: - Signed: -

Status: -

Name: ip6fw.sys

Image Path: C:\WINDOWS\system32\drivers\ip6fw.sys

Address: 0xF791F000 Size: 36608 File Visible: - Signed: -

Status: -

Name: ipnat.sys

Image Path: C:\WINDOWS\System32\DRIVERS\ipnat.sys

Address: 0xF13D7000 Size: 152832 File Visible: - Signed: -

Status: -

Name: ipsec.sys

Image Path: C:\WINDOWS\System32\DRIVERS\ipsec.sys

Address: 0xF14A6000 Size: 75264 File Visible: - Signed: -

Status: -

Name: isapnp.sys

Image Path: isapnp.sys

Address: 0xF77AF000 Size: 37248 File Visible: - Signed: -

Status: -

Name: kbdclass.sys

Image Path: C:\WINDOWS\System32\DRIVERS\kbdclass.sys

Address: 0xF7B27000 Size: 24576 File Visible: - Signed: -

Status: -

Name: KDCOM.DLL

Image Path: C:\WINDOWS\system32\KDCOM.DLL

Address: 0xF7CAF000 Size: 8192 File Visible: - Signed: -

Status: -

Name: kmixer.sys

Image Path: C:\WINDOWS\system32\drivers\kmixer.sys

Address: 0xB0298000 Size: 172416 File Visible: - Signed: -

Status: -

Name: ks.sys

Image Path: C:\WINDOWS\System32\DRIVERS\ks.sys

Address: 0xF6B73000 Size: 143360 File Visible: - Signed: -

Status: -

Name: KSecDD.sys

Image Path: KSecDD.sys

Address: 0xF76A9000 Size: 92928 File Visible: - Signed: -

Status: -

Name: mfehidk.sys

Image Path: C:\WINDOWS\system32\drivers\mfehidk.sys

Address: 0xF04E7000 Size: 207936 File Visible: - Signed: -

Status: -

Name: mnmdd.SYS

Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS

Address: 0xF7CF3000 Size: 4224 File Visible: - Signed: -

Status: -

Name: Modem.SYS

Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS

Address: 0xF7B47000 Size: 30080 File Visible: - Signed: -

Status: -

Name: mouclass.sys

Image Path: C:\WINDOWS\System32\DRIVERS\mouclass.sys

Address: 0xF7B2F000 Size: 23040 File Visible: - Signed: -

Status: -

Name: MountMgr.sys

Image Path: MountMgr.sys

Address: 0xF77DF000 Size: 42368 File Visible: - Signed: -

Status: -

Name: mrxdav.sys

Image Path: C:\WINDOWS\System32\DRIVERS\mrxdav.sys

Address: 0xB1F7C000 Size: 180608 File Visible: - Signed: -

Status: -

Name: mrxsmb.sys

Image Path: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys

Address: 0xF051A000 Size: 458752 File Visible: - Signed: -

Status: -

Name: mrxsmb.sys

Image Path: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys

Address: 0xF793F000 Size: 57344 File Visible: - Signed: -

Status: Hidden from the Windows API!

