Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Rootkit.Agent str.sys

Started by frankie4dita , Sep 01 2009 02:24 AM

  • Please log in to reply

#1
frankie4dita
Posted 01 September 2009 - 02:24 AM

frankie4dita

    New Member

  • Member
  • Pip
  • 2 posts
Hi,
MBAM found this rootkit, and when trying to remove it every time I reboot and run a scan with MBAM it always finds it again. Could you please help me?
The logs of RootRepeal, OTL, and MBAM follow:
(When I start RootRepeal it tells me "could not read the boot sector. try adjusting the disk access level in the options dialog.", but I can run the scan and save the log)

Thanks,
Alessandro


-----------------OTL-------------------------------
OTL logfile created on: 01/09/2009 10.12.41 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = D:\Download
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 144,17 Gb Total Space | 129,67 Gb Free Space | 89,94% Space Free | Partition Type: NTFS
Drive D: | 144,15 Gb Total Space | 113,56 Gb Free Space | 78,77% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NB-NINI
Current User Name: Alessandro
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2007/04/01 09.02.36 | 00,273,256 | ---- | M] (Broadcom Corporation.) -- C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2008/04/14 06.00.00 | 01,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/05/07 17.41.12 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Programmi\Intel\Intel Matrix Storage Manager\iaanotif.exe
PRC - [2008/04/06 22.42.36 | 00,034,040 | ---- | M] () -- C:\Programmi\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
PRC - [2008/06/17 19.34.14 | 00,150,040 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxtray.exe
PRC - [2008/06/17 19.33.48 | 00,170,520 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2008/06/17 19.34.02 | 00,141,848 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2008/06/17 19.34.08 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe
PRC - [2009/08/04 01.09.36 | 03,724,800 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Programmi\Acer\Acer Bio Protection\PdtWzd.exe
PRC - [2008/01/25 01.22.04 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programmi\Apoint2K\Apoint.exe
PRC - [2009/08/04 01.27.18 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG8\avgwdsvc.exe
PRC - [2007/09/12 23.40.38 | 00,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programmi\Apoint2K\ApMsgFwd.exe
PRC - [2008/05/16 23.39.00 | 16,862,720 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2006/09/09 00.10.22 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programmi\Apoint2K\HidFind.exe
PRC - [2007/10/26 02.23.36 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programmi\Apoint2K\Apntex.exe
PRC - [2008/03/03 13.11.14 | 00,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programmi\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
PRC - [2009/08/04 01.09.52 | 04,185,384 | ---- | M] () -- C:\Programmi\Acer\Acer Bio Protection\PwdBank.exe
PRC - [2008/05/07 17.41.14 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Programmi\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008/07/08 18.18.40 | 00,466,944 | ---- | M] () -- C:\Programmi\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2009/08/04 01.09.44 | 03,566,080 | ---- | M] () -- C:\Programmi\Acer\Acer Bio Protection\BASVC.exe
PRC - [2008/06/10 00.36.14 | 00,870,920 | ---- | M] (Dritek System Inc.) -- C:\Programmi\Launch Manager\LManager.exe
PRC - [2009/09/01 09.31.56 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG8\avgtray.exe
PRC - [2007/01/04 19.48.50 | 00,112,152 | ---- | M] (InterVideo) -- C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2009/08/06 09.57.50 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\Java\jre6\bin\jqs.exe
PRC - [2009/08/06 09.57.50 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\Java\jre6\bin\jusched.exe
PRC - [2009/08/04 01.27.18 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG8\avgrsx.exe
PRC - [2009/08/04 01.27.18 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG8\avgnsx.exe
PRC - [2008/08/07 15.29.58 | 00,045,056 | ---- | M] (Acer Inc.) -- C:\Programmi\Acer\Empowering Technology\Framework.Launcher.exe
PRC - [2007/04/01 09.02.38 | 00,568,176 | ---- | M] (Broadcom Corporation.) -- C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/01/17 11.20.10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Programmi\File comuni\LightScribe\LSSrvc.exe
PRC - [2008/06/17 19.33.58 | 00,174,616 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxext.exe
PRC - [2008/04/06 22.42.24 | 00,050,424 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Programmi\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
