Suspicious drivers, is it a rootkit?
C:\Windows\System32\Drivers\dump_dumpata.sys
C:\Windows\System32\Drivers\dump_dumpfve.sys
C:\Windows\System32\Drivers\dump_msahci.sys
I was looking for an answer concerning these same drivers that were shown in nirsoft DriverView
according to the Driver Reference Table found at John Carrona website, Microsoft MVP http://www.carrona.org/dvrref.php
dump_dumpata.sys
%SysDir%\Drivers\DUMP_DUMPATA.SYS is related to Microsoft Windows Vista.
DUMP_DUMPATA.SYS is a system driver for managing ATA devices.
dump_dumpfve.sys
%SysDir%\Drivers\DUMP_DUMPFVE.SYS is related to Microsoft Windows Vista.
DUMP_DUMPFVE.SYS is a Full Volume Encryption Crashdump Hibernate Filter Driver.
DUMPFVE.SYS is a part of Microsoft® Windows® Vista Operating System.
dump_msahci.sys
DUMP_MSAHCI.SYS is related to MS AHCI 1.0 Standard Driver.
DUMP_MSAHCI.SYS is a part of Microsoft® Windows® Operating System.
Manufacturer: Microsoft Corp.
seems to be they are all related to dump files and legit,but I don't know for certain myself,it might be helpful to another
windows 7 SP1
No, you don't have a rootkit. This is how a freshly installed Win 7 SP1 looks like for me:
- dump_dumpfve.sys is part of Win 7
- dump_iaStor.sys is part of a driver I installed. Intel Storage something something
In your case additionally:
- dump_msahci.sys has to do with AHCI driver.
- dump_dumpata.sys has to do with PATA, otherwise known as Parallel ATA, I'd hazard a guess that the dum before pata in dumpata stands for dummy, but I dunno.
In short, no, you don't have a rootkit.