Name: Msfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS

Address: 0xF7B8F000 Size: 19072 File Visible: - Signed: -

Status: -

Name: msgpc.sys

Image Path: C:\WINDOWS\System32\DRIVERS\msgpc.sys

Address: 0xF6E30000 Size: 35072 File Visible: - Signed: -

Status: -

Name: mssmbios.sys

Image Path: C:\WINDOWS\System32\DRIVERS\mssmbios.sys

Address: 0xF7CA3000 Size: 15488 File Visible: - Signed: -

Status: -

Name: Mup.sys

Image Path: Mup.sys

Address: 0xF75D5000 Size: 105344 File Visible: - Signed: -

Status: -

Name: NDIS.sys

Image Path: NDIS.sys

Address: 0xF75EF000 Size: 182656 File Visible: - Signed: -

Status: -

Name: ndistapi.sys

Image Path: C:\WINDOWS\System32\DRIVERS\ndistapi.sys

Address: 0xF7C8B000 Size: 10112 File Visible: - Signed: -

Status: -

Name: ndisuio.sys

Image Path: C:\WINDOWS\System32\DRIVERS\ndisuio.sys

Address: 0xF1409000 Size: 14592 File Visible: - Signed: -

Status: -

Name: ndiswan.sys

Image Path: C:\WINDOWS\System32\DRIVERS\ndiswan.sys

Address: 0xF693F000 Size: 91520 File Visible: - Signed: -

Status: -

Name: NDProxy.SYS

Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS

Address: 0xF6E00000 Size: 40576 File Visible: - Signed: -

Status: -

Name: netbios.sys

Image Path: C:\WINDOWS\System32\DRIVERS\netbios.sys

Address: 0xF790F000 Size: 34688 File Visible: - Signed: -

Status: -

Name: netbt.sys

Image Path: C:\WINDOWS\System32\DRIVERS\netbt.sys

Address: 0xF1425000 Size: 162816 File Visible: - Signed: -

Status: -

Name: nic1394.sys

Image Path: C:\WINDOWS\System32\DRIVERS\nic1394.sys

Address: 0xF784F000 Size: 61824 File Visible: - Signed: -

Status: -

Name: Npfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS

Address: 0xF7B97000 Size: 30848 File Visible: - Signed: -

Status: -

Name: Ntfs.sys

Image Path: Ntfs.sys

Address: 0xF761C000 Size: 574976 File Visible: - Signed: -

Status: -

Name: ntoskrnl.exe

Image Path: C:\WINDOWS\system32\ntoskrnl.exe

Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -

Status: -

Name: Null.SYS

Image Path: C:\WINDOWS\System32\Drivers\Null.SYS

Address: 0xF7DF1000 Size: 2944 File Visible: - Signed: -

Status: -

Name: nv4_disp.dll

Image Path: C:\WINDOWS\System32\nv4_disp.dll

Address: 0xBF012000 Size: 3923968 File Visible: - Signed: -

Status: -

Name: nv4_mini.sys

Image Path: C:\WINDOWS\System32\DRIVERS\nv4_mini.sys

Address: 0xF6CA8000 Size: 1277632 File Visible: - Signed: -

Status: -

Name: ohci1394.sys

Image Path: ohci1394.sys

Address: 0xF77BF000 Size: 61696 File Visible: - Signed: -

Status: -

Name: PartMgr.sys

Image Path: PartMgr.sys

Address: 0xF7A37000 Size: 19712 File Visible: - Signed: -

Status: -

Name: pci.sys

Image Path: pci.sys

Address: 0xF774F000 Size: 68224 File Visible: - Signed: -