PRC - [2008/04/04 03.03.14 | 00,131,072 | ---- | M] () -- C:\Programmi\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2007/02/13 01.43.44 | 00,065,536 | ---- | M] (O2Micro International) -- C:\Programmi\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2009/03/13 05.50.20 | 00,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programmi\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2009/09/01 10.04.16 | 00,212,992 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Alessandro\Impostazioni locali\Temp\RtkBtMnt.exe
PRC - [2007/07/24 11.15.14 | 00,185,632 | ---- | M] (Protexis Inc.) -- C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe
PRC - [2009/03/13 05.48.48 | 03,678,208 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programmi\PostgreSQL\8.3\bin\postgres.exe
PRC - [2009/03/13 05.48.48 | 03,678,208 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programmi\PostgreSQL\8.3\bin\postgres.exe
PRC - [2009/03/13 05.48.48 | 03,678,208 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programmi\PostgreSQL\8.3\bin\postgres.exe
PRC - [2009/03/13 05.48.48 | 03,678,208 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programmi\PostgreSQL\8.3\bin\postgres.exe
PRC - [2009/03/13 05.48.48 | 03,678,208 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programmi\PostgreSQL\8.3\bin\postgres.exe
PRC - [2009/03/13 05.48.48 | 03,678,208 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programmi\PostgreSQL\8.3\bin\postgres.exe
PRC - [2009/02/06 12.10.02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/02/06 12.10.02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008/04/14 06.00.00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2009/07/31 01.42.38 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Programmi\Mozilla Firefox\firefox.exe
PRC - [2009/08/03 13.36.10 | 01,295,632 | ---- | M] (Malwarebytes Corporation) -- C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/09/01 10.12.19 | 00,514,048 | ---- | M] (OldTimer Tools) -- D:\Download\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/07/25 11.16.40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/08/04 01.27.18 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2007/04/01 09.02.36 | 00,273,256 | ---- | M] (Broadcom Corporation.) -- C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
SRV - [2008/03/03 13.11.14 | 00,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programmi\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc [Auto | Running])
SRV - [2008/07/25 11.17.02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 21.10.04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/14 06.00.00 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/05/07 17.41.14 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Programmi\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON [Auto | Running])
SRV - [2008/07/29 19.24.50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/08/04 01.09.44 | 03,566,080 | ---- | M] () -- C:\Programmi\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC [Auto | Running])
SRV - [2007/01/04 19.48.50 | 00,112,152 | ---- | M] (InterVideo) -- C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr [Auto | Running])
SRV - [2009/08/06 09.57.50 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007/01/17 11.20.10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Programmi\File comuni\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2008/07/29 19.16.38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/04/06 22.42.24 | 00,050,424 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Programmi\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc [Auto | Running])
SRV - [2008/04/04 03.03.14 | 00,131,072 | ---- | M] () -- C:\Programmi\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc [Auto | Running])
SRV - [2007/02/13 01.43.44 | 00,065,536 | ---- | M] (O2Micro International) -- C:\Programmi\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash [Auto | Running])
SRV - File not found -- -- (odserv [On_Demand | Stopped])
SRV - File not found -- -- (ose [On_Demand | Stopped])
SRV - [2009/03/13 05.50.20 | 00,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programmi\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3 [Auto | Running])
SRV - [2007/07/24 11.15.14 | 00,185,632 | ---- | M] (Protexis Inc.) -- C:\Programmi\File comuni\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2 [Auto | Running])
SRV - [2006/04/14 10.04.54 | 00,087,840 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [On_Demand | Stopped])
SRV - [2006/11/02 22.56.50 | 00,918,528 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...travelmate_5730
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.it...it&source=iglk"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3789
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programmi\AVG\AVG8\Firefox [2009/08/04 01.27.18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/06 09.34.04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Programmi\Java\jre6\lib\deploy\jqs\ff [2009/08/06 09.57.50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2009/08/17 03.10.12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2009/08/06 09.57.54 | 00,000,000 | ---D | M]