Status: -

Name: pciide.sys

Image Path: pciide.sys

Address: 0xF7D77000 Size: 3328 File Visible: - Signed: -

Status: -

Name: PCIIDEX.SYS

Image Path: C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS

Address: 0xF7A2F000 Size: 28672 File Visible: - Signed: -

Status: -

Name: pnarp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\pnarp.sys

Address: 0xF7ACF000 Size: 18688 File Visible: - Signed: -

Status: -

Name: PnpManager

Image Path: \Driver\PnpManager

Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -

Status: -

Name: portcls.sys

Image Path: C:\WINDOWS\system32\drivers\portcls.sys

Address: 0xF6AD1000 Size: 147456 File Visible: - Signed: -

Status: -

Name: psched.sys

Image Path: C:\WINDOWS\System32\DRIVERS\psched.sys

Address: 0xF692E000 Size: 69120 File Visible: - Signed: -

Status: -

Name: ptilink.sys

Image Path: C:\WINDOWS\System32\DRIVERS\ptilink.sys

Address: 0xF7B57000 Size: 17792 File Visible: - Signed: -

Status: -

Name: purendis.sys

Image Path: C:\WINDOWS\system32\DRIVERS\purendis.sys

Address: 0xF7AD7000 Size: 19968 File Visible: - Signed: -

Status: -

Name: PxHelp20.sys

Image Path: PxHelp20.sys

Address: 0xF7A3F000 Size: 16512 File Visible: - Signed: -

Status: -

Name: rasacd.sys

Image Path: C:\WINDOWS\System32\DRIVERS\rasacd.sys

Address: 0xF7C43000 Size: 8832 File Visible: - Signed: -

Status: -

Name: rasl2tp.sys

Image Path: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys

Address: 0xF6E60000 Size: 51328 File Visible: - Signed: -

Status: -

Name: raspppoe.sys

Image Path: C:\WINDOWS\System32\DRIVERS\raspppoe.sys

Address: 0xF6E50000 Size: 41472 File Visible: - Signed: -

Status: -

Name: raspptp.sys

Image Path: C:\WINDOWS\System32\DRIVERS\raspptp.sys

Address: 0xF6E40000 Size: 48384 File Visible: - Signed: -

Status: -

Name: raspti.sys

Image Path: C:\WINDOWS\System32\DRIVERS\raspti.sys

Address: 0xF7B5F000 Size: 16512 File Visible: - Signed: -

Status: -

Name: RAW

Image Path: \FileSystem\RAW

Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -

Status: -

Name: rdbss.sys

Image Path: C:\WINDOWS\System32\DRIVERS\rdbss.sys

Address: 0xF12B2000 Size: 175744 File Visible: - Signed: -

Status: -

Name: RDPCDD.sys

Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys

Address: 0xF7CF5000 Size: 4224 File Visible: - Signed: -

Status: -

Name: rdpdr.sys

Image Path: C:\WINDOWS\System32\DRIVERS\rdpdr.sys

Address: 0xF68FE000 Size: 196224 File Visible: - Signed: -

Status: -

Name: redbook.sys

Image Path: C:\WINDOWS\System32\DRIVERS\redbook.sys

Address: 0xF6E70000 Size: 57600 File Visible: - Signed: -

Status: -

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xB0BD1000 Size: 49152 File Visible: No Signed: -