[2009/08/04 01.19.58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alessandro\Dati applicazioni\mozilla\Extensions
[2009/08/04 01.19.58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alessandro\Dati applicazioni\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/01 09.47.34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alessandro\Dati applicazioni\mozilla\Firefox\Profiles\hqquhhpo.default\extensions
[2009/08/06 10.04.08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alessandro\Dati applicazioni\mozilla\Firefox\Profiles\hqquhhpo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/11 22.54.58 | 00,002,399 | ---- | M] () -- C:\Documents and Settings\Alessandro\Dati applicazioni\Mozilla\FireFox\Profiles\hqquhhpo.default\searchplugins\daemon-search.xml
[2009/09/01 10.04.59 | 00,000,000 | ---D | M] -- C:\Programmi\mozilla firefox\extensions
[2009/08/04 01.19.27 | 00,000,000 | ---D | M] -- C:\Programmi\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/16 14.46.35 | 00,000,000 | ---D | M] -- C:\Programmi\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/08/06 09.57.55 | 00,000,000 | ---D | M] -- C:\Programmi\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/07/31 01.42.38 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Programmi\mozilla firefox\components\browserdirprovider.dll
[2009/07/31 01.42.38 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Programmi\mozilla firefox\components\brwsrcmp.dll
[2009/08/06 09.57.50 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\mozilla firefox\plugins\npdeploytk.dll
[2009/07/31 01.42.39 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Programmi\mozilla firefox\plugins\npnul32.dll
[2008/10/14 21.33.30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Programmi\mozilla firefox\plugins\nppdf32.dll
[2009/07/31 01.42.37 | 00,001,534 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/31 00.06.07 | 00,001,412 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\demauro.xml
[2009/07/31 00.06.07 | 00,000,744 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\eBay-it.xml
[2009/07/31 01.42.37 | 00,002,371 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\google.xml
[2009/07/31 00.06.07 | 00,001,182 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\wikipedia-it.xml
[2009/07/31 00.06.07 | 00,000,649 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: (904 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 91.121.97.18 www.thepiratebay.org
O1 - Hosts: 91.121.97.18 thepiratebay.org
O1 - Hosts: 91.121.97.18 www.thepiratebay.org
O1 - Hosts: 91.121.97.18 thepiratebay.org
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Programmi\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AzMixerSel] C:\Programmi\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BkupTray] C:\Programmi\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.CPL (Microsoft Corporation)
O4 - HKLM..\Run: [Boot] C:\Programmi\Acer\Empowering Technology\ePower\Boot.exe ()
O4 - HKLM..\Run: [ePower_DMC] C:\Programmi\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
O4 - HKLM..\Run: [eRecoveryService] C:\Programmi\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Programmi\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Programmi\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [preload] C:\Windows\RUNXMLPL.exe (Wistron Corp.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Programmi\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programmi\DAEMON Tools Lite\daemon.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (reboot)] C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\Alessandro\Menu Avvio\Programmi\Esecuzione automatica\Windows Updater.lnk = C:\Documents and Settings\Alessandro\Impostazioni locali\Temp\JDstart.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Acer Empowering Technology.lnk = C:\Programmi\Acer\Empowering Technology\Framework.Launcher.exe (Acer Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\BTTray.lnk = C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programmi\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programmi\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valu...ashax/iefax.cab (Flash Casino Helper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Programmi\Acer\Acer Bio Protection\WinNotify.dll - C:\Programmi\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\spba: DllName - C:\Programmi\File comuni\SPBA\homefus2.dll - C:\Programmi\File comuni\SPBA\homefus2.dll (UPEK Inc.)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/08 23.15.02 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{288d97b2-4d42-11dd-9080-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{288d97b2-4d42-11dd-9080-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/09/01 10.10.07 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\lrbt.sys
[2009/09/01 09.49.09 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Alessandro\Desktop\settings.dat
[2009/09/01 09.48.55 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Alessandro\Desktop\RootRepeal.exe
[2009/09/01 09.27.30 | 31,466,29120 | -HS- | C] () -- C:\hiberfil.sys
[2009/09/01 09.17.40 | 00,213,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\str.sys
[2009/09/01 00.41.40 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump

========== Files - Modified Within 14 Days ==========

[2009/09/01 10.10.07 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\lrbt.sys
[2009/09/01 10.04.38 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/01 10.03.42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/01 10.03.34 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/01 10.03.26 | 31,466,29120 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/01 10.02.22 | 00,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2009/09/01 09.49.09 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Alessandro\Desktop\settings.dat
[2009/09/01 09.31.02 | 40,379,110 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/09/01 09.31.02 | 00,074,559 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/09/01 09.17.41 | 00,213,024 | ---- | M] () -- C:\WINDOWS\System32\drivers\str.sys
[2009/09/01 09.01.02 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/01 08.48.30 | 01,930,896 | -H-- | M] () -- C:\Documents and Settings\Alessandro\Impostazioni locali\Dati applicazioni\IconCache.db

========== LOP Check ==========

[2009/08/16 14.47.19 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Alessandro\Dati applicazioni
[2009/08/07 14.34.46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alessandro\Dati applicazioni\Azureus
[2009/08/07 17.40.49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alessandro\Dati applicazioni\Betfair
[2009/08/11 22.48.33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alessandro\Dati applicazioni\DAEMON Tools Lite
[2009/08/05 00.54.46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alessandro\Dati applicazioni\KeePass
[2009/08/07 15.27.20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alessandro\Dati applicazioni\MathWorks
[2009/08/07 00.37.43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alessandro\Dati applicazioni\Thinstall
[2009/08/16 14.46.22 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni
[2009/08/06 09.58.49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Azureus
[2009/08/04 01.14.56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Corel
[2009/08/11 22.55.09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\DAEMON Tools Lite
[2009/08/04 01.13.38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\eSobi
[2009/08/04 01.09.08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\UIB
[2008/04/14 06.00.00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/01 10.03.42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2008/04/14 06.00.00 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/14 06.00.00 | 00,187,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
< End of report >




-------------RootRepeal----------------------------------
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/01 10:15
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: 000015E6
Image Path: 000015E6
Address: 0x8992F000 Size: 41202 File Visible: No Signed: -
Status: -

Name: 000015E6
Image Path: 000015E6
Address: 0xA6044000 Size: 83072 File Visible: No Signed: -
Status: Hidden from the Windows API!

Name: 1394BUS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xBA0B8000 Size: 57344 File Visible: - Signed: -
Status: -

Name: ABP480N5.SYS
Image Path: ABP480N5.SYS
Address: 0xBA370000 Size: 23552 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xB9E60000 Size: 188416 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2154496 File Visible: - Signed: -
Status: -

Name: ACPIEC.sys
Image Path: ACPIEC.sys
Address: 0xBA4C4000 Size: 12160 File Visible: - Signed: -
Status: -

Name: adpu160m.sys
Image Path: adpu160m.sys
Address: 0xB9CEB000 Size: 101888 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xA7850000 Size: 138496 File Visible: - Signed: -
Status: -

Name: agp440.sys
Image Path: agp440.sys
Address: 0xBA1E8000 Size: 42368 File Visible: - Signed: -
Status: -

Name: agpCPQ.sys
Image Path: agpCPQ.sys
Address: 0xBA1F8000 Size: 44928 File Visible: - Signed: -
Status: -

Name: aha154x.sys
Image Path: aha154x.sys
Address: 0xBA4CC000 Size: 12800 File Visible: - Signed: -
Status: -

Name: aic78u2.sys
Image Path: aic78u2.sys
Address: 0xBA128000 Size: 55168 File Visible: - Signed: -
Status: -

Name: aic78xx.sys
Image Path: aic78xx.sys
Address: 0xBA0F8000 Size: 56960 File Visible: - Signed: -
Status: -

Name: AlfaFF.sys
Image Path: AlfaFF.sys
Address: 0xBA198000 Size: 35968 File Visible: - Signed: -
Status: -

Name: aliide.sys
Image Path: aliide.sys
Address: 0xBA5AC000 Size: 5248 File Visible: - Signed: -
Status: -