Status: -

Name: smrt.sys

Image Path: C:\WINDOWS\System32\DRIVERS\smrt.sys

Address: 0xF6B96000 Size: 766208 File Visible: - Signed: -

Status: -

Name: SonyLSM.sys

Image Path: SonyLSM.sys

Address: 0xF7CB5000 Size: 4736 File Visible: - Signed: -

Status: -

Name: sr.sys

Image Path: sr.sys

Address: 0xF76C0000 Size: 73472 File Visible: - Signed: -

Status: -

Name: srv.sys

Image Path: C:\WINDOWS\System32\DRIVERS\srv.sys

Address: 0xB1E35000 Size: 353792 File Visible: - Signed: -

Status: -

Name: STREAM.SYS

Image Path: C:\WINDOWS\System32\DRIVERS\STREAM.SYS

Address: 0xF788F000 Size: 53248 File Visible: - Signed: -

Status: -

Name: swenum.sys

Image Path: C:\WINDOWS\System32\DRIVERS\swenum.sys

Address: 0xF7CDF000 Size: 4352 File Visible: - Signed: -

Status: -

Name: sysaudio.sys

Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys

Address: 0xB1EFC000 Size: 60800 File Visible: - Signed: -

Status: -

Name: tcpip.sys

Image Path: C:\WINDOWS\System32\DRIVERS\tcpip.sys

Address: 0xF144D000 Size: 361600 File Visible: - Signed: -

Status: -

Name: tcpip6.sys

Image Path: C:\WINDOWS\system32\DRIVERS\tcpip6.sys

Address: 0xF139F000 Size: 226880 File Visible: - Signed: -

Status: -

Name: TDI.SYS

Image Path: C:\WINDOWS\System32\DRIVERS\TDI.SYS

Address: 0xF7B4F000 Size: 20480 File Visible: - Signed: -

Status: -

Name: termdd.sys

Image Path: C:\WINDOWS\System32\DRIVERS\termdd.sys

Address: 0xF6E20000 Size: 40704 File Visible: - Signed: -

Status: -

Name: tunmp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\tunmp.sys

Address: 0xF7C6F000 Size: 12288 File Visible: - Signed: -

Status: -

Name: update.sys

Image Path: C:\WINDOWS\System32\DRIVERS\update.sys

Address: 0xF68A0000 Size: 384768 File Visible: - Signed: -

Status: -

Name: usbccgp.sys

Image Path: C:\WINDOWS\System32\DRIVERS\usbccgp.sys

Address: 0xF7BB7000 Size: 32128 File Visible: - Signed: -

Status: -

Name: USBD.SYS

Image Path: C:\WINDOWS\System32\DRIVERS\USBD.SYS

Address: 0xF7CE7000 Size: 8192 File Visible: - Signed: -

Status: -

Name: usbhub.sys

Image Path: C:\WINDOWS\System32\DRIVERS\usbhub.sys

Address: 0xF6DE0000 Size: 59520 File Visible: - Signed: -

Status: -

Name: USBPORT.SYS

Image Path: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS

Address: 0xF6C52000 Size: 147456 File Visible: - Signed: -

Status: -

Name: usbprint.sys

Image Path: C:\WINDOWS\System32\DRIVERS\usbprint.sys

Address: 0xF7B9F000 Size: 25856 File Visible: - Signed: -

Status: -

Name: usbscan.sys

Image Path: C:\WINDOWS\System32\DRIVERS\usbscan.sys

Address: 0xF6976000 Size: 15104 File Visible: - Signed: -

Status: -

Name: USBSTOR.SYS

Image Path: C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS

Address: 0xF7BAF000 Size: 26368 File Visible: - Signed: -

Status: -

Name: usbuhci.sys

Image Path: C:\WINDOWS\System32\DRIVERS\usbuhci.sys

Address: 0xF7B17000 Size: 20608 File Visible: - Signed: -

Status: -

Name: vga.sys

Image Path: C:\WINDOWS\System32\drivers\vga.sys

Address: 0xF7B87000 Size: 20992 File Visible: - Signed: -

Status: -

Name: VIDEOPRT.SYS

Image Path: C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS

Address: 0xF6C94000 Size: 81920 File Visible: - Signed: -

Status: -

Name: VolSnap.sys

Image Path: VolSnap.sys

Address: 0xF77EF000 Size: 52352 File Visible: - Signed: -

Status: -

Name: wanarp.sys

Image Path: C:\WINDOWS\System32\DRIVERS\wanarp.sys

Address: 0xF78EF000 Size: 34560 File Visible: - Signed: -

Status: -

Name: watchdog.sys

Image Path: C:\WINDOWS\System32\watchdog.sys

Address: 0xF7AB7000 Size: 20480 File Visible: - Signed: -

Status: -

Name: wdmaud.sys

Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys

Address: 0xB14CF000 Size: 83072 File Visible: - Signed: -

Status: -

Name: Win32k

Image Path: \Driver\Win32k

Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -

Status: -

Name: win32k.sys

Image Path: C:\WINDOWS\System32\win32k.sys

Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -

Status: -

Name: WMILIB.SYS

Image Path: C:\WINDOWS\System32\DRIVERS\WMILIB.SYS

Address: 0xF7CB1000 Size: 8192 File Visible: - Signed: -

Status: -

Name: WMIxWDM

Image Path: \Driver\WMIxWDM

Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -

Status: -

Thank you.