Name: alim1541.sys
Image Path: alim1541.sys
Address: 0xBA1C8000 Size: 42752 File Visible: - Signed: -
Status: -

Name: amdagp.sys
Image Path: amdagp.sys
Address: 0xBA1D8000 Size: 43008 File Visible: - Signed: -
Status: -

Name: amsint.sys
Image Path: amsint.sys
Address: 0xBA4D8000 Size: 12032 File Visible: - Signed: -
Status: -

Name: Apfiltr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
Address: 0xB9007000 Size: 180224 File Visible: - Signed: -
Status: -

Name: asc.sys
Image Path: asc.sys
Address: 0xBA340000 Size: 26496 File Visible: - Signed: -
Status: -

Name: asc3350p.sys
Image Path: asc3350p.sys
Address: 0xBA378000 Size: 22400 File Visible: - Signed: -
Status: -

Name: asc3550.sys
Image Path: asc3550.sys
Address: 0xBA4DC000 Size: 14848 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xB9D04000 Size: 98304 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0x00000000 Size: 0 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xBA7E3000 Size: 3072 File Visible: - Signed: -
Status: -

Name: avgldx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgldx86.sys
Address: 0xA75B3000 Size: 328576 File Visible: - Signed: -
Status: -

Name: avgmfx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Address: 0xBA418000 Size: 21120 File Visible: - Signed: -
Status: -

Name: avgtdix.sys
Image Path: C:\WINDOWS\System32\Drivers\avgtdix.sys
Address: 0xA78C0000 Size: 101888 File Visible: - Signed: -
Status: -

Name: b57xp32.sys
Image Path: C:\WINDOWS\system32\DRIVERS\b57xp32.sys
Address: 0xB93AB000 Size: 192512 File Visible: - Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\BATTC.SYS
Address: 0xBA4C0000 Size: 16384 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xBA5FA000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xBA4B8000 Size: 12288 File Visible: - Signed: -
Status: -

Name: btaudio.sys
Image Path: C:\WINDOWS\system32\drivers\btaudio.sys
Address: 0xA81F1000 Size: 522432 File Visible: - Signed: -
Status: -

Name: btkrnl.sys
Image Path: C:\WINDOWS\system32\DRIVERS\btkrnl.sys
Address: 0xB8DD0000 Size: 852288 File Visible: - Signed: -
Status: -

Name: btport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\btport.sys
Address: 0xBA3E0000 Size: 28256 File Visible: - Signed: -
Status: -

Name: cbidf2k.sys
Image Path: cbidf2k.sys
Address: 0xBA4E4000 Size: 13952 File Visible: - Signed: -
Status: -

Name: cd20xrnt.sys
Image Path: cd20xrnt.sys
Address: 0xBA5BA000 Size: 7680 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xA6F7B000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xB9B52000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xBA188000 Size: 53248 File Visible: - Signed: -
Status: -

Name: CmBatt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\CmBatt.sys
Address: 0xB9A91000 Size: 13952 File Visible: - Signed: -
Status: -

Name: cmdide.sys
Image Path: cmdide.sys
Address: 0xBA5B4000 Size: 6656 File Visible: - Signed: -
Status: -

Name: compbatt.sys
Image Path: compbatt.sys
Address: 0xBA4BC000 Size: 10240 File Visible: - Signed: -
Status: -

Name: cpqarray.sys
Image Path: cpqarray.sys
Address: 0xBA4C8000 Size: 14976 File Visible: - Signed: -
Status: -

Name: dac2w2k.sys
Image Path: dac2w2k.sys
Address: 0xB9CBF000 Size: 179584 File Visible: - Signed: -
Status: -

Name: dac960nt.sys
Image Path: dac960nt.sys
Address: 0xBA4D4000 Size: 14720 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xBA178000 Size: 36352 File Visible: - Signed: -
Status: -

Name: DKbFltr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
Address: 0xBA450000 Size: 17408 File Visible: - Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xB9DEC000 Size: 154240 File Visible: - Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xBA5B6000 Size: 5888 File Visible: - Signed: -
Status: -

Name: dpti2o.sys
Image Path: dpti2o.sys
Address: 0xBA380000 Size: 20192 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xBA258000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xA74BB000 Size: 851968 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xA75A7000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xBA6CE000 Size: 4096 File Visible: - Signed: -
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xA796D000 Size: 143744 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xBA308000 Size: 44672 File Visible: - Signed: -
Status: -

Name: fltMgr.sys
Image Path: fltMgr.sys
Address: 0xB9C9F000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xBA5F6000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xB9E12000 Size: 125824 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E5000 Size: 134400 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xB93DA000 Size: 163840 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xBA458000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hpn.sys
Image Path: hpn.sys
Address: 0xBA390000 Size: 25952 File Visible: - Signed: -
Status: -

Name: HSF_CNXT.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
Address: 0xA7A6F000 Size: 731136 File Visible: - Signed: -
Status: -

Name: HSF_DPV.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
Address: 0xA7B22000 Size: 988032 File Visible: - Signed: -
Status: -

Name: HSFHWAZL.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
Address: 0xA7C14000 Size: 210688 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA5A88000 Size: 264832 File Visible: - Signed: -
Status: -

Name: i2omgmt.SYS
Image Path: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Address: 0xB9A79000 Size: 8576 File Visible: - Signed: -
Status: -

Name: i2omp.sys
Image Path: i2omp.sys
Address: 0xBA350000 Size: 18560 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xB9B82000 Size: 53248 File Visible: - Signed: -
Status: -

Name: iaStor.sys
Image Path: iaStor.sys
Address: 0xB9D1C000 Size: 851968 File Visible: - Signed: -
Status: -

Name: iaStor.sys
Image Path: iaStor.sys
Address: 0x00000000 Size: 0 File Visible: - Signed: -
Status: -

Name: igxpdv32.DLL
Image Path: C:\WINDOWS\System32\igxpdv32.DLL
Address: 0xBF04F000 Size: 2146304 File Visible: - Signed: -
Status: -

Name: igxpdx32.DLL
Image Path: C:\WINDOWS\System32\igxpdx32.DLL
Address: 0xBF25B000 Size: 3174400 File Visible: - Signed: -
Status: -

Name: igxpgd32.dll
Image Path: C:\WINDOWS\System32\igxpgd32.dll
Address: 0xBF024000 Size: 176128 File Visible: - Signed: -
Status: -

Name: igxpmp32.sys
Image Path: C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
Address: 0xB943A000 Size: 6021184 File Visible: - Signed: -
Status: -

Name: igxprd32.dll
Image Path: C:\WINDOWS\System32\igxprd32.dll
Address: 0xBF012000 Size: 73728 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xB9B62000 Size: 42112 File Visible: - Signed: -
Status: -

Name: ini910u.sys
Image Path: ini910u.sys
Address: 0xBA4E0000 Size: 16000 File Visible: - Signed: -
Status: -

Name: int15.sys
Image Path: C:\WINDOWS\System32\drivers\int15.sys
Address: 0xA6790000 Size: 69632 File Visible: - Signed: -
Status: -

Name: IntcHdmi.sys
Image Path: C:\WINDOWS\system32\drivers\IntcHdmi.sys
Address: 0xA7A4F000 Size: 131072 File Visible: - Signed: -
Status: -

Name: intelide.sys
Image Path: intelide.sys
Address: 0xBA5AE000 Size: 5504 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xB9B32000 Size: 40448 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xA789A000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xA795A000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xBA0C8000 Size: 37504 File Visible: - Signed: -
Status: -

Name: iviaspi.sys
Image Path: C:\WINDOWS\system32\drivers\iviaspi.sys
Address: 0xB9A5D000 Size: 10368 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xBA460000 Size: 25088 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xBA5A8000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xA561D000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xB8EA1000 Size: 143360 File Visible: - Signed: -
Status: -

Name: ksecdd.sys
Image Path: C:\WINDOWS\system32\Drivers\ksecdd.sys
Address: 0xB9C76000 Size: 92288 File Visible: - Signed: -
Status: -