Link to post
Share on other sites

Thank you for your help. I am unable to run MBAM but I understand this is not uncommon with a rootkit. Below is the DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Sean at 18:54:39 on 2011-10-14

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.591 [GMT -4:00]

.

AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Creative\Shared Files\CTAudSvc.exe

C:\WINDOWS\3634473211:72834599.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\ehome\ehSched.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe

C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe

C:\Program Files\SONY\sHotKey\sHotKey.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files\Pure Networks\Network Magic\nmapp.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\ezSP_Px.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

D:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mWinlogon: Userinit=c:\windows\system32\Userinit.exe

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

{555d4d79-4bd2-4094-a395-cfc534424a05}

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /installquiet

mRun: [ATIModeChange] Ati2mdxx.exe

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [sHotKey] "c:\program files\sony\shotkey\sHotKey.exe"

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"

mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash

mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe

mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"

mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [HP Software Update] d:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [startNowToolbarHelper] "c:\program files\startnow toolbar\ToolbarHelper.exe"

dRunOnce: [setDefaultMidi] MIDIDEF.EXE

dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - d:\program files\hp\digital imaging\bin\hpqtra08.exe

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

LSP: mswsock.dll

Trusted Zone: bankofamerica.com\onlineeast2

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277249972000

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {7A12449A-0E67-4C4E-A8E2-16C7A3A571AC} - hxxps://share.intelemage.com/EvenFlow/ctrl/StudyUploadTool.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://vpn.hvrsd.org/dana-cached/sc/JuniperSetupClient.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15108/CTPID.cab

TCP: DhcpNameServer = 192.168.1.1 68.87.64.150 68.87.75.198

TCP: Interfaces\{03F68658-3619-4D37-B562-0C1322C8D90A} : DhcpNameServer = 43.134.195.10

TCP: Interfaces\{A2A66F5A-2210-4D31-A821-042817F33265} : DhcpNameServer = 192.168.1.1 68.87.64.150 68.87.75.198

Filter: text/html - {edb47484-7bc7-454a-bbfc-52693579a1ba} -

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll

LSA: Notification Packages = scecli modmcr.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SonyLSM;LED State Service;c:\windows\system32\drivers\SonyLSM.sys [2003-9-16 4736]

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-4-26 214664]

R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-7-27 267488]

R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]

R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]

R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-12 136176]

S2 mrtRate;mrtRate; [x]

S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-8-12 79360]

S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]

S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]

S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]

S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-12 136176]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-26 79816]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-26 35272]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-26 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-26 40552]

.

=============== Created Last 30 ================

.

2011-10-12 14:16:14 -------- d-----w- c:\documents and settings\sean\local settings\application data\WinZip

2011-10-12 11:55:42 -------- dc----w- C:\MATS

2011-10-12 00:40:50 -------- d-----w- c:\program files\StartNow Toolbar

2011-10-12 00:04:10 -------- d-----w- c:\documents and settings\sean\application data\PC Cleaners

2011-10-12 00:04:07 5359888 ----a-w- c:\windows\uninst.exe

2011-10-12 00:04:00 -------- d-----w- c:\documents and settings\all users\application data\PC1Data

2011-10-11 02:04:28 -------- d-----w- c:\documents and settings\sean\application data\ElevatedDiagnostics

2011-10-11 01:45:51 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-11 01:43:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-10 03:29:02 -------- d-----w- c:\documents and settings\all users\application data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}

2011-10-10 01:11:22 -------- d-----w- c:\documents and settings\sean\local settings\application data\PackageAware

2011-10-08 18:01:24 -------- d-----w- c:\documents and settings\sean\application data\Sammsoft

2011-09-21 02:19:10 -------- d-----w- c:\documents and settings\sean\local settings\application data\Citrix

2011-09-21 02:19:08 -------- d-----w- c:\documents and settings\sean\application data\ICAClient

.

==================== Find3M ====================

.

.

============= FINISH: 18:55:39.90 ===============

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.