Name: mdmxsdk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Address: 0xA6492000 Size: 12672 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xBA5FE000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xBA3B8000 Size: 30208 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xBA4A8000 Size: 23552 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xBA0D8000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mraid35x.sys
Image Path: mraid35x.sys
Address: 0xBA348000 Size: 17280 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xA6C59000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xA7604000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xBA480000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xBA228000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xB9A99000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xB9BA2000 Size: 105344 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xB9BA2000 Size: 105344 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xB9BBC000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xB9ACE000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xA727B000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB8DB9000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xBA268000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xBA2F8000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xA7872000 Size: 162816 File Visible: - Signed: -
Status: -

Name: NETw5x32.sys
Image Path: C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
Address: 0xB9033000 Size: 3636864 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xBA490000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xB9BE9000 Size: 574976 File Visible: - Signed: -
Status: -

Name: NTIDrvr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
Address: 0xBA5D0000 Size: 7296 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2154496 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xBA715000 Size: 2944 File Visible: - Signed: -
Status: -

Name: o2media.sys
Image Path: C:\WINDOWS\system32\DRIVERS\o2media.sys
Address: 0xB9B92000 Size: 45312 File Visible: - Signed: -
Status: -

Name: o2sd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\o2sd.sys
Address: 0xBA318000 Size: 37632 File Visible: - Signed: -
Status: -

Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xBA0A8000 Size: 61696 File Visible: - Signed: -
Status: -

Name: OPRGHDLR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
Address: 0xBA671000 Size: 4096 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xBA330000 Size: 19712 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xB9E4F000 Size: 68736 File Visible: - Signed: -
Status: -

Name: PCI_PNP4932
Image Path: \Driver\PCI_PNP4932
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xBA670000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xBA328000 Size: 28672 File Visible: - Signed: -
Status: -

Name: pcmcia.sys
Image Path: pcmcia.sys
Address: 0xB9E31000 Size: 120448 File Visible: - Signed: -
Status: -

Name: perc2.sys
Image Path: perc2.sys
Address: 0xBA388000 Size: 27296 File Visible: - Signed: -
Status: -

Name: perc2hib.sys
Image Path: perc2hib.sys
Address: 0xBA5BC000 Size: 5504 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2154496 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xA81CD000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB8DA8000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xBA420000 Size: 17792 File Visible: - Signed: -
Status: -

Name: ql1080.sys
Image Path: ql1080.sys
Address: 0xBA148000 Size: 40320 File Visible: - Signed: -
Status: -

Name: ql10wnt.sys
Image Path: ql10wnt.sys
Address: 0xBA108000 Size: 33152 File Visible: - Signed: -
Status: -

Name: ql12160.sys
Image Path: ql12160.sys
Address: 0xBA168000 Size: 45312 File Visible: - Signed: -
Status: -

Name: ql1240.sys
Image Path: ql1240.sys
Address: 0xBA118000 Size: 40448 File Visible: - Signed: -
Status: -

Name: ql1280.sys
Image Path: ql1280.sys
Address: 0xBA158000 Size: 49024 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xB8D12000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xB9B22000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xB9B12000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xB9B02000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xBA438000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2154496 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xA7674000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xBA602000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xB8D78000 Size: 196224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xB9B42000 Size: 58368 File Visible: - Signed: -
Status: -

Name: regi.sys
Image Path: C:\WINDOWS\system32\drivers\regi.sys
Address: 0xBA62A000 Size: 5376 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA59D0000 Size: 49152 File Visible: No Signed: -
Status: -

Name: RtkHDAud.sys
Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xA7C48000 Size: 4968448 File Visible: - Signed: -
Status: -

Name: SBKUPNT.SYS
Image Path: C:\WINDOWS\system32\Drivers\SBKUPNT.SYS
Address: 0xA60E3000 Size: 12384 File Visible: - Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS
Address: 0xB9E8E000 Size: 98304 File Visible: - Signed: -
Status: -

Name: sisagp.sys
Image Path: sisagp.sys
Address: 0xBA1A8000 Size: 40960 File Visible: - Signed: -
Status: -

Name: sncduvc.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\sncduvc.SYS
Address: 0xBA468000 Size: 28672 File Visible: - Signed: -
Status: -

Name: snp2uvc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
Address: 0xA769F000 Size: 1769984 File Visible: - Signed: -
Status: -

Name: sparrow.sys
Image Path: sparrow.sys
Address: 0xBA338000 Size: 19072 File Visible: - Signed: -
Status: -

Name: sprw.sys
Image Path: sprw.sys
Address: 0xB9EA6000 Size: 1052672 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xB9C8D000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xA65FE000 Size: 333952 File Visible: - Signed: -
Status: -

Name: STREAM.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\STREAM.SYS
Address: 0xBA2E8000 Size: 53248 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xBA5D8000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sym_hi.sys
Image Path: sym_hi.sys
Address: 0xBA360000 Size: 28384 File Visible: - Signed: -
Status: -

Name: sym_u3.sys
Image Path: sym_u3.sys
Address: 0xBA368000 Size: 30688 File Visible: - Signed: -
Status: -

Name: symc810.sys
Image Path: symc810.sys
Address: 0xBA4D0000 Size: 16256 File Visible: - Signed: -
Status: -

Name: symc8xx.sys
Image Path: symc8xx.sys
Address: 0xBA358000 Size: 32640 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xA6F1B000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xA7901000 Size: 361600 File Visible: - Signed: -
Status: -

Name: tcusb.sys
Image Path: C:\WINDOWS\System32\Drivers\tcusb.sys
Address: 0xBA2D8000 Size: 43904 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xBA3F0000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xBA238000 Size: 40704 File Visible: - Signed: -
Status: -

Name: toside.sys
Image Path: toside.sys
Address: 0xBA5B0000 Size: 4992 File Visible: - Signed: -
Status: -

Name: UBHelper.sys
Image Path: UBHelper.sys
Address: 0xBA5B8000 Size: 5632 File Visible: - Signed: -
Status: -

Name: ultra.sys
Image Path: ultra.sys
Address: 0xBA138000 Size: 36736 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB8D1A000 Size: 384768 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xBA400000 Size: 32128 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xBA5E0000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xBA428000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xBA278000 Size: 59520 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xB9402000 Size: 147456 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xBA3F8000 Size: 20608 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xBA470000 Size: 20992 File Visible: - Signed: -
Status: -

Name: viaagp.sys
Image Path: viaagp.sys
Address: 0xBA1B8000 Size: 42240 File Visible: - Signed: -
Status: -

Name: viaide.sys
Image Path: viaide.sys
Address: 0xBA5B2000 Size: 5376 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB9426000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xBA0E8000 Size: 53376 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xB8F54000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xBA448000 Size: 20480 File Visible: - Signed: -
Status: -

Name: Wdf01000.sys
Image Path: C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
Address: 0xB8F64000 Size: 503808 File Visible: - Signed: -
Status: -

Name: WDFLDR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS
Address: 0xB9B72000 Size: 53248 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA6F06000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: wmiacpi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
Address: 0xB9AD6000 Size: 8832 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\WMILIB.SYS
Address: 0xBA5AA000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2154496 File Visible: - Signed: -
Status: -




----------------------MBAM-----------------------------------------
Malwarebytes' Anti-Malware 1.40
Database version: 2724
Windows 5.1.2600 Service Pack 3

01/09/2009 10.23.44
mbam-log-2009-09-01 (10-23-44).txt

Scan type: Quick Scan
Objects scanned: 112382
Time elapsed: 1 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> Delete on reboot.

Edited by frankie4dita, 01 September 2009 - 10:37 AM.

  • 0

Advertisements

#2
frankie4dita
Posted 01 September 2009 - 10:35 AM

frankie4dita

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hi,
is there something wrong with my post? Maybe I attached the wrong logs and they're useless? Please let me know if I should have done something different. Thank you in advance.

P.S.: I also often get a blue screen error after logging in into windows, and the PC reboots. The blue screen lasts something like 1 second, so I cannot even read which kind of error it is. I don't even know if it is related to this rootkit.

Alessandro

Edited by frankie4dita, 01 September 2009 - 10:41 